Merci pour tout gene-hackman, c'est fabuleux d'être ainsi conseillé.
J'ai eu le même souci avec Win32:Vundo@dll et j'ai suivi avec intérêt et appliqué les conseils donnés :hijack, Malwarebyte's Anti-Malware, Btfix - qui n'a rien eu à nettoyer - et Combofix qui m'a rendu ceci :
ComboFix 08-05-20.4 - User 2008-05-21 0:12:03.1 - [color=red][b]FAT32
/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.576 [GMT -3:00]
Endroit: C:\Documents and Settings\User\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM03c32245.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ilmoubig.ini
C:\WINDOWS\system32\kutxkkcm.ini
C:\WINDOWS\system32\smekonbr.ini
C:\WINDOWS\system32\VuDgPqss.ini
C:\WINDOWS\system32\VuDgPqss.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))
.
2008-05-20 20:25 . 2008-05-20 23:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-20 20:17 . 2008-05-20 20:17 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-05-20 20:16 . 2008-05-20 20:16 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 20:16 . 2008-05-20 20:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 20:16 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-20 20:16 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-20 19:57 . 2008-05-20 19:58 <REP> d-------- C:\Program Files\Trend Micro
2008-05-20 17:58 . 2008-05-20 17:58 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 07:11 . 2008-05-20 07:11 <REP> d-------- C:\WINDOWS\system32\fr
2008-05-20 07:11 . 2008-05-20 07:11 <REP> d-------- C:\WINDOWS\system32\bits
2008-05-20 07:11 . 2008-05-20 07:11 <REP> d-------- C:\WINDOWS\l2schemas
2008-05-20 07:10 . 2008-05-20 07:10 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-05-20 06:55 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-05-20 06:54 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-05-19 14:00 . 2008-05-19 14:00 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-05-19 11:58 . 2008-05-19 11:54 35,947,425 --a------ C:\WINDOWS\LPT$VPN.283
2008-05-19 11:53 . 2008-05-19 11:54 35,947,425 --a------ C:\WINDOWS\VPTNFILE.283
2008-05-19 11:46 . 2008-05-19 11:46 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-17 09:15 . 2008-05-17 09:15 <REP> d-------- C:\Program Files\Ma‹do Production
2008-05-17 08:42 . 2008-05-17 08:42 58,368 --------- C:\WINDOWS\system32\nnnnMFUN.dll
2008-05-06 23:09 . 2008-05-19 22:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-06 23:09 . 2008-05-06 23:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-24 17:15 . 2008-04-24 17:15 <REP> d-------- C:\Program Files\Picasa2
2008-04-24 17:15 . 2006-10-04 23:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-24 17:15 . 2006-10-04 23:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-23 23:19 . 2008-04-23 23:19 <REP> d-------- C:\Program Files\steek
2008-04-21 13:33 . 2008-04-21 13:33 3,650,454 --a------ C:\WINDOWS\ACD Wallpaper.bmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 14:54 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-19 14:54 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-19 14:54 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-05-19 14:54 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-17 12:15 --------- d-----w C:\Program Files\Maïdo Production
2008-04-21 01:35 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-04-20 04:06 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-19 20:52 --------- d-----w C:\Program Files\Microsoft FrontPage Express
2008-04-14 14:25 --------- d-----w C:\Program Files\Dialang
2008-04-14 13:15 --------- d-----w C:\Documents and Settings\User\Application Data\Mobipocket
2008-04-14 13:14 --------- d-----w C:\Program Files\Mobipocket.com
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 02:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 02:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 22:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 22:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BDB85E1-4BDA-48FB-A21B-40A479607317}]
C:\WINDOWS\system32\ssqPgDuV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81AA6A16-B8CA-43C4-A347-A487764FF528}]
2008-05-17 08:42 58368 --------- C:\WINDOWS\system32\nnnnMFUN.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 23:34 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 17:42 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-21 01:20 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 10:22 110592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 20:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 20:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 20:47 86016]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 09:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 10:26 761945]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28 811008]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 13:36 28672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:28 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 23:34 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81AA6A16-B8CA-43C4-A347-A487764FF528}"= C:\WINDOWS\system32\nnnnMFUN.dll [2008-05-17 08:42 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnMFUN]
nnnnMFUN.dll 2008-05-17 08:42 58368 C:\WINDOWS\system32\nnnnMFUN.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2006-02-21 15:20 180224 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-01-30 13:00 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2006-01-25 10:03 561152 C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-20 01:05 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\ASUS\\ASUS Video Security\\VideoSecurity.exe"=
"C:\\WINDOWS\\System32\\fxsclnt.exe"=
"C:\\Program Files\\Counter strike condition zero\\Condition Zero\\czero.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]
R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-12-12 09:55]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-27 22:13]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-08-03 02:30]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 00:49]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{190bab0e-e964-11dc-ae0b-0018f3864681}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da34e68-3ee3-11dc-acbd-0015af09295c}]
\Shell\Auto\command - PegeFile.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dc8bae2-cb3a-11db-aba2-0018f3864681}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-21 00:18:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnnMFUN.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\PROGRAM FILES\A-SQUARED FREE\A2SERVICE.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\EHOME\MCRDSVC.EXE
C:\WINDOWS\SYSTEM32\FXSSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-21 0:21:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 03:21:42
Pre-Run: 9,857,695,744 octets libres
Post-Run: 10,000,433,152 octets libres
292 --- E O F --- 2008-05-19 23:49:54
je n'ai bien sûr rien compris.
Est-il possible de me dire si le cauchemar est terminé ? sont-ils encore là, quelque part ?
Je vais juste aller me coucher, il est une heure du matin ici et j'en ai assez...
Merci d'une réponse.
j'ai bien commencais les manip, j'ai juste un soucis au niveau de l'étape n°2 :
2)- Installation : clic-droit sur l’ icône « HJTInstall.exe » présente sur ton bureau et choisis : "Exécuter en tant qu'administrateur" dans le menu déroulant qui s'affiche.
> quand je lui mets ADMINISTRATEUR il me dit : "mot de passe inconnu ou utilisateur inconnu", sinon j'ai le choix avec plusieurs nom de compte utilisateur m'appartenant.
Quelle solution dois-je choisir ?
Merci