virus

[david11]

bonjour,

J'ai un virus sur mon pc et je n'arrive pas a m'en debarrasser quelqu'un pourait-il m'aider.

 

merci d'avance.

[fifi29]

salut david11, a lire dans un 1° temps

http://forum.zebulon.fr/index.php?showtopic=138211

a++++

[david11]

salut david11, a lire dans un 1° temps

http://forum.zebulon.fr/index.php?showtopic=138211

a++++

 

 

ok dnc voici le rapport que j'ai pus faire d mon PC

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:18, on 31/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Documents and Settings\david\svchost.exe

C:\WINDOWS\mrofinu1188.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\MICROS~4\wcescomm.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Club-Internet\Lanceur\lanceur.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\david\Bureau\HiJackThis.exe

C:\Program Files\limewire\limewire.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Starware Toolbar Recettes - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware354\bin\Starware354.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [up curb skip two] C:\Documents and Settings\All Users\Application Data\filmtimeupcurb\tool soft.exe

O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart

O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\david\svchost.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKLM\..\Run: [bM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\ywsjgbwj.dll",s

O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\pahgxsfw.dll",b

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c26964d197b1462190f40fda78675b26

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c26964d197b1462190f40fda78675b26

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://www.easypackhtml.com/PackageHtmlCab.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 12293 bytes

[pear]

Bonsoir,

 

* Télécharger SDFix (créé par AndyManchesta) et le sauvegarder sur le Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur le Bureau.

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.bat pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

Si Sdfix ne se lance pas:

Démarrer->Exécuter

Copiez/collez ceci:

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

 

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Postez le rapport ici.

 

color=#0000FF]

Vous aller télécharger Combofix.

Auparavant, et pour pour éviter quelque mauvaise manoeuvre avec ce logiciel très puissant,lisez attentivement ce tutoriel:

 

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

 

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.

 

 

Télécharger combofix.exe de sUBs et sauvegardez le sur le bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

*Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

* Taper sur la touche 1 pour démarrer le scan.

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Lorsque le scan sera terminé,( cela pourrait prendre un certain temps),un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

 

[/color]

[david11]

Voici le premier rapport demandé , j'attaque le dexieme.

 

 

 

 

SDFix: Version 1.165

 

Run by david on 31/03/2008 at 21:15

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\david\Bureau\SDFIXD~1\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted

C:\WINDOWS\mrofinu1188.exe - Deleted

C:\Documents and Settings\david\svchost.exe - Deleted

C:\winlogon.exe - Deleted

C:\WINDOWS\system32\pac.txt - Deleted

 

 

 

Folder C:\Temp\gbRve12 - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-31 21:26:44

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\david\Bureau\SDFIXD~1\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"

Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"

Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"

Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"

Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"

Mon 21 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 8 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Mon 21 Aug 2006 20 A..H. --- "C:\Documents and Settings\david\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"

Mon 21 Aug 2006 4,348 ...H. --- "C:\Documents and Settings\david\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"

Mon 21 Aug 2006 1,536 A..H. --- "C:\Documents and Settings\david\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"

Mon 21 Aug 2006 312 ...H. --- "C:\Documents and Settings\david\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

[david11]

J'ai fais ComboFix il a bien été executé mais il ne ma pas fait de rapport , que dois-je faire.

 

encore merci.

@+

[pear]

Bonsoir,

 

Vérifiez là,svp:

 

le fichier rapport, ou log, se trouvera dans C:\ComboFix.txt.

[david11]

Bonjour,

Désolé mais je ne le trouve pas.

[pear]

Bonjour,

 

Voulez vous recommencer, svp.

[david11]

Bonjour,

J'ai enfin reussis

 

 

ComboFix 08-03-30.4 - david 2008-04-01 16:21:00.2 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.541 [GMT 2:00]

Endroit: C:\Documents and Settings\david\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\_000006_.tmp.dll

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\Starware354

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\748_button_1b_def.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\748_button_1b_over.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\750_button_1b_def.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\FindIt.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\FindItHot.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\findithotxp.png

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\finditxp.png

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\Green_Card0.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\logo.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\logoxp.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\Rencontres0.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\buttons\Screensavers0.bmp

C:\Documents and Settings\All Users\Application Data\Starware354\contexts\error.xml

C:\Documents and Settings\All Users\Application Data\Starware354\contexts\Related.xml

C:\Documents and Settings\All Users\Application Data\Starware354\contexts\Travel.xml

C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml

C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml.backup

C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml

C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml.backup

C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml

C:\Documents and Settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml.backup

C:\Documents and Settings\david\Application Data\macromedia\Flash Player\#SharedObjects\9YNPG7L3\iforex.com

C:\Documents and Settings\david\Application Data\macromedia\Flash Player\#SharedObjects\9YNPG7L3\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\david\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\david\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\Documents and Settings\david\Application Data\Starware354

C:\Documents and Settings\david\Application Data\Starware354\BrowserSearch\BrowserSearch.xml

C:\Documents and Settings\david\Application Data\Starware354\BrowserSearch\BrowserSearch.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Configurator\Configurator.xml

C:\Documents and Settings\david\Application Data\Starware354\Configurator\Configurator.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Green_Card\Green_CardOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\Green_Card\Green_CardOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Layouts\ToolbarLayout.xml

