Probleme sur portable fenetre au demarrage

bonsoir
quand je vois l'état de ton infection il y a trois semaines et que je constate que tu n'as pas répondu à Egwene...
http://www.infos-du-net.com/forum/281617-11-probleme-de...

curieux que ton pc tourne encore...

on passe un temps fou pour rédiger des scripts comme ça. je veux bien t'aider, mais t'as intérêt de revenir...

Desole, mais je suis actuellement en inde en volontariat humanitaire, et pour l'ordi de la derniere fois, j'ai changer de lieu et je n'ai plus acces a cet ordi. d'autre par il ne s'agit pas du meme ordinateur que la derniere fois, cette fois c'est mon portable donc j'y ai acces tout le temps

merci pour vos reponses

marco

bonjour
oui, j'avais vu que ton FAI était en INDE.
Les deux PC sont infectés par un ver:
http://www.prevx.com/filenames/X1649097514790568870-0/E...

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

Redémarre ton ordinateur

Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

Choisis ton compte.
Déroule la liste des instructions ci-dessous :

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Merci voici les resultats report SDFIX puis hijackthis


SDFix: Version 1.221
Run by Marco on Sat 09/06/2008 at 10:02 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Marco\Local Settings\Temp\DriveGuard.tmp.exe - Deleted
C:\DOCUME~1\Marco\LOCALS~1\Temp\Tmp.tmp - Deleted
C:\DOCUME~1\Marco\LOCALS~1\Temp\Tmp.tmp - Deleted
C:\DOCUME~1\Marco\LOCALS~1\Temp\removalfile.bat - Deleted
C:\autorun.exe - Deleted
C:\WINDOWS\autorun.inf - Deleted
C:\WINDOWS\services.exe - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\System.exe - Deleted
C:\WINDOWS\winlogon.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:04:07
Windows 5.1.2600 Service Pack 2 NTFS





Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:25 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\MARCO-ACD07525B.exe
C:\WINDOWS\Marco.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marco\LOCALS~1\smss.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [explorcr] C:\WINDOWS\system32\explorcr.exe
O4 - HKLM\..\Run: [MARCO-ACD07525B] C:\WINDOWS\win.pif
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGuard] "C:\Program Files\FlashGuard\FlashGuard.exe" -run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [d00edeab] rundll32.exe "C:\WINDOWS\system32\xncjpsbv.dll",b
O4 - HKLM\..\Run: [BMd33ded37] Rundll32.exe "C:\WINDOWS\system32\cmpneror.dll",s
O4 - HKCU\..\Run: [Marco] C:\DOCUME~1\Marco\LOCALS~1\Temp\Tmp.com
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
O4 - HKUS\S-1-5-18\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SYSTEM] C:\WINDOWS\TEMP\Tmp.com (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MsNet Service (MsNet) - Unknown owner - C:\WINDOWS\Fonts\font.bat (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6649 bytes

bonsoir
on poursuit
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ajoute un nouveau rapport Hijackthis.

Voici les deux report demande :


ComboFix 08-09-05.05 - Marco 2008-09-08 10:36:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1509 [GMT 5.5:30]
Running from: C:\Documents and Settings\Marco\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\.exe
C:\WINDOWS\BMd33ded37.txt
C:\WINDOWS\BMd33ded37.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\cmpneror.dll
C:\WINDOWS\system32\dfiQBKkj.ini
C:\WINDOWS\system32\explorcr.exe
C:\WINDOWS\system32\fqcahu.dll
C:\WINDOWS\system32\jkKBQifd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\thngyosn.dll
C:\WINDOWS\system32\vbspjcnx.ini
C:\WINDOWS\system32\xncjpsbv.dll
H:\r.cmd
I:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.

