Toujours infectée cryp_tap-2

Bonjour, Je me débats toujours avec CRYP_tap-2, voici la quatrième fois que ce virus apparait, j'ai à nouveau utilisé combo fix et voici le rapport


ComboFix 08-03-01.3 - Francine Hoyas 2008-03-03 22:00:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.196 [GMT 1:00]
Endroit: C:\Documents and Settings\Francine Hoyas\Mes documents\programmes\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\jondhrmx.ini
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\rgsplgkw.dll
C:\WINDOWS\system32\xmrhdnoj.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
.

2008-03-03 21:29 . 2008-03-03 21:29 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-03 21:22 . 2008-03-03 21:22 5,587 --a------ C:\WINDOWS\system32\yiwjvxtl.dll
2008-03-03 19:06 . 2008-03-03 21:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-03 19:06 . 2008-03-03 21:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 09:05 . 2008-03-02 09:05 5,587 --a------ C:\WINDOWS\system32\irhopngh.dll
2008-03-01 20:06 . 2008-03-01 20:06 5,587 --a------ C:\WINDOWS\system32\wvsksuyq.dll
2008-03-01 17:35 . 2008-03-03 19:05 <REP> d-------- C:\Documents and Settings\Francine Hoyas\.housecall6.6
2008-02-29 20:03 . 2008-02-29 20:03 5,587 --a------ C:\WINDOWS\system32\qmmwpblo.dll
2008-02-28 20:31 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-28 20:30 . 2008-02-28 20:30 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-28 19:25 . 2008-02-28 19:25 5,523 --a------ C:\WINDOWS\system32\akesbljj.dll
2008-02-27 19:25 . 2008-02-27 19:25 5,523 --a------ C:\WINDOWS\system32\omeobogr.dll
2008-02-26 19:25 . 2008-02-26 19:25 5,523 --a------ C:\WINDOWS\system32\pmrskiij.dll
2008-02-24 12:02 . 2008-02-24 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 12:02 . 2008-02-24 12:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 11:48 . 2008-02-24 12:01 <REP> d-------- C:\Program Files\MediaCoder
2008-02-21 20:07 . 2008-02-21 20:07 <REP> d-------- C:\Documents and Settings\Francine Hoyas\Application Data\dvdcss
2008-02-21 19:58 . 2008-02-21 19:58 26,048 --a------ C:\WINDOWS\system32\cbxwtts.dll
2008-02-14 17:46 . 2008-02-14 17:46 <REP> d-------- C:\Documents and Settings\Francine Hoyas\Application Data\vlc
2008-02-14 17:45 . 2008-02-14 17:45 <REP> d-------- C:\Program Files\VideoLAN
2008-02-14 17:31 . 2008-02-14 17:31 <REP> d-------- C:\Documents and Settings\Francine Hoyas\Application Data\Apple Computer
2008-02-14 17:28 . 2008-02-14 17:29 <REP> d-------- C:\Program Files\QuickTime
2008-02-14 17:28 . 2008-02-14 17:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-02-14 17:28 . 2008-02-14 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-14 17:28 . 2008-02-14 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-11 18:25 . 2008-03-01 12:47 <REP> d-------- C:\WINDOWS\avxoscan
2008-02-04 19:22 . 2008-02-04 19:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-02 14:33 --------- d-----w C:\Documents and Settings\Francine Hoyas\Application Data\OpenOffice.org2
2008-03-01 18:46 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-01 16:30 --------- d-----w C:\Program Files\Trend Micro
2008-02-29 19:15 --------- d-----w C:\Program Files\Windows Live
2008-02-29 19:02 --------- d-----w C:\Documents and Settings\Francine Hoyas\Application Data\LimeWire
2008-02-28 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-26 17:28 --------- d-----w C:\Program Files\LimeWire
2008-02-24 11:03 --------- d-----w C:\Program Files\DivX
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 18:38 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-31 18:23 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-31 17:25 --------- d-----w C:\Documents and Settings\Francine Hoyas\Application Data\StarOffice8
2008-01-29 18:17 --------- d-----w C:\Program Files\Realore
2008-01-24 19:02 --------- d-----w C:\Program Files\Free Audio Pack
2008-01-12 17:07 --------- d-----w C:\Documents and Settings\Francine Hoyas\Application Data\DivX
2008-01-12 14:47 --------- d-----w C:\Program Files\Macrogaming
2008-01-09 19:34 --------- d-----w C:\Program Files\Real
2008-01-09 19:34 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-01-09 19:34 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-08 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-08 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-08 18:08 --------- d-----w C:\Program Files\Google
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-22 11:31 315,392 -c--a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-02-21 19:58 26048 --a------ C:\WINDOWS\system32\cbxwtts.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-04-03 21:54 901185]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 10:14 16384]
"AdminWorks Tray"="C:\Acer\LANScope Agent\awtray.exe" [2007-05-22 10:59 1459992]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 07:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-09 20:34 185632]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\cbxwtts.dll [2008-02-21 19:58 26048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtts]
cbxwtts.dll 2008-02-21 19:58 26048 C:\WINDOWS\system32\cbxwtts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicat­ions\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\­List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2007-04-20 12:44]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.s­ys [2006-06-08 17:54]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [2006-06-06 18:36]
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-06-28 17:01]
R2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [2006-10-03 11:03]
R2 netlock;netlock;C:\WINDOWS\system32\drivers\netlock.sys [2007-05-30 15:30]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2007-02-14 17:25]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2006-11-08 21:13]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2007-05-28 15:54]
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2007-05-28 15:55]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-22 17:40:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 22:04:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cbxwtts.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\LANScope Agent\LockKM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-03 22:06:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-03 21:06:48
ComboFix2.txt 2008-03-02 08:40:44
ComboFix3.txt 2008-03-02 07:36:51
.
2008-02-29 19:17:23 --- E O F ---

Configuration: Windows XP
Internet Explorer 7.0