Alors... encore merci à vous.
Vundofix ne trouve rien!
voici le rapport Combo fix:
ComboFix 07-12-09.1 - Simon 2007-12-10 16:16:51.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.303 [GMT 1:00]
Running from: C:\Documents and Settings\Simon\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))))))))
.
2007-12-05 13:40 . 2007-12-05 13:41 4,256 --a------ C:\WINDOWS\buff-in.ogf
2007-12-05 13:16 . 2007-12-10 16:25 70,432 --a------ C:\WINDOWS\buff-in.r72
2007-12-05 13:10 . 2007-12-10 15:52 32 --a------ C:\WINDOWS\buff-out.r72
2007-12-05 12:43 . 2007-12-10 16:25 208 --a------ C:\WINDOWS\jantje
2007-12-05 12:41 . 2006-09-10 03:25 539,136 --a------ C:\WINDOWS\dnetc.exe
2007-12-05 12:41 . 2006-12-26 11:10 423 --a------ C:\WINDOWS\DNETC.INI
2007-12-05 12:37 . 2007-12-09 15:07 <REP> d-------- C:\Program Files\Luxor 3
2007-12-03 09:14 . 2007-12-03 09:14 87 --a------ C:\WINDOWS\Default.PLS
2007-11-27 14:28 . 2007-11-27 14:28 <REP> d-------- C:\videodvdmaker
2007-11-27 14:28 . 2007-11-27 14:28 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Video DVD Maker FREE
2007-11-27 14:27 . 2007-11-27 14:27 <REP> d-------- C:\Program Files\Video DVD Maker
2007-11-21 15:29 . 2007-11-21 15:29 <REP> d-------- C:\Program Files\Common Files
2007-11-21 15:29 . 2007-11-21 16:01 <REP> d-------- C:\Program Files\CamStudio
2007-11-15 12:26 . 2007-11-15 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-15 12:26 . 2007-11-15 12:26 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-13 09:54 . 2007-11-13 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 14:48 --------- d-----w C:\Program Files\Soulseek-Test
2007-12-10 14:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-10 12:19 --------- d-----w C:\Program Files\Navilog1
2007-12-10 07:31 --------- d-----w C:\Documents and Settings\Simon\Application Data\AVG7
2007-12-08 16:29 --------- d--h--w C:\Documents and Settings\Simon\Application Data\BitTorrent
2007-12-05 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-21 14:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 09:20 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2007-11-12 10:00 --------- d-----w C:\Program Files\Fichiers communs\Drunken Clock
2007-11-08 16:25 --------- d-----w C:\Program Files\Drunken Clock
2007-11-07 19:31 --------- d-----w C:\Program Files\WinAce
2007-10-26 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-26 08:37 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-26 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-25 20:42 --------- d-----w C:\Documents and Settings\Simon\Application Data\PlayFirst
2007-10-25 20:40 --------- d-----w C:\Documents and Settings\Simon\Application Data\Mind Control Software
2007-10-24 09:43 --------- d-----w C:\Documents and Settings\Simon\Application Data\ArcSoft
2007-10-24 09:40 --------- d-----w C:\Program Files\ArcSoft
2007-10-20 16:53 --------- d-----w C:\Program Files\Winamp
2007-10-15 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-11 12:43 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-11 11:24 --------- d-----w C:\Program Files\BitTorrent
2007-09-18 09:04 110 ----a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-07-04 21:36 22 ----a-w C:\Documents and Settings\Simon\pays.zip
2006-12-19 11:10 70,592 -c--a-w C:\Documents and Settings\Simon\Application Data\GDIPFONTCACHEV1.DAT
2006-10-20 07:58 16,628 ----a-w C:\WINDOWS\Fonts\fight_this.zip
2005-07-05 21:34 266 --sh--w C:\Program Files\desktop.ini
2005-07-05 21:34 11,208 -c-ha-w C:\Program Files\folder.htt
2005-03-29 22:46 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-10-18 15:03]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-29 09:20]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-10-18 15:03]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-29 09:21]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-06 15:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^New Shortcut-1.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\New Shortcut-1.lnk
backup=C:\WINDOWS\pss\New Shortcut-1.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Simon^Menu Démarrer^Programmes^Démarrage^MostFun.lnk]
path=C:\Documents and Settings\Simon\Menu Démarrer\Programmes\Démarrage\MostFun.lnk
backup=C:\WINDOWS\pss\MostFun.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVManager]
2004-06-08 17:32 81920 --a------ C:\Program Files\Wistron\AVManager\AVManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-10-18 15:03 13312 --a------ C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol]
2003-09-16 13:28 20480 --a------ C:\Program Files\Launch Manager\CtrlVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2004-08-06 15:52 356352 --a------ C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
2004-11-11 14:13 49152 -ra------ C:\Program Files\Launch Manager\HotkeyApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-02 01:59 126976 -ra------ C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-02 02:03 155648 -ra------ C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
2004-08-06 13:04 32768 --a------ C:\Program Files\Launch Manager\LaunchAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2004-07-26 13:52 204800 --a------ C:\Program Files\Launch Manager\OSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2003-09-04 17:00 184320 --------- C:\Program Files\ltmoh\Ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-10 17:49 50688 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-19 08:26 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-05-07 03:49 536576 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-05-07 03:49 98304 --a------ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2004-09-06 13:11 73728 --a------ C:\Program Files\Launch Manager\Wbutton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 23:22 35328 --a------ C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
C:\Program Files\Winsos\WINSOS.EXE MINI
R1 Hotkey;Hotkey;C:\WINDOWS\System32\drivers\Hotkey.sys
S1 Wbutton;Wbutton;C:\WINDOWS\System32\drivers\Wbutton.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\Drivers\BrScnUsb.sys
S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\System32\DRIVERS\gtf32bus.sys
S3 GTPTSER;GT PT SER;C:\WINDOWS\System32\DRIVERS\gtptser.sys
S3 GTSCSER;GT SC SER;C:\WINDOWS\System32\DRIVERS\gtscser.sys
S3 MA763010;M-Audio Fast Track;C:\WINDOWS\System32\drivers\MA763010.sys
S3 TSClient;Tatara Protocol Driver;C:\WINDOWS\System32\drivers\tsclient.sys
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\System32\FreezeScreenSaver.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2600.0000]
-> C:\DOCUME~1\Simon\LOCALS~1\Temp\fjtovsfj.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-10 16:28:23
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-10 16:29:44 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-18 15:59
.
--- E O F ---