2008-09-06 22:01 . 2008-09-06 22:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-06 21:56 . 2008-09-06 21:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-06 21:56 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Administrator.exe
2008-09-06 21:54 . 2008-09-06 22:05 <DIR> d-------- C:\SDFix
2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\WINDOWS\Options
2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Program Files\Broadcom
2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broadcom
2008-09-06 21:52 . 2007-06-21 19:16 691,192 --a------ C:\WINDOWS\system32\drivers\bcmwl6.sys
2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Program Files\ma-config.com
2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-06 11:11 . 2008-09-06 11:12 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\U3
2008-09-06 10:54 . 2008-09-06 11:01 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\FileZilla
2008-09-06 10:53 . 2008-09-06 10:53 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-06 00:16 . 2008-09-06 00:16 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\Canneverbe_Limited
2008-09-06 00:15 . 2008-09-06 00:15 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-05 16:34 . 2008-09-05 16:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-05 16:20 . 2008-09-05 16:20 <DIR> d---s---- C:\Documents and Settings\Marco\UserData
2008-09-05 09:59 . 2008-09-05 09:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-04 15:30 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-09-04 15:28 . 2008-09-04 15:28 <DIR> d-------- C:\Program Files\Pinnacle
2008-09-04 15:23 . 1997-12-17 18:33 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-09-04 15:22 . 2008-09-04 15:22 <DIR> d-------- C:\Documents and Settings\Marco\WINDOWS
2008-09-04 10:22 . 2008-09-04 10:22 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 10:22 . 2003-03-19 02:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-04 10:05 . 2008-09-04 10:05 <DIR> dra-s---- C:\Program Files\FlashGuard
2008-09-03 21:22 . 2008-09-03 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-03 21:22 . 2008-09-03 21:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-03 20:32 . 2008-09-08 05:35 50 --a------ C:\WINDOWS\cdplayer.ini
2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Real
2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-31 21:58 . 2008-08-31 21:58 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-08-25 23:25 . 2008-08-25 23:25 <DIR> d-------- C:\Program Files\NetWaiting
2008-08-25 23:23 . 2008-08-25 23:23 <DIR> d-------- C:\Program Files\CONEXANT
2008-08-25 23:22 . 2006-09-07 14:23 117,248 --a------ C:\WINDOWS\system32\staco.dll
2008-08-25 23:21 . 2008-08-25 23:21 <DIR> d-------- C:\Program Files\SigmaTel
2008-08-25 23:04 . 2008-08-25 23:04 <DIR> d-------- C:\Program Files\Realtek
2008-08-25 22:14 . 2008-08-25 22:14 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\Program Files\Intel
2008-08-25 22:02 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe
2008-08-25 22:00 . 2008-08-25 22:00 <DIR> d-------- C:\Program Files\Hp
2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-25 17:17 . 2007-11-02 19:37 77,824 -rahs---- C:\WINDOWS\svchost.exe.bak
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\win.pif
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\msdp32.dll
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\MARCO-ACD07525B.exe
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\command.cmd
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\wininit.com
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\regedit.exe
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Marco.exe
2008-08-25 16:58 . 2007-11-02 19:37 77,824 ---hs---- C:\AutoRun.exe
2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a------ C:\WINDOWS\system32\drivers\bcm42xx5.sys
2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a--c--- C:\WINDOWS\system32\dllcache\bcm42xx5.sys
2008-08-25 16:41 . 2007-01-30 12:12 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a------ C:\WINDOWS\system32\drivers\crtaud.sys
2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a--c--- C:\WINDOWS\system32\dllcache\crtaud.sys
2008-08-25 16:23 . 2008-08-25 16:23 <DIR> d-------- C:\Program Files\Marvell
2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Lavalys
2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Intel Desktop Boards
2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-08-25 07:44 . 2008-08-25 07:44 47,692 --a------ C:\WINDOWS\system32\ae700main.dat
2008-08-25 07:44 . 2008-08-25 07:44 132 --a------ C:\WINDOWS\system32\{DD362256-A7A2-4524-9457-213DDC2AFC2A}-FunctionContent.dat
2008-08-25 07:29 . 2008-08-25 07:29 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-08-25 07:29 . 2008-08-25 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-25 07:29 . 2008-08-25 07:29 15,236 --a------ C:\WINDOWS\system32\PRE20_FCBlueprint.dat
2008-08-25 07:29 . 2008-08-25 07:29 156 --a------ C:\WINDOWS\system32\{11C98E1A-EC91-4B38-B44C-C562292D8453}-FunctionContent.dat
2008-08-25 07:05 . 2008-08-25 07:05 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-08-24 22:43 . 2008-08-24 22:43 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-24 22:36 . 2008-08-24 22:36 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\vlc
2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\drivers\BCMDM.sys
2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-08-24 22:05 . 2008-08-24 22:05 27 --a------ C:\WINDOWS\SmAudio.INI
2008-08-24 21:58 . 2008-08-25 22:01 <DIR> d-------- C:\SWSetup
2008-08-24 21:57 . 2007-04-16 11:20 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-24 19:58 . 2008-08-24 19:58 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\AdobeUM
2008-08-24 18:21 . 2008-08-24 18:21 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-24 18:21 . 2004-08-17 06:10 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-24 18:20 . 2008-08-24 18:20 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-24 18:19 . 2008-08-24 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-24 18:18 . 2008-08-24 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-24 18:18 . 2008-09-05 08:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\eRightSoft
2008-08-24 18:06 . 2008-08-24 18:06 <DIR> d-------- C:\Documents and Settings\Marco\Bluetooth Software
2008-08-24 18:05 . 2008-08-24 18:05 <DIR> d-------- C:\Program Files\WIDCOMM
2008-08-24 18:05 . 2005-11-01 18:08 308,992 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys
2008-08-24 18:05 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
2008-08-24 18:05 . 2005-12-22 17:02 51,840 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-08-24 18:05 . 2005-11-16 20:28 28,928 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys
2008-08-24 18:05 . 2005-05-06 18:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll
2008-08-24 18:04 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-24 18:04 . 2008-08-24 18:04 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\InstallShield
2008-08-24 18:03 . 2008-09-06 21:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-24 18:03 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\HPQ
2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\DIFX
2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Apoint2K
2008-08-24 18:03 . 2005-01-31 15:53 109,319 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
2008-08-24 18:03 . 2005-01-27 15:16 94,247 --a------ C:\WINDOWS\system32\Vxdif.dll
2008-08-24 18:01 . 2007-03-22 14:29 625,664 --a------ C:\WINDOWS\system32\drivers\CHDAud.sys
2008-08-24 18:01 . 2007-03-22 09:18 212,992 --a------ C:\WINDOWS\system32\UCI32A19.dll
2008-08-24 18:01 . 2006-08-10 15:28 122,880 --a------ C:\WINDOWS\system32\uci32108.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-08-24 12:16 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Administrator.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Marco.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\win.pif
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Fonts\font.bat
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\regedit.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\wininit.com
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\command.cmd
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\MARCO-ACD07525B.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\msdp32.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Web\Picture.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 131072]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"MARCO-ACD07525B"="C:\WINDOWS\win.pif" [2007-11-02 77824]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-03 180269]
"FlashGuard"="C:\Program Files\FlashGuard\FlashGuard.exe" [2008-04-16 212599]
"SkyTel"="SkyTel.EXE" [2007-11-20 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 C:\WINDOWS\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"(Default)"="C:\DOCUME~1\Marco\LOCALS~1\winlogon.exe" [2007-11-02 77824]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"(Default)"="win.com" [2001-08-23 C:\WINDOWS\system32\win.com]

