I launched combofix and then, I restarted the computer to get the combofix file.
After that, as I loose my Internet connection, I restored the system again, because combofix could not restored my Internet connection. Even, manually, I couldn't restore my Internet connection.
Do I have to launch again combofix ? on the safe mode ? I did on the normal Vista restart.
I've got the online Totalscan log of this morning if you need it .
This was the log file before restoring the system (to get the Internet connection again)
ComboFix 08-02-23.2 - Windows 2008-02-23 13:50:11.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.506 [GMT 1:00]
Endroit: C:\Users\Windows\Desktop\lolita.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\down
C:\Windows\system32\drivers\down\101010.exe
C:\Windows\system32\drivers\down\107281.exe
C:\Windows\system32\drivers\down\117749.exe
C:\Windows\system32\drivers\down\125596.exe
C:\Windows\system32\drivers\down\128966.exe
C:\Windows\system32\drivers\down\134628.exe
C:\Windows\system32\drivers\down\143208.exe
C:\Windows\system32\drivers\down\14671410.exe
C:\Windows\system32\drivers\down\14672830.exe
C:\Windows\system32\drivers\down\14674280.exe
C:\Windows\system32\drivers\down\14686074.exe
C:\Windows\system32\drivers\down\14686230.exe
C:\Windows\system32\drivers\down\14690957.exe
C:\Windows\system32\drivers\down\14692283.exe
C:\Windows\system32\drivers\down\14694436.exe
C:\Windows\system32\drivers\down\14696417.exe
C:\Windows\system32\drivers\down\14702298.exe
C:\Windows\system32\drivers\down\14704747.exe
C:\Windows\system32\drivers\down\14705028.exe
C:\Windows\system32\drivers\down\14705293.exe
C:\Windows\system32\drivers\down\14710005.exe
C:\Windows\system32\drivers\down\14711268.exe
C:\Windows\system32\drivers\down\14737835.exe
C:\Windows\system32\drivers\down\14740612.exe
C:\Windows\system32\drivers\down\155704.exe
C:\Windows\system32\drivers\down\158216.exe
C:\Windows\system32\drivers\down\159729.exe
C:\Windows\system32\drivers\down\162085.exe
C:\Windows\system32\drivers\down\164300.exe
C:\Windows\system32\drivers\down\166219.exe
C:\Windows\system32\drivers\down\166733.exe
C:\Windows\system32\drivers\down\169791.exe
C:\Windows\system32\drivers\down\169853.exe
C:\Windows\system32\drivers\down\183831.exe
C:\Windows\system32\drivers\down\184564.exe
C:\Windows\system32\drivers\down\193768.exe
C:\Windows\system32\drivers\down\196093.exe
C:\Windows\system32\drivers\down\197918.exe
C:\Windows\system32\drivers\down\200601.exe
C:\Windows\system32\drivers\down\201366.exe
C:\Windows\system32\drivers\down\207621.exe
C:\Windows\system32\drivers\down\209556.exe
C:\Windows\system32\drivers\down\212270.exe
C:\Windows\system32\drivers\down\212754.exe
C:\Windows\system32\drivers\down\213190.exe
C:\Windows\system32\drivers\down\220538.exe
C:\Windows\system32\drivers\down\223689.exe
C:\Windows\system32\drivers\down\39561.exe
C:\Windows\system32\drivers\down\58718.exe
C:\Windows\system32\drivers\down\69311.exe
C:\Windows\system32\drivers\down\73554.exe
C:\Windows\system32\drivers\down\83226.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe
C:\Windows\system32\x64
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((((((( Fichiers créés 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 00:23 --------- d-----w C:\Users\Windows\AppData\Roaming\uTorrent
2008-02-23 00:23 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-02-23 00:23 --------- d-----w C:\Program Files\ESET
2008-02-22 18:04 --------- d-----w C:\Program Files\Trend Micro
2008-02-22 15:57 --------- d-----w C:\Program Files\Panda Security
2008-02-22 14:06 --------- d-----w C:\Users\Windows\AppData\Roaming\SUPERAntiSpyware.com
2008-02-22 14:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 23:30 --------- d-----w C:\Users\Windows\AppData\Roaming\Skype
2008-02-15 00:54 --------- d-----w C:\Users\Windows\AppData\Roaming\dvdcss
2008-02-13 20:01 298,104 ----a-w C:\Windows\System32\imon.dll
2008-02-13 19:14 --------- d-----w C:\ProgramData\ESET
2008-02-13 13:57 --------- d-----w C:\Program Files\%temp&
2008-02-11 22:46 --------- d-----w C:\ProgramData\Arovax
2008-02-11 08:39 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
2008-02-11 08:39 237,568 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
2008-02-08 12:53 110,592 ----a-w C:\Windows\System32\OnlineScannerLang.dll
2008-02-05 07:48 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
2008-02-04 12:07 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-02-04 12:07 249,856 ------w C:\Windows\Setup1.exe
2008-01-30 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 00:30 --------- d-----w C:\Program Files\Java
2008-01-23 00:29 --------- d-----w C:\Program Files\Common Files\Java
2008-01-16 16:38 319,984 ----a-w C:\Windows\DIFxAPI.dll
2008-01-16 16:38 --------- d-----w C:\Program Files\Realtek
2008-01-14 18:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-12 01:52 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 01:52 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 01:18 --------- d-----w C:\Program Files\ffdshow
