analyse d'un log hijakcthis

[hmmank]

bonjour messsieurs, j'aime bien que vous me guider pour resoudre mon probleme , voila mon rapport log

merci

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:53:33, on 16/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Bell\Gestionnaire de securite\Fws.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\CIMCO\DNCMax5\DNCMax5.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\CIMCO\NCBase5\bin\cimcodb-nt.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: C:\WINDOWS\system32\hgfdge4unjdfdg.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hgfdge4unjdfdg.dll

O2 - BHO: (no name) - {f5c93451-2609-4723-a053-5c19516be1a8} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Multi_Media - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: torrent_search - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtor1.dll

O3 - Toolbar: (no name) - {3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN

O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Xjuhadumokaba] rundll32.exe "C:\WINDOWS\Eqodevax.dll",e

O4 - HKLM\..\Run: [Mvelidalosa] rundll32.exe "C:\WINDOWS\iloxitok.dll",e

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

O4 - Global Startup: desktop(2).ini

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164043653343

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version=

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hgfdge4unjdfdg.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: CIMCO DNC-Max (CIMCODNCMAX) - CIMCO Integration - C:\CIMCO\DNCMax5\DNCMax5.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: CIMCO NC-Base Server (MySql) - Unknown owner - C:\CIMCO\NCBase5\bin\cimcodb-nt.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe (file missing)

O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe

O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

 

--

End of file - 9995 bytes

[angelique]

•desactive temporairement ton antivirus Nod32

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

 

* Double-clique combofix.exe, accepte le CluF qui s'affiche, afin de l'exécuter, installe la console de recuperation à ta guise quand c'est demandé et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[hmmank]

merci j'ai deja executé combofix et voila mon rapport log

 

ComboFix 09-01-16.03 - Administrateur 2009-01-17 9:37:31.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510.214 [GMT -5:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

AV: BitDefender Antivirus Plus v10 *On-access scanning disabled* (Outdated)

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)

FW: BitDefender Antivirus Plus v10 *disabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free

c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\Abbr

c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\ActivationCode

c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\HOURS

c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\ProductCode

c:\program files\Fichiers communs\SystemDoctor

c:\program files\Fichiers communs\SystemDoctor\err.log

c:\program files\ShoppingReport

c:\windows\system32\hgfdge4unjdfdg.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_PACKET

-------\Legacy_VFILT

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-16 08:27 . 2009-01-16 08:27 <REP> d-------- c:\program files\Fichiers communs\Windows Live

2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\Navilog1

2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\CCleaner

2009-01-15 20:43 . 2009-01-15 20:43 <REP> d-------- c:\program files\Trend Micro

2009-01-15 18:52 . 2009-01-15 18:52 135,680 --a--c--- c:\windows\iloxitok.dll

2009-01-15 18:40 . 2009-01-17 09:45 87,020 --a------ c:\windows\system32\drivers\a52efaef.sys

2009-01-15 16:10 . 2009-01-15 16:10 3,683,606 --a------ c:\documents and settings\All Users.aawqff

2009-01-15 15:30 . 2009-01-15 15:30 <REP> d-------- c:\program files\Lavasoft

2009-01-15 15:30 . 2009-01-15 15:33 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft

2009-01-15 15:29 . 2009-01-15 15:29 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard

2009-01-14 21:28 . 2009-01-14 21:28 <REP> d----c--- C:\sav_install

2009-01-10 13:21 . 2009-01-10 17:41 <REP> d-------- c:\program files\SWiSHE.NET

2008-12-31 21:40 . 2008-12-31 21:40 <REP> d----c--- c:\windows\PaltalkScene

2008-12-29 07:16 . 2008-12-31 21:51 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avira

2008-12-21 08:46 . 2008-12-21 08:46 <REP> d-------- c:\documents and settings\Administrateur\Application Data\PDM

2008-12-21 08:36 . 2008-12-21 08:36 <REP> d-------- c:\program files\Palm Digital Media

2008-12-20 03:01 . 2008-12-20 03:01 <REP> d-------- c:\program files\MSXML 4.0

2008-12-19 22:18 . 2008-05-01 09:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2008-12-19 22:07 . 2008-12-20 03:41 <REP> d-------- c:\windows\system32\CatRoot_bak

2008-12-19 18:07 . 2008-12-20 15:16 <REP> d-------- c:\program files\HighwayPursuit

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-15 13:04 --------- d-----w c:\program files\BitComet

2009-01-04 16:24 --------- d-----w c:\program files\Google

2009-01-01 02:41 --------- d-----w c:\program files\Paltalk Messenger

2009-01-01 02:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\Paltalk

2008-12-29 20:53 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-12-20 15:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2008-12-20 15:18 --------- d-----w c:\program files\Saint-Coran Toolbar

