(trojan) Ravmon, AdobeR, et + si affinités ..Fermé

Question

Hello a tous...

je ne suis pas un débutant en informatique, mais là, je suis a cours d'idées.. 
Je suis vérolé par Ravmon et  AdobeR ( je crois que j'ai réussi à crevé celui la ) 

les symptomes:

- impossible d'installer un antivirus: Avast! et AVG se font pourrir a l'installation
- wmplayer.exe ( de windows media player 11  ) se fait supprimer systématiquement, et impossible de le reinstaller
- deux mises a jour windows ( pr media center et outllok ) demandent a etre installées, s'installent ( apparement sans emcombres ) mais au redemarrage suivant, windows update propose toujours de réinstaller ses deux mises a jour...

j'ai fait tous les scann en ligne possibles et imaginables ( spybot, escan, trend micro, bitdefender ) qui ne me trouvent pas toujours les memes pb et n'arrive pas a detruire cette m*rde!!


j'ai meme retrouvé les fichiers 'autorun.inf, mvscr71.dll etc typique du virus ravmon.log sur la carte de mon téléphone portable!!!!


enfin je sais qu'il reste de la vermine dans le dossier "c:\system volume information" que j n'arrive pas a nettoyer...



voila mon log highJack:

-------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:24:43, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Wireless Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--------------------------------------------------------------------

je ne suis pas assé chevronné pour interpreter toutes les lignes du log... HELP !
quelqu'un a une idée de ce que je pourrais faire?

MycoZ · Answer

PFFFFFFFFFFFFFFFFFFFFF !!!!

je suis toujours vérolé par AdobeR !!!!!

voila un rapport combofix:

ComboFix 07-08-09.3 - "Marc" 2007-08-11 15:05:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.524 [GMT 2:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Autorun.inf
C:\WINDOWS\adober.exe

((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))

2007-08-11 14:46 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-11 14:05 <REP> d-------- C:\WINDOWS\LastGood
2007-08-09 23:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-09 23:00 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-09 23:00 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-09 23:00 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-09 23:00 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-09 23:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-09 23:00 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-09 21:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-09 19:57 <REP> d-------- C:\DOCUME~1\Marc\.housecall6.6
2007-08-09 19:49 <REP> d-------- C:\Program Files\Nouveau dossier
2007-08-08 21:59 <REP> d-------- C:\Downloads
2007-08-08 21:59 <REP> d-------- C:\Bases
2007-08-08 21:33 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 21:08 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-08 21:08 4,536 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-08 21:08 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-05 20:55 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-08-05 17:02 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-05 16:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-05 15:58 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-08-05 15:37 <REP> d-------- C:\HiJackThis
2007-08-03 12:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-02 20:59 <REP> d-------- C:\Program Files\Google
2007-07-27 21:21 <REP> d-------- C:\Program Files\servers
2007-07-27 21:21 <REP> d-------- C:\Program Files\friends
2007-07-27 21:21 <REP> d-------- C:\Program Files\appcache
2007-07-27 21:19 <REP> d-------- C:\Program Files\SteamLogs
2007-07-27 21:19 <REP> d-------- C:\Program Files\config
2007-07-27 21:18 69,624 --a------ C:\Program Files\Steam_api.dll
2007-07-27 21:18 338,936 --a------ C:\Program Files\vstdlib_s.dll
2007-07-27 21:18 3,261,688 --a------ C:\Program Files\Steam.dll
2007-07-27 21:18 251,384 --a------ C:\Program Files\WriteMiniDump.exe
2007-07-27 21:18 232,696 --a------ C:\Program Files\tier0_s.dll
2007-07-27 21:18 2,452,728 --a------ C:\Program Files\SteamUI.dll
2007-07-27 21:18 117,752 --a------ C:\Program Files\CSERHelper.dll
2007-07-27 21:18 1,318,648 --a------ C:\Program Files\steamclient.dll
2007-07-27 21:18 1,039,192 --a------ C:\Program Files\dbghelp.dll
2007-07-27 21:18 <REP> d-------- C:\Program Files\skins
2007-07-27 21:18 <REP> d-------- C:\Program Files\resource
2007-07-27 21:18 <REP> d-------- C:\Program Files\Graphics
2007-07-27 21:18 <REP> d-------- C:\Program Files\bin
2007-07-27 21:17 <REP> d-------- C:\Program Files\SteamApps
2007-07-27 21:17 <REP> d-------- C:\Program Files\Public
2007-07-27 21:16 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-27 21:16 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-27 21:16 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-27 21:16 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-27 21:16 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-27 21:16 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-27 21:16 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-27 21:16 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-27 21:16 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-27 21:16 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-27 21:16 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-27 21:16 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-27 21:16 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-27 20:20 20,505 --a------ C:\WINDOWS\War3Unin.dat
2007-07-27 20:20 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-27 20:20 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-11 20:18 <REP> d-------- C:\DOCUME~1\Marc\APPLIC~1\Opera