C:\Documents and Settings\david\Application Data\Starware354\Layouts\ToolbarLayout.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Manager\ManagerOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\Manager\ManagerOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Rechercher_de_recettes\Rechercher_de_recettesOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\Rechercher_de_recettes\Rechercher_de_recettesOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Recipe_RSS\Recipe_RSSOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\Recipe_RSS\Recipe_RSSOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Rencontres\RencontresOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\Rencontres\RencontresOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Screensavers\ScreensaversOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\Screensavers\ScreensaversOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\Toolbar\TBProductsOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\Toolbar\TBProductsOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml.backup

C:\Documents and Settings\david\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml

C:\Documents and Settings\david\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml.backup

C:\Program Files\Adssite Games Collection

C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe

C:\Program Files\Adssite Games Collection\BobAndBill.exe

C:\Program Files\Adssite Games Collection\CrazyBlocks.exe

C:\Program Files\Adssite Games Collection\Lines.exe

C:\Program Files\Adssite Games Collection\uninstall.exe

C:\Program Files\Adssite Games Collection\VideoPool.exe

C:\Program Files\Starware354

C:\Program Files\Starware354\bin\Starware354.dll

C:\Program Files\Starware354\icons\star_16.ico

C:\Program Files\Starware354\Starware354Config.xml

C:\Program Files\Starware354\Starware354Uninstall.exe

C:\WINDOWS\BM313e2b3d.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\adssite-remove.exe

C:\WINDOWS\system32\fhjRqBeg.ini

C:\WINDOWS\system32\fhjRqBeg.ini2

C:\WINDOWS\system32\geBqRjhf.dll

C:\WINDOWS\system32\nexasecs.dll

C:\WINDOWS\system32\nss3D.dll

C:\WINDOWS\system32\pahgxsfw.dll

C:\WINDOWS\system32\rightonadz-uninst.exe

C:\WINDOWS\system32\tuvVLDuV.dll

C:\WINDOWS\system32\ulcjccqi.dll

C:\WINDOWS\system32\wfsxghap.ini

C:\WINDOWS\system32\ywsjgbwj.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-31 21:56 . 2008-03-31 21:56 <REP> d-------- C:\Documents and Settings\LocalService\Bureau

2008-03-31 21:04 . 2008-03-31 21:04 <REP> d-------- C:\WINDOWS\ERUNT

2008-03-31 20:51 . 2008-03-31 10:34 <REP> d-------- C:\SDFix

2008-03-30 15:34 . 2008-03-31 16:56 474 ---hs---- C:\WINDOWS\system32\fehaxyjs.ini

2008-03-29 14:23 . 2008-03-29 14:23 <REP> d-------- C:\WINDOWS\system32\aqVreo05

2008-03-29 14:23 . 2008-03-29 14:23 <REP> d-------- C:\Temp

2008-03-29 14:23 . 2008-03-29 14:23 <REP> d--hs---- C:\Documents and Settings\david\!

2008-03-29 14:23 . 2008-03-31 20:59 3,545,428 --------- C:\Documents and Settings\david\x1.dat

2008-03-09 15:25 . 2008-03-09 15:25 <REP> d-------- C:\Poker

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 04:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D9362F8-77D8-4b29-97B5-621D550890C0}]

C:\WINDOWS\system32\gzmrt.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1962C5BC-E475-465B-823B-133E711BCEB9}"= "C:\Program Files\Starware354\bin\Starware354.dll" [ ]

 

[HKEY_CLASSES_ROOT\clsid\{1962c5bc-e475-465b-823b-133e711bceb9}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 14:26 68856]

"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [2005-11-15 20:21 1204224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]

"SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 11:39 90112 C:\WINDOWS\soundman.exe]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312]

"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]

"StandardInstall"="" []

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57 188416]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59 77824]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-03-28 12:08 53408]

"up curb skip two"="C:\Documents and Settings\All Users\Application Data\filmtimeupcurb\tool soft.exe" [2007-04-01 18:18 587264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"DJSNetCN"="C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe" [2005-09-29 21:34 54928]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

 

C:\Documents and Settings\david\Menu D‚marrer\Programmes\D‚marrage\

Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 14:17:06 5484544]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-07-20 22:09:20 262144]

Docteur Club Internet.lnk - C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe [2006-07-28 19:27:51 217088]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVLDuV]

tuvVLDuV.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14918:TCP"= 14918:TCP:BitComet 14918 TCP

"14918:UDP"= 14918:UDP:BitComet 14918 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\david\LOCALS~1\Temp\DMSKSSRh.sys []

 

*Newly Created Service* - COMHOST

*Newly Created Service* - INT15.SYS

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-03-28 22:37:16 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - david.job"

- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exeh/TASK:

"2008-04-01 14:00:02 C:\WINDOWS\Tasks\B95F67D39035109F.job"

- c:\docume~1\david\applic~1\elsepl~1\Thunkdeafgreat.exe

"2008-04-01 13:35:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-01 16:24:51

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-04-01 16:25:49

ComboFix-quarantined-files.txt 2008-04-01 14:25:42

Pre-Run: 39,749,582,848 octets libres

Post-Run: 39,738,474,496 octets libres

.

2008-03-13 02:02:25 --- E O F ---