C:\Documents and Settings\Marco\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"System"="C:\\WINDOWS\\System\\wininit.com"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\DOCUME~1\\Marco\\LOCALS~1\\smss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\CHDRT32.sys [2008-03-04 188416]
S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 42112]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2001-12-14 933818]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5ad60b-71d8-11dd-8020-b0d135777c5c}]
\Shell\AutoRun\command - I:\System\Security\DriveGuard.exe -run
\Shell\Explore\Command - I:\System\Security\DriveGuard.exe -run
\Shell\Open\Command - I:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{485b1c20-73a0-11dd-8030-001e37e93b43}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
\Shell\Explore\command - H:\explorcr.exe
\Shell\Open\command - H:\explorcr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cea6c30-729c-11dd-8028-001d725a9605}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
\Shell\Explore\command - F:\explorcr.exe
\Shell\Open\command - F:\explorcr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b0-7bd3-11dd-8035-001e37e93b43}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b1-7bd3-11dd-8035-001e37e93b43}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
\Shell\Explore\command - G:\explorcr.exe
\Shell\Open\command - G:\explorcr.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-d00edeab - C:\WINDOWS\system32\xncjpsbv.dll
HKLM-Run-BMd33ded37 - C:\WINDOWS\system32\cmpneror.dll
HKU-Default-Run-SYSTEM - C:\WINDOWS\TEMP\Tmp.com


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 10:39:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsNet]
"ImagePath"="C:\WINDOWS\Fonts\font.bat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\MARCO-ACD07525B.exe
C:\WINDOWS\Marco.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2008-09-08 10:40:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-08 05:10:54