2008-01-11 21:20 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-11 21:20 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-11 21:20 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-11 21:20 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-11 21:20 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-11 21:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-11 21:19 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-11 21:19 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-11 21:19 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-11 21:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-11 21:19 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-11 21:18 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-11 21:18 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-01-11 21:18 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-11 21:18 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-11 21:18 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-01-11 21:18 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-11 21:18 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-11 21:18 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-11 21:18 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-08 20:33 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-01-08 20:33 60,273 ----a-w C:\Windows\System32\pthreadGC2.dll
2008-01-03 19:09 --------- d-----w C:\Users\Windows\AppData\Roaming\Nero
2008-01-03 19:08 --------- d-----w C:\ProgramData\Nero
2008-01-03 19:08 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-31 14:48 174 --sha-w C:\Program Files\desktop.ini
2007-12-31 14:44 --------- d-----w C:\Program Files\Windows Defender
2007-12-31 14:44 --------- d-----w C:\Program Files\Windows Calendar
2007-12-31 14:36 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-31 14:36 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-31 14:36 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-31 14:34 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-31 14:34 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-31 14:31 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-12-31 14:31 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-31 14:28 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2007-12-31 14:28 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-31 14:27 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-12-31 14:27 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-12-31 14:27 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-12-31 14:27 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-12-31 14:27 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-12-31 14:27 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-12-31 14:27 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-12-31 14:26 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-31 14:25 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-31 14:25 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2007-12-31 14:25 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-31 14:24 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-31 14:24 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-31 14:24 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-31 14:24 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-31 14:24 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-31 14:24 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-31 14:24 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-31 14:24 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-31 14:24 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-31 14:23 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-31 14:21 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-31 14:21 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-31 14:20 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-31 14:20 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-31 14:20 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-31 14:20 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-31 14:20 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-31 14:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-31 14:20 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-31 14:20 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-31 14:20 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-31 14:18 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-12-31 14:18 5,120 ----a-w C:\Windows\System32\wmi.dll
2007-12-31 14:18 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 22:18 1232896]
"ares ultra"="F:\Program Files\Ares Ultra\Ares Ultra.exe" [2006-12-18 14:08 2776064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-31 15:33 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 10:57 3784704 C:\Windows\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"InvisibleBrowsing"="F:\Program Files\Invisible Browsing\InvisibleBrowsing.exe" [2008-02-15 19:16 8454144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C1B20507-4256-4496-AF5B-098354644271}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.|Desc=Skype. The whole world can talk for free.
"UDP Query User{4BCA48A6-B23A-44CC-9A7E-8CC4147F003F}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.|Desc=Skype. The whole world can talk for free.
