Bonsoir,
Donc depuis peu de temps mon antivirus n'arrète pas de me signaler que je suis infecté par ce virus (totour.exe), je ne sais pas comment faire pour l'enlever.

Merci pour votre aide.

Bonjour,

Quel est son emplacement ?

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Voici mon rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:47, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\zllsputility_loc040c.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\zllsputility_loc040c.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O20 - AppInit_DLLs: mnmsrvc.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.virginmobile.fr/images/ [...] s_Sans.jpg

--
End of file - 8012 bytes

Pandent le scan il y a eu un autre virus.

On va s'en occuper

• Télécharge combofix.exe (par sUBs) sur ton Bureau.
• Double clique combofix.exe.
• Tape sur la touche 1 (Yes) pour démarrer le scan.
• Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

ComboFix 07-08-30.3 - "Pascal Walpole" 2007-09-04 20:56:21.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.408 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



[color=blue]Infected copy of C:\WINDOWS\system32\drivers\ndis.sys was found & disinfected
C:\DOCUME~1\PASCAL~1.WAL\Bureau\internet explorer.lnk
C:\DOCUME~1\PASCAL~1\Bureau\internet explorer.lnk
C:\WINDOWS\system32\5_exception.nls
Restored copy from - c:\WINDOWS\ServicePackFiles\i386\ndis.sys[/color]


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FWDRV.SYS
-------\LEGACY_QQD.SYS
-------\LEGACY_RUNTIME
-------\fwdrv.sys
-------\qqd.sys
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-04 20:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-04 19:48 <REP> d-------- C:\Program Files\Trend Micro
2007-09-03 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-02 18:19 4,096 --a------ C:\WINDOWS\system32\mnmsrvc.dll
2007-09-02 18:19 31,744 --a------ C:\WINDOWS\system32\rpcc.dll
2007-09-02 18:19 15,360 --a------ C:\WINDOWS\zllsputility_loc040c.exe
2007-08-28 10:24 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Pogo Games
2007-08-28 10:16 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\PlayFirst
2007-08-28 10:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PlayFirst
2007-08-26 18:47 <REP> d-------- C:\Program Files\Sally's Salon
2007-08-26 18:04 <REP> d-------- C:\Program Files\Norton Security Scan
2007-08-26 16:41 <REP> d-------- C:\GameFools
2007-08-24 11:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\SonicStage
2007-08-24 11:34 90,112 --------- C:\WINDOWS\snymsico.dll
2007-08-24 11:34 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2007-08-24 11:34 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2007-08-24 11:34 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2007-08-24 11:34 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2007-08-24 11:33 98,304 --a------ C:\WINDOWS\system32\CddbLangFRSony.dll
2007-08-24 11:33 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2007-08-24 11:33 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2007-08-24 11:33 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2007-08-24 11:33 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2007-08-24 11:33 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2007-08-24 11:33 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-24 11:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Corporation
2007-08-24 11:31 <REP> d-------- C:\Program Files\Sony
2007-08-24 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-08-24 11:30 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Sony Corporation
2007-08-18 14:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-08-13 22:17 31,547 --a------ C:\WINDOWS\system32\drivers\usbiad.sys
2007-08-13 22:17 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
2007-08-13 22:17 <REP> d-------- C:\Program Files\USB Driver-Express
2007-08-13 22:17 <REP> d-------- C:\Program Files\Kit ADSL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 17:41 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\LimeWire
2007-08-28 10:31 --------- d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-24 12:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 12:48 --------- d-------- C:\Program Files\MSN Games
2007-07-31 12:18 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Aliasworlds
2007-07-31 12:14 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\My Games
2007-07-31 11:33 --------- d-------- C:\Program Files\Recyclorama
2007-07-31 11:07 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Ohana Games
2007-07-31 10:54 --------- d-------- C:\Program Files\ReflexiveArcade
2007-07-30 14:57 --------- d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-07-30 11:41 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Sandlot Games
2007-07-30 11:41 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sandlot Games
2007-07-30 11:11 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Oberon Games
2007-07-12 23:38 --------- d-------- C:\Program Files\S3
2007-07-12 22:21 --------- d-------- C:\Program Files\Realtek Sound Manager
2007-07-12 22:21 --------- d-------- C:\Program Files\Realtek AC97
2007-07-12 22:21 --------- d-------- C:\Program Files\AvRack
2007-07-12 22:03 --------- d-------- C:\Program Files\VIA
2007-02-21 17:35 54 --a------ C:\Program Files\delir.gio
2006-11-02 14:06 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-10-20 17:53 25600 --a------ C:\DOCUME~1\PASCAL~1.WAL\usbsermptxp.sys
2006-10-20 17:53 22768 --a------ C:\DOCUME~1\PASCAL~1.WAL\usbsermpt.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-04-11 10:06 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 23:42 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 16:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc]
C:\WINDOWS\system32\rpcc.dll 2007-09-02 18:19 31744 C:\WINDOWS\system32\rpcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=mnmsrvc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pascal Walpole.WALPOLE-OPLHOFP^Menu Démarrer^Programmes^Démarrage^SpeedFan.lnk]
path=C:\Documents and Settings\Pascal Walpole.WALPOLE-OPLHOFP\Menu Démarrer\Programmes\Démarrage\SpeedFan.lnk
backup=C:\WINDOWS\pss\SpeedFan.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\Wibukey.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys


Contents of the 'Scheduled Tasks' folder
2007-08-27 13:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-31 13:04:42 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 21:04:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-04 21:06:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-04 21:06

--- E O F ---

Peux-tu relancer un scan Combofix ?

ComboFix 07-08-30.3 - "Pascal Walpole" 2007-09-04 21:21:02.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.413 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-04 20:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-04 19:48 <REP> d-------- C:\Program Files\Trend Micro
2007-09-03 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-02 18:19 4,096 --a------ C:\WINDOWS\system32\mnmsrvc.dll
2007-09-02 18:19 31,744 --a------ C:\WINDOWS\system32\rpcc.dll
2007-09-02 18:19 15,360 --a------ C:\WINDOWS\zllsputility_loc040c.exe
2007-08-28 10:24 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Pogo Games
2007-08-28 10:16 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\PlayFirst
2007-08-28 10:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PlayFirst
2007-08-26 18:47 <REP> d-------- C:\Program Files\Sally's Salon
2007-08-26 18:04 <REP> d-------- C:\Program Files\Norton Security Scan
2007-08-26 16:41 <REP> d-------- C:\GameFools
2007-08-24 11:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\SonicStage
2007-08-24 11:34 90,112 --------- C:\WINDOWS\snymsico.dll
2007-08-24 11:34 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2007-08-24 11:34 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2007-08-24 11:34 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2007-08-24 11:34 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2007-08-24 11:33 98,304 --a------ C:\WINDOWS\system32\CddbLangFRSony.dll
2007-08-24 11:33 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2007-08-24 11:33 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2007-08-24 11:33 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2007-08-24 11:33 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2007-08-24 11:33 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2007-08-24 11:33 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-24 11:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Corporation
2007-08-24 11:31 <REP> d-------- C:\Program Files\Sony
2007-08-24 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-08-24 11:30 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Sony Corporation
2007-08-18 14:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-08-13 22:17 31,547 --a------ C:\WINDOWS\system32\drivers\usbiad.sys
2007-08-13 22:17 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
2007-08-13 22:17 <REP> d-------- C:\Program Files\USB Driver-Express
2007-08-13 22:17 <REP> d-------- C:\Program Files\Kit ADSL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 17:41 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\LimeWire
2007-08-28 10:31 --------- d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-24 12:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 12:48 --------- d-------- C:\Program Files\MSN Games
2007-07-31 12:18 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Aliasworlds
2007-07-31 12:14 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\My Games
2007-07-31 11:33 --------- d-------- C:\Program Files\Recyclorama
2007-07-31 11:07 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Ohana Games
2007-07-31 10:54 --------- d-------- C:\Program Files\ReflexiveArcade
2007-07-30 14:57 --------- d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-07-30 11:41 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Sandlot Games
2007-07-30 11:41 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sandlot Games
2007-07-30 11:11 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Oberon Games
2007-07-12 23:38 --------- d-------- C:\Program Files\S3
2007-07-12 22:21 --------- d-------- C:\Program Files\Realtek Sound Manager
2007-07-12 22:21 --------- d-------- C:\Program Files\Realtek AC97
2007-07-12 22:21 --------- d-------- C:\Program Files\AvRack
2007-07-12 22:03 --------- d-------- C:\Program Files\VIA
2007-02-21 17:35 54 --a------ C:\Program Files\delir.gio
2006-11-02 14:06 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-10-20 17:53 25600 --a------ C:\DOCUME~1\PASCAL~1.WAL\usbsermptxp.sys
2006-10-20 17:53 22768 --a------ C:\DOCUME~1\PASCAL~1.WAL\usbsermpt.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-04-11 10:06 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 23:42 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 16:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc]
C:\WINDOWS\system32\rpcc.dll 2007-09-02 18:19 31744 C:\WINDOWS\system32\rpcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=mnmsrvc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pascal Walpole.WALPOLE-OPLHOFP^Menu Démarrer^Programmes^Démarrage^SpeedFan.lnk]
path=C:\Documents and Settings\Pascal Walpole.WALPOLE-OPLHOFP\Menu Démarrer\Programmes\Démarrage\SpeedFan.lnk
backup=C:\WINDOWS\pss\SpeedFan.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\Wibukey.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys


Contents of the 'Scheduled Tasks' folder
2007-08-27 13:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-31 13:04:42 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 21:23:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-04 21:25:51
C:\ComboFix-quarantined-files.txt ... 2007-09-04 21:25
C:\ComboFix2.txt ... 2007-09-04 21:06

--- E O F ---

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

ComboFix 07-08-30.3 - "Pascal Walpole" 2007-09-05 16:52:18.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.435 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Pascal Walpole.WALPOLE-OPLHOFP\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\rpcc.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rpcc.dll


((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))


2007-09-04 20:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-04 19:48 <REP> d-------- C:\Program Files\Trend Micro
2007-09-03 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-02 18:19 4,096 --a------ C:\WINDOWS\system32\mnmsrvc.dll
2007-09-02 18:19 15,360 --a------ C:\WINDOWS\zllsputility_loc040c.exe
2007-08-28 10:24 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Pogo Games
2007-08-28 10:16 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\PlayFirst
2007-08-28 10:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PlayFirst
2007-08-26 18:47 <REP> d-------- C:\Program Files\Sally's Salon
2007-08-26 18:04 <REP> d-------- C:\Program Files\Norton Security Scan
2007-08-26 16:41 <REP> d-------- C:\GameFools
2007-08-24 11:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\SonicStage
2007-08-24 11:34 90,112 --------- C:\WINDOWS\snymsico.dll
2007-08-24 11:34 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2007-08-24 11:34 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2007-08-24 11:34 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2007-08-24 11:34 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2007-08-24 11:33 98,304 --a------ C:\WINDOWS\system32\CddbLangFRSony.dll
2007-08-24 11:33 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2007-08-24 11:33 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2007-08-24 11:33 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2007-08-24 11:33 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2007-08-24 11:33 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2007-08-24 11:33 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-24 11:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Corporation
2007-08-24 11:31 <REP> d-------- C:\Program Files\Sony
2007-08-24 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-08-24 11:30 <REP> d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Sony Corporation
2007-08-18 14:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-08-13 22:17 31,547 --a------ C:\WINDOWS\system32\drivers\usbiad.sys
2007-08-13 22:17 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
2007-08-13 22:17 <REP> d-------- C:\Program Files\USB Driver-Express
2007-08-13 22:17 <REP> d-------- C:\Program Files\Kit ADSL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 17:41 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\LimeWire
2007-08-28 10:31 --------- d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-24 12:09 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 12:48 --------- d-------- C:\Program Files\MSN Games
2007-07-31 12:18 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Aliasworlds
2007-07-31 12:14 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\My Games
2007-07-31 11:33 --------- d-------- C:\Program Files\Recyclorama
2007-07-31 11:07 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Ohana Games
2007-07-31 10:54 --------- d-------- C:\Program Files\ReflexiveArcade
2007-07-30 14:57 --------- d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-07-30 11:41 --------- d-------- C:\DOCUME~1\PASCAL~1.WAL\APPLIC~1\Sandlot Games
2007-07-30 11:41 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sandlot G