Pre-Run: 21,876,367,360 bytes free
Post-Run: 21,851,176,960 bytes free

281



Hijackthis report



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:04 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marco\LOCALS~1\smss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6126 bytes

Voici les deux report demande :


ComboFix 08-09-05.05 - Marco 2008-09-08 10:36:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1509 [GMT 5.5:30]
Running from: C:\Documents and Settings\Marco\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\.exe
C:\WINDOWS\BMd33ded37.txt
C:\WINDOWS\BMd33ded37.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\cmpneror.dll
C:\WINDOWS\system32\dfiQBKkj.ini
C:\WINDOWS\system32\explorcr.exe
C:\WINDOWS\system32\fqcahu.dll
C:\WINDOWS\system32\jkKBQifd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\thngyosn.dll
C:\WINDOWS\system32\vbspjcnx.ini
C:\WINDOWS\system32\xncjpsbv.dll
H:\r.cmd
I:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.

2008-09-06 22:01 . 2008-09-06 22:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-06 21:56 . 2008-09-06 21:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-06 21:56 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Administrator.exe
2008-09-06 21:54 . 2008-09-06 22:05 <DIR> d-------- C:\SDFix
2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\WINDOWS\Options
2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Program Files\Broadcom
2008-09-06 21:52 . 2008-09-06 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broadcom
2008-09-06 21:52 . 2007-06-21 19:16 691,192 --a------ C:\WINDOWS\system32\drivers\bcmwl6.sys
2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Program Files\ma-config.com
2008-09-06 19:51 . 2008-09-06 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-06 11:11 . 2008-09-06 11:12 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\U3
2008-09-06 10:54 . 2008-09-06 11:01 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\FileZilla
2008-09-06 10:53 . 2008-09-06 10:53 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-06 00:16 . 2008-09-06 00:16 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\Canneverbe_Limited
2008-09-06 00:15 . 2008-09-06 00:15 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-05 16:34 . 2008-09-05 16:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-05 16:20 . 2008-09-05 16:20 <DIR> d---s---- C:\Documents and Settings\Marco\UserData
2008-09-05 09:59 . 2008-09-05 09:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-04 15:30 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-09-04 15:28 . 2008-09-04 15:28 <DIR> d-------- C:\Program Files\Pinnacle
2008-09-04 15:23 . 1997-12-17 18:33 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-09-04 15:22 . 2008-09-04 15:22 <DIR> d-------- C:\Documents and Settings\Marco\WINDOWS
2008-09-04 10:22 . 2008-09-04 10:22 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 10:22 . 2003-03-19 02:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-04 10:05 . 2008-09-04 10:05 <DIR> dra-s---- C:\Program Files\FlashGuard
2008-09-03 21:22 . 2008-09-03 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-03 21:22 . 2008-09-03 21:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-03 20:32 . 2008-09-08 05:35 50 --a------ C:\WINDOWS\cdplayer.ini
2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Real
2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-03 20:31 . 2008-09-03 20:31 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-31 21:58 . 2008-08-31 21:58 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-08-25 23:25 . 2008-08-25 23:25 <DIR> d-------- C:\Program Files\NetWaiting
2008-08-25 23:23 . 2008-08-25 23:23 <DIR> d-------- C:\Program Files\CONEXANT
2008-08-25 23:22 . 2006-09-07 14:23 117,248 --a------ C:\WINDOWS\system32\staco.dll
2008-08-25 23:21 . 2008-08-25 23:21 <DIR> d-------- C:\Program Files\SigmaTel
2008-08-25 23:04 . 2008-08-25 23:04 <DIR> d-------- C:\Program Files\Realtek
2008-08-25 22:14 . 2008-08-25 22:14 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-08-25 22:02 . 2008-08-25 22:02 <DIR> d-------- C:\Program Files\Intel
2008-08-25 22:02 . 2007-10-18 15:51 126,976 --a------ C:\WINDOWS\system32\Imsmudlg.exe
2008-08-25 22:00 . 2008-08-25 22:00 <DIR> d-------- C:\Program Files\Hp
2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-25 17:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-25 17:17 . 2007-11-02 19:37 77,824 -rahs---- C:\WINDOWS\svchost.exe.bak
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\win.pif
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\msdp32.dll
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\MARCO-ACD07525B.exe
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system32\command.cmd
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\wininit.com
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\system\regedit.exe
2008-08-25 16:58 . 2007-11-02 19:37 77,824 -r-hs---- C:\WINDOWS\Marco.exe
2008-08-25 16:58 . 2007-11-02 19:37 77,824 ---hs---- C:\AutoRun.exe
2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a------ C:\WINDOWS\system32\drivers\bcm42xx5.sys
2008-08-25 16:42 . 2001-08-17 12:11 54,271 --a--c--- C:\WINDOWS\system32\dllcache\bcm42xx5.sys
2008-08-25 16:41 . 2007-01-30 12:12 45,568 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a------ C:\WINDOWS\system32\drivers\crtaud.sys
2008-08-25 16:25 . 2001-08-17 12:19 42,112 --a--c--- C:\WINDOWS\system32\dllcache\crtaud.sys
2008-08-25 16:23 . 2008-08-25 16:23 <DIR> d-------- C:\Program Files\Marvell
2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Lavalys