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 14:08 64922 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-08-11 14:08 447222 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-08-11 14:06 333235 --a------ C:\Program Files\ClientRegistry.blob
2007-08-11 14:05 87416 --a------ C:\Program Files\AppUpdateStats.blob
2007-08-11 14:04 36493 --a------ C:\Program Files\Steam.log
2007-08-05 15:08 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-08-05 15:01 --------- d-------- C:\Program Files\Styler
2007-08-03 23:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 12:13 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-07-27 21:18 50747 --a------ C:\Program Files\SteamUI_336.mst
2007-07-27 21:18 14 --a------ C:\Program Files\Steam_36.mst
2007-07-27 21:18 1258744 --a------ C:\Program Files\Steam.exe
2007-07-13 12:36 --------- d-------- C:\Program Files\Winamp
2007-07-13 09:54 --------- d-------- C:\Program Files\Acer Inc
2007-07-04 18:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-24 23:26 --------- d-------- C:\DOCUME~1\Marc\APPLIC~1\Styler
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-29 15:29 121 --a------ C:\Program Files\Support.url
2005-09-15 15:20 318 -ra------ C:\Program Files\steam.ico
2005-09-13 17:49 9653 --a------ C:\Program Files\steam_install_agreement.rtf

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 17:32]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 21:51]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 15:50 C:\WINDOWS\AGRSMMSG.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 06:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 06:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 10:43]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-01-19 10:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 18:56 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 20:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 20:43 C:\WINDOWS\Alcmtr.exe]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 11:39]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 16:47]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 16:55]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 19:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-20 21:07]
"BtcMaestro"="C:\Program Files\HP Wireless Keyboard\KMaestro.exe" [2005-06-13 03:38]
"nwiz"="nwiz.exe" [2006-01-19 10:43 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Steam"="C:\Program Files\Steam.exe" [2007-07-27 21:18]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\Marc\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-29 15:42:08]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
R3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
R3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
R3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
R3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S2 spupdsvc;Windows Service Pack Installer update service;C:\WINDOWS\system32\spupdsvc.exe
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 nm;Pilote du Moniteur réseau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
S3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
Auto\command- H:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
Auto\command- I:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a4d922c-2fa8-11dc-b94c-0018de724811}]
Auto\command- F:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8838aea6-b550-11db-b8b1-0018de724811}]
Auto\command- I:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fc88afc-0cea-11dc-b90f-0018de724811}]
Auto\command- F:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c949288c-eab1-11db-b8ef-0018de724811}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e524733f-d983-11db-b8db-0018de724811}]
Auto\command- I:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e71aedec-047b-11dc-b908-0018de724811}]
AutoRun\command- F:\ie.exe
explore\Command- F:\ie.exe
open\Command- F:\ie.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 15:07:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 15:08:03
C:\ComboFix-quarantined-files.txt ... 2007-08-11 15:07
C:\ComboFix2.txt ... 2007-08-09 21:59
C:\ComboFix3.txt ... 2007-08-08 21:40

--- E O F ---
----------------------------------------

Help si l vous plait !!! je veux pas formater mon ordi!!!

,:o(

MycoZ · Answer

apparement Ravmon est sigouillé mais c'est AdobeR et ie.exe qui s'accrochent ..

dites moi pas qu'il y a pas moyen d'eclater cette saloperie !!

me laissez pas tomber SVP!! :@

(trojan) Ravmon, AdobeR, et + si affinités ..

2 réponses

Discussions similaires

Newsletters