2008-12-20 14:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files

2008-12-19 21:54 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-04-07 01:17 774,144 ----a-w c:\program files\RngInterstitial.dll

2007-02-22 01:07 8 ----a-w c:\documents and settings\Administrateur\Application Data\usb.dat.bin

2005-01-29 10:57 81,981 ----a-w c:\program files\Copie de catbbmagic.dll

2004-08-10 09:46 39 ----a-w c:\program files\Copie de 2d45nt6.dll

2002-06-04 09:06 65,536 ------w c:\windows\inf\copyinf.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

"Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2007-01-12 1740800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" [2002-04-20 364544]

"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" [2002-04-20 102400]

"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-22 185896]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"Athan"="c:\program files\Athan\Athan.exe" [2006-09-17 978944]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]

"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]

"Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2007-08-27 310000]

"-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2007-08-27 13552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

"Mvelidalosa"="c:\windows\iloxitok.dll" [2009-01-15 135680]

"PCTVOICE"="pctspk.exe" [2003-04-18 c:\windows\system32\pctspk.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

 

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872]

AutoCAD Startup Accelerator.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-04 11000]

desktop(2).ini [2006-11-17 84]

PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2008-11-14 11376640]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\WINDOWS\\system32\\mcoinstall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"=

"c:\\CIMCO\\DNCMax5\\DNCAdmin5.exe"=

"c:\\CIMCO\\DNCMax5\\DNCMax5.exe"=

"c:\\BUREAU\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"=

"c:\\Documents and Settings\\Administrateur\\Mes documents\\CIMCO khalid\\cimco\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"<NO NAME>"= :Windows Service Processor

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11272:TCP"= 11272:TCP:BitComet 11272 TCP

"11272:UDP"= 11272:UDP:BitComet 11272 UDP

"443:TCP"= 443:TCP:ooVoo TCP port 443

"443:UDP"= 443:UDP:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo

"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

"8736:TCP"= 8736:TCP:BitComet 8736 TCP

"8736:UDP"= 8736:UDP:BitComet 8736 UDP

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]

R4 CIMCODNCMAX;CIMCO DNC-Max;c:\cimco\DNCMax5\DNCMax5.exe [2007-10-02 741376]

R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;c:\windows\system32\dllhost.exe [2004-08-03 5120]

S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-24 3584]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - IPVNMon

.

Contenu du dossier 'Tâches planifiées'

 

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe []

 

2009-01-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 23:25]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

BHO-{c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll

Toolbar-{3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file)

WebBrowser-{3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file)

HKLM-Run-EoEngine - (no file)

HKLM-Run-EoWeather - (no file)

HKLM-Run-EoClock - (no file)

HKLM-Run-EoComputer - (no file)

HKLM-Run-EoRss - (no file)

HKLM-Run-EoNet - (no file)

HKLM-Run-EoSudoku - (no file)

HKLM-Run-EoPhoto - (no file)

SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hgfdge4unjdfdg.dll

Notify-PRISMAPI - PRISMAPI.DLL

 

 

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC

IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

 

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

O16 -: TruePass EPF 7,0,100,730 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab

c:\windows\Downloaded Program Files\TruePass EPF 7,0,100,730.osd

 

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=

c:\windows\Downloaded Program Files\hardwaredetection.inf

FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lsvfrtrk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-17 09:42:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a52efaef]

"ImagePath"="\SystemRoot\System32\drivers\a52efaef.sys"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\s-1-5-21-796845957-1801674531-722644409-500\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Bell\Gestionnaire de securite\Fws.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe

c:\program files\CA\PPRT\bin\ITMRTSVC.exe

c:\cimco\NCBase5\Bin\cimcodb-nt.exe

c:\program files\Raxco\PerfectDisk\PDAgent.exe

c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\msiexec.exe

.

**************************************************************************

.

Heure de fin: 2009-01-17 9:50:40 - La machine a redémarré [Administrateur]

ComboFix-quarantined-files.txt 2009-01-17 14:50:36

 

Avant-CF: 7 501 795 328 octets libres

Après-CF: 8,068,575,232 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale"=optin /fastdetect

 

251 --- E O F --- 2009-01-14 08:05:10

[angelique]

avant de poursuivre , repond à cette question:

 

as tu installé ou desinstallé un émulateur comme Daemon_Tools ??