2008-08-25 16:21 . 2008-08-25 16:21 <DIR> d-------- C:\Program Files\Intel Desktop Boards
2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2008-08-25 12:06 . 2008-05-12 13:04 175,104 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-08-25 07:44 . 2008-08-25 07:44 47,692 --a------ C:\WINDOWS\system32\ae700main.dat
2008-08-25 07:44 . 2008-08-25 07:44 132 --a------ C:\WINDOWS\system32\{DD362256-A7A2-4524-9457-213DDC2AFC2A}-FunctionContent.dat
2008-08-25 07:29 . 2008-08-25 07:29 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-08-25 07:29 . 2008-08-25 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-25 07:29 . 2008-08-25 07:29 15,236 --a------ C:\WINDOWS\system32\PRE20_FCBlueprint.dat
2008-08-25 07:29 . 2008-08-25 07:29 156 --a------ C:\WINDOWS\system32\{11C98E1A-EC91-4B38-B44C-C562292D8453}-FunctionContent.dat
2008-08-25 07:05 . 2008-08-25 07:05 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-08-24 22:43 . 2008-08-24 22:43 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-24 22:36 . 2008-08-24 22:36 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\vlc
2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2008-08-24 22:30 . 2001-08-17 12:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-08-24 22:29 . 2004-03-16 10:58 136,960 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-08-24 22:29 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\drivers\BCMDM.sys
2008-08-24 22:19 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-08-24 22:19 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-08-24 22:05 . 2008-08-24 22:05 27 --a------ C:\WINDOWS\SmAudio.INI
2008-08-24 21:58 . 2008-08-25 22:01 <DIR> d-------- C:\SWSetup
2008-08-24 21:57 . 2007-04-16 11:20 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-24 19:58 . 2008-08-24 19:58 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\AdobeUM
2008-08-24 18:21 . 2008-08-24 18:21 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-24 18:21 . 2004-08-17 06:10 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-24 18:20 . 2008-08-24 18:20 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-24 18:20 . 2008-08-24 18:20 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-24 18:19 . 2008-08-24 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-24 18:18 . 2008-08-24 18:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-24 18:18 . 2008-09-05 08:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-24 18:17 . 2008-08-24 18:17 <DIR> d-------- C:\Program Files\eRightSoft
2008-08-24 18:06 . 2008-08-24 18:06 <DIR> d-------- C:\Documents and Settings\Marco\Bluetooth Software
2008-08-24 18:05 . 2008-08-24 18:05 <DIR> d-------- C:\Program Files\WIDCOMM
2008-08-24 18:05 . 2005-11-01 18:08 308,992 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys
2008-08-24 18:05 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
2008-08-24 18:05 . 2005-12-22 17:02 51,840 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-08-24 18:05 . 2005-11-16 20:28 28,928 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys
2008-08-24 18:05 . 2005-05-06 18:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll
2008-08-24 18:04 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-24 18:04 . 2008-08-24 18:04 <DIR> d-------- C:\Documents and Settings\Marco\Application Data\InstallShield
2008-08-24 18:03 . 2008-09-06 21:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-24 18:03 . 2008-08-24 21:58 <DIR> d-------- C:\Program Files\HPQ
2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\DIFX
2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-24 18:03 . 2008-08-24 18:03 <DIR> d-------- C:\Program Files\Apoint2K
2008-08-24 18:03 . 2005-01-31 15:53 109,319 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
2008-08-24 18:03 . 2005-01-27 15:16 94,247 --a------ C:\WINDOWS\system32\Vxdif.dll
2008-08-24 18:01 . 2007-03-22 14:29 625,664 --a------ C:\WINDOWS\system32\drivers\CHDAud.sys
2008-08-24 18:01 . 2007-03-22 09:18 212,992 --a------ C:\WINDOWS\system32\UCI32A19.dll
2008-08-24 18:01 . 2006-08-10 15:28 122,880 --a------ C:\WINDOWS\system32\uci32108.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-24 12:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-08-24 12:16 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Administrator.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Marco.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\win.pif
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Fonts\font.bat
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\regedit.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system\wininit.com
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\command.cmd
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\MARCO-ACD07525B.exe
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\system32\msdp32.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
2007-11-02 14:07 77,824 --sh--r C:\WINDOWS\Web\Picture.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 131072]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"MARCO-ACD07525B"="C:\WINDOWS\win.pif" [2007-11-02 77824]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-03 180269]
"FlashGuard"="C:\Program Files\FlashGuard\FlashGuard.exe" [2008-04-16 212599]
"SkyTel"="SkyTel.EXE" [2007-11-20 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 C:\WINDOWS\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"(Default)"="C:\DOCUME~1\Marco\LOCALS~1\winlogon.exe" [2007-11-02 77824]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"(Default)"="win.com" [2001-08-23 C:\WINDOWS\system32\win.com]