"TCP Query User{D68DF6B1-6D88-4F74-A33D-214F1208EC78}F:\program files\sopcast\adv\sopadver.exe"= UDP:F:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"UDP Query User{A883F2AA-AA67-45C8-B57E-835900CE736A}F:\program files\sopcast\adv\sopadver.exe"= TCP:F:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"TCP Query User{A370017D-6DDD-4CE4-B0E5-86483B0DB0AA}F:\program files\sopcast\sopcast.exe"= UDP:F:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"UDP Query User{3BB68EAD-1D69-4781-B6AA-C88E2DFCF7EB}F:\program files\sopcast\sopcast.exe"= TCP:F:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"TCP Query User{FB354315-6BD9-46B6-9700-6368B748601C}F:\program files\sopcast\sopvod.exe"= UDP:F:\program files\sopcast\sopvod.exe:sopvod|Desc=sopvod
"UDP Query User{1DFFFFBB-8CA1-4224-88E4-65E092F9C65D}F:\program files\sopcast\sopvod.exe"= TCP:F:\program files\sopcast\sopvod.exe:sopvod|Desc=sopvod
"TCP Query User{8316D59B-CC7C-4B31-B654-EACE09DEC2D3}F:\program files\tvants\tvants.exe"= UDP:F:\program files\tvants\tvants.exe:TVAnts|Desc=TVAnts
"UDP Query User{668AA61C-60C1-4A82-8547-450215006096}F:\program files\tvants\tvants.exe"= TCP:F:\program files\tvants\tvants.exe:TVAnts|Desc=TVAnts
"TCP Query User{B592F12D-135A-437E-B8D1-7A8ED5066B1A}F:\program files\zattoo\zattood.exe"= UDP:F:\program files\zattoo\zattood.exe:zattood|Desc=zattood
"UDP Query User{1479A237-5C43-46AA-AA1B-7B5726D2B81C}F:\program files\zattoo\zattood.exe"= TCP:F:\program files\zattoo\zattood.exe:zattood|Desc=zattood
"TCP Query User{F2F72BF4-1369-422C-A631-00E52564B8BC}F:\program files\zattoo\zattoo.exe"= UDP:F:\program files\zattoo\zattoo.exe: |Desc=
"UDP Query User{22600E97-3F4E-4D9B-BD0D-2167A18AFAC5}F:\program files\zattoo\zattoo.exe"= TCP:F:\program files\zattoo\zattoo.exe: |Desc=
"TCP Query User{A7D67ABA-6C84-419B-BC98-5498E229ACFC}F:\program files\adsltv\adsltv.exe"= UDP:F:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv
"UDP Query User{3D93F162-8256-4F97-BBEA-727A7F2B54E8}F:\program files\adsltv\adsltv.exe"= TCP:F:\program files\adsltv\adsltv.exe:adsltv|Desc=adsltv
"{03337BF2-A7E4-4269-A9A3-E49EC8E4DC3B}"= UDP:F:\Total Uninstall 4\Tu.exe:Total Uninstall 4
"{8E16F306-53F8-4091-863B-E68ED5D3DC79}"= TCP:F:\Total Uninstall 4\Tu.exe:Total Uninstall 4
"{9AE0341F-4002-459C-9B51-2B633EFB13B5}"= UDP:C:\Users\Windows\Desktop\utorrent-1.7.5-4602.exe:µTorrent
"{50C28577-1D05-400D-B57F-1A3BC6D88138}"= TCP:C:\Users\Windows\Desktop\utorrent-1.7.5-4602.exe:µTorrent
"TCP Query User{FFC24BDB-7422-434C-B7BA-D11C8D2C87AF}F:\program files\ares ultra\ares ultra.exe"= UDP:37821|RPort=37821|F:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows|Desc=Ares Ultra p2p for windows
"UDP Query User{0301908C-5283-4FB1-9103-E4DD7647473A}F:\program files\ares ultra\ares ultra.exe"= TCP:37821|RPort=37821|F:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows|Desc=Ares Ultra p2p for windows
"TCP Query User{11AC9C92-1DF6-4A3E-B03D-8857BE5DBA52}F:\program files\lphant\elephantclient.exe"= UDP:1755|RPort=1755|LA4=127.0.0.1:127.0.0.1|F:\program files\lphant\elephantclient.exe:lphant Client|Desc=lphant Client|Edge=TRUE|
"UDP Query User{36522A54-4009-488B-963C-9511E8B80F7E}F:\program files\lphant\elephantclient.exe"= TCP:1756|RPort=1756|LA4=127.0.0.1:127.0.0.1|F:\program files\lphant\elephantclient.exe:lphant Client|Desc=lphant Client|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 IBService;IBService;F:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
R3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-23 13:55:48
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Invisible Browsing\servers\Socks\IBSocksManager.exe
F:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
F:\Program Files\Invisible Browsing\servers\Socks\IBSocks.exe
C:\Windows\system32\conime.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-23 13:57:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 12:57:44
.
2008-01-11 21:22:24 --- E O F ---