 

fait ça deja:

 

Télécharge DiagHelp ( de Malekal_morte ) : http://www.malekal.com/download/DiagHelp.zip

 

 

* Enregistre le sur ton bureau

* Ne double-clic pas dessus ! Fais un clic droit sur le fichier et extraire tout

 

» ouvre le dossier DiagHelp et double clic sur catchme, onglet script et copie_colle la ligne ci dessous dans sa fenetre blanche puis clic run:

 

files to kill:
c:\windows\inf\copyinf.exe

 

http://uploads.imagup.com/07/1232227121_CM.JPG

 

Un fichier catchme.zip est crée sur ton bureau , upload le à cette adresse: http://upload.malekal.com/

 

• Vas sur le site http://virusscan.jotti.org/

• Clique en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ces fichiers tour à tour :
  -c:\windows\inf\copyinf.exe
  
• Clique sur submit toujours en haut à droite
  
• Le scan va se lancer, ça va prendre un petit instant
  
• A la fin du scan, un rapport va apparaître : Copie/Colle le résultat complet du scan dans un fichier texte
  
• Poste ce fichier dans ta prochaine réponse
  

ATTENTION de bien prendre le résultat du scan de ton fichier (le nom du fichier apparaît en haut) et non le scan fait avant le tiens!

Aide : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId662799

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
c:\windows\iloxitok.dll
c:\windows\system32\drivers\a52efaef.sys
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mvelidalosa"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a52efaef]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[hmmank]

non j'ai jamais installé ou desinstallé un émulateur comme Daemon_Tools .

[angelique]

alors fait la suite de mon message precedent

[hmmank]

est ce que je sois desactivé de nouveau mon antivirus au moment du scan par combofix?

[hmmank]

alors voila le resultat du scan pour la premiere étape.

 

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

 

File to upload & scan:

Service

Service load: 0% 100%

 

File: copyinf.exe

Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

MD5: e09ff3fc591177f8a15ac1fa655b0805

Packers detected: -

 

Scanner results

Scan taken on 17 Jan 2009 18:05:43 (GMT)

A-Squared Found nothing

AntiVir Found TR/Trash.Gen

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

Powered by

 

Disclaimer

This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

 

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Some scanners will only report one virus when scanning archives with multiple pieces of malware.

 

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

 

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

 

Sponsored by HotelScraper.com.

--------------------------------------------------------------------------------

 

 

Statistics

Last file scanned at least one scanner reported something about: unique_spawnmap.exe (MD5: cbf353aee647bc58c72b0b893fefe307, size: 2561536 bytes), detected by:

 

Scanner Malware name

A-Squared Virus.Win32.OnLineGames.EFZ!IK

AntiVir X

ArcaVir X

Avast X

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus W32/Patcher.A.gen!Eldorado

F-Secure Anti-Virus X

G DATA X

Ikarus Virus.Win32.OnLineGames.EFZ

Kaspersky Anti-Virus X

NOD32 a variant of Win32/HackTool.Patcher.A application

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

 

You are free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives

We are not affiliated with any third parties that conduct tests using this service.

 

 

 

 

 

Frequently asked questions - Privacy policy

 

 

 

Page generated by JTPL

 

© 2004-2009 Jotti <jotti@jotti.org>

 

ensuite voila le fichier log de combofix avec CFScript

 

ComboFix 09-01-17.02 - Administrateur 2009-01-17 13:47:43.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510.214 [GMT -5:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt.txt

AV: BitDefender Antivirus Plus v10 *On-access scanning disabled* (Outdated)

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)

FW: BitDefender Antivirus Plus v10 *disabled*

* Un nouveau point de restauration a été créé

 

FILE ::

c:\windows\iloxitok.dll

c:\windows\system32\drivers\a52efaef.sys

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\iloxitok.dll

c:\windows\system32\drivers\a52efaef.sys

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_a52efaef

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-16 08:27 . 2009-01-16 08:27 <REP> d-------- c:\program files\Fichiers communs\Windows Live

2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\Navilog1

2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\CCleaner

2009-01-15 20:43 . 2009-01-15 20:43 <REP> d-------- c:\program files\Trend Micro

2009-01-15 16:10 . 2009-01-15 16:10 3,683,606 --a------ c:\documents and settings\All Users.aawqff

2009-01-15 15:30 . 2009-01-15 15:30 <REP> d-------- c:\program files\Lavasoft

2009-01-15 15:30 . 2009-01-15 15:33 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft

2009-01-15 15:29 . 2009-01-15 15:29 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard

2009-01-14 21:28 . 2009-01-14 21:28 <REP> d----c--- C:\sav_install

2009-01-10 13:21 . 2009-01-10 17:41 <REP> d-------- c:\program files\SWiSHE.NET

2008-12-31 21:40 . 2008-12-31 21:40 <REP> d----c--- c:\windows\PaltalkScene

2008-12-29 07:16 . 2008-12-31 21:51 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avira

2008-12-21 08:46 . 2008-12-21 08:46 <REP> d-------- c:\documents and settings\Administrateur\Application Data\PDM