C:\Documents and Settings\Marco\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"System"="C:\\WINDOWS\\System\\wininit.com"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\DOCUME~1\\Marco\\LOCALS~1\\smss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\CHDRT32.sys [2008-03-04 188416]
S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 42112]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys [2001-12-14 933818]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5ad60b-71d8-11dd-8020-b0d135777c5c}]
\Shell\AutoRun\command - I:\System\Security\DriveGuard.exe -run
\Shell\Explore\Command - I:\System\Security\DriveGuard.exe -run
\Shell\Open\Command - I:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{485b1c20-73a0-11dd-8030-001e37e93b43}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
\Shell\Explore\command - H:\explorcr.exe
\Shell\Open\command - H:\explorcr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cea6c30-729c-11dd-8028-001d725a9605}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
\Shell\Explore\command - F:\explorcr.exe
\Shell\Open\command - F:\explorcr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b0-7bd3-11dd-8035-001e37e93b43}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe2270b1-7bd3-11dd-8035-001e37e93b43}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorcr.exe
\Shell\Explore\command - G:\explorcr.exe
\Shell\Open\command - G:\explorcr.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-d00edeab - C:\WINDOWS\system32\xncjpsbv.dll
HKLM-Run-BMd33ded37 - C:\WINDOWS\system32\cmpneror.dll
HKU-Default-Run-SYSTEM - C:\WINDOWS\TEMP\Tmp.com


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 10:39:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsNet]
"ImagePath"="C:\WINDOWS\Fonts\font.bat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\MARCO-ACD07525B.exe
C:\WINDOWS\Marco.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2008-09-08 10:40:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-08 05:10:54

Pre-Run: 21,876,367,360 bytes free
Post-Run: 21,851,176,960 bytes free

281



Hijackthis report



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:04 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F3 - REG:win.ini: run=explorer.exe C:\WINDOWS\System\regedit.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marco\LOCALS~1\smss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [(Default)] win.com C:\WINDOWS\system32\msdp32.dll
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6126 bytes

bonsoir
je ne suis pas sûr qu'on arrivera à te désinfecter...

Télécharge Flash Disinfector
Connectes tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
Connecte tous les périphériques externes ( DD , USB , ..... )
Double clique sur Flash Disinfector et laisse toi guider


Copie (Ctrl+C) le texte ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


++++++++++++++++


je suis presque sûr que tu es infecté par virut:
http://www.threatexpert.com/files/regedit.exe.html

si c'est ça, il faudra formater. On doit vérifier avant que je rédige un script plus détaillé.


~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/partner/default/kavweb...

* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
* Poste le rapport de scan.

Dsl Sham je mets du temps a repondre, ma reponse va arriver avec les logs....

Mais je n'est pas beaucoup de temps a moi en ce moment

Marco

bonsoir
pas de problèmes ;O)