2008-12-21 08:36 . 2008-12-21 08:36 <REP> d-------- c:\program files\Palm Digital Media

2008-12-20 03:01 . 2008-12-20 03:01 <REP> d-------- c:\program files\MSXML 4.0

2008-12-19 22:18 . 2008-05-01 09:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll

2008-12-19 22:07 . 2008-12-20 03:41 <REP> d-------- c:\windows\system32\CatRoot_bak

2008-12-19 18:07 . 2008-12-20 15:16 <REP> d-------- c:\program files\HighwayPursuit

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-15 13:04 --------- d-----w c:\program files\BitComet

2009-01-04 16:24 --------- d-----w c:\program files\Google

2009-01-01 02:41 --------- d-----w c:\program files\Paltalk Messenger

2009-01-01 02:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\Paltalk

2008-12-29 20:53 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-12-20 15:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2008-12-20 15:18 --------- d-----w c:\program files\Saint-Coran Toolbar

2008-12-20 14:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files

2008-12-19 21:54 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-04-07 01:17 774,144 ----a-w c:\program files\RngInterstitial.dll

2007-02-22 01:07 8 ----a-w c:\documents and settings\Administrateur\Application Data\usb.dat.bin

2005-01-29 10:57 81,981 ----a-w c:\program files\Copie de catbbmagic.dll

2004-08-10 09:46 39 ----a-w c:\program files\Copie de 2d45nt6.dll

2002-06-04 09:06 65,536 ------w c:\windows\inf\copyinf.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

"Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2007-01-12 1740800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" [2002-04-20 364544]

"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" [2002-04-20 102400]

"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-22 185896]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"Athan"="c:\program files\Athan\Athan.exe" [2006-09-17 978944]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]

"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]

"Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2007-08-27 310000]

"-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2007-08-27 13552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

"PCTVOICE"="pctspk.exe" [2003-04-18 c:\windows\system32\pctspk.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

 

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872]

AutoCAD Startup Accelerator.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-04 11000]

desktop(2).ini [2006-11-17 84]

PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2008-11-14 11376640]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\WINDOWS\\system32\\mcoinstall.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"=

"c:\\CIMCO\\DNCMax5\\DNCAdmin5.exe"=

"c:\\CIMCO\\DNCMax5\\DNCMax5.exe"=

"c:\\BUREAU\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"=

"c:\\Documents and Settings\\Administrateur\\Mes documents\\CIMCO khalid\\cimco\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"<NO NAME>"= :Windows Service Processor

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11272:TCP"= 11272:TCP:BitComet 11272 TCP

"11272:UDP"= 11272:UDP:BitComet 11272 UDP

"443:TCP"= 443:TCP:ooVoo TCP port 443

"443:UDP"= 443:UDP:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo

"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo

"8736:TCP"= 8736:TCP:BitComet 8736 TCP

"8736:UDP"= 8736:UDP:BitComet 8736 UDP

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]

R4 CIMCODNCMAX;CIMCO DNC-Max;c:\cimco\DNCMax5\DNCMax5.exe [2007-10-02 741376]

R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;c:\windows\system32\dllhost.exe [2004-08-03 5120]

S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-24 3584]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - IPVNMon

.

Contenu du dossier 'Tâches planifiées'

 

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe []

 

2009-01-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 23:25]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC

IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

 

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

O16 -: TruePass EPF 7,0,100,730 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab

c:\windows\Downloaded Program Files\TruePass EPF 7,0,100,730.osd

 

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=

c:\windows\Downloaded Program Files\hardwaredetection.inf

FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lsvfrtrk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-17 13:56:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1072)

c:\windows\system32\l3codeca.acm

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Bell\Gestionnaire de securite\Fws.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe

c:\program files\CA\PPRT\bin\ITMRTSVC.exe

c:\cimco\NCBase5\Bin\cimcodb-nt.exe

c:\program files\Raxco\PerfectDisk\PDAgent.exe

c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe

c:\windows\system32\msiexec.exe

c:\program files\Raxco\PerfectDisk\PDEngine.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\msiexec.exe

c:\program files\Windows Desktop Search\WindowsSearchFilter.exe

.

**************************************************************************

.

Heure de fin: 2009-01-17 14:03:30 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-01-17 19:03:25

ComboFix2.txt 2009-01-17 14:50:42

 

Avant-CF: 8 310 218 752 octets libres

Après-CF: 8,319,746,048 octets libres

 

224 --- E O F --- 2009-01-14 08:05:10

[angelique]

ok , le fichier est ok

 

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide:

 

ComboFix /u

 

• Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner:

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

[hmmank]

merci j'ai executé ATF Cleaner mais je ne vois pas l'onglet Restauration du système, sélectionnez Désactiver la Restauration du système sur proprietés .