Rapport Combofix

Bonjour tout le monde,


Je suis très embété depuis quelques temps par de nombreux trojans et virus(?)et je ne sais vraiment plus comment faire pour m'en débarrasser.
J'ai vraiment besoin de votre aide et surtout d'un spécialiste pour me supprimer toutes ces saloperies.
J'ai scanné avec Avira mais il ne me vire pas tout et je ne sais pas précisemment ce que j'ai puisque un nom de trojan ressemble beaucoup à un autre nom de trojan
Je poste ici le rapport Combo.Merci d'avance

----------------------------------------------------------------------------------------------





ComboFix 09-08-10.06 - Laucataxe 12/08/2009 22:09.5.2 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.487 [GMT 2:00]
Running from: c:\documents and settings\Laucataxe\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 19:55 . 2009-08-12 19:55 -------- d-----w- c:\program files\trend micro
2009-08-12 19:55 . 2009-08-12 19:55 -------- d-----w- C:\rsit
2009-08-12 19:34 . 2009-08-12 19:34 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-08-12 09:09 . 2009-08-12 09:09 -------- d-sh--w- c:\documents and settings\Laucataxe\PrivacIE
2009-08-12 09:07 . 2009-08-12 09:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-12 09:07 . 2009-08-12 09:07 -------- d-sh--w- c:\documents and settings\Laucataxe\IETldCache
2009-08-12 07:43 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-12 07:43 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-12 07:43 . 2009-08-12 07:43 -------- d-----w- c:\windows\ie8updates
2009-08-12 07:43 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-12 07:40 . 2009-08-12 07:40 -------- d--h--w- c:\windows\ie8
2009-08-10 20:45 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-10 20:45 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Laucataxe\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-10 20:21 . 2009-08-10 11:15 15360 ----a-w- c:\windows\system32\dllcache\register.exe.REN
2009-08-10 18:59 . 2009-08-10 18:59 -------- d-----w- C:\FindyKill
2009-08-10 16:33 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 16:33 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 16:33 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 16:33 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 16:33 . 2009-08-10 16:33 -------- d-----w- c:\program files\Avira
2009-08-10 16:33 . 2009-08-10 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-10 16:13 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-10 16:13 . 2009-03-06 14:20 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2009-08-10 16:13 . 2009-02-09 11:23 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-08-10 16:13 . 2009-02-09 10:53 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-08-10 16:13 . 2009-02-09 10:53 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-08-10 16:13 . 2009-02-09 10:53 735744 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-10 16:13 . 2009-02-09 10:53 685568 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-08-10 16:13 . 2009-02-09 10:53 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-08-10 16:13 . 2009-02-09 10:53 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-10 16:12 . 2008-12-16 12:31 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-08-10 16:12 . 2008-04-21 21:15 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-10 11:01 . 2009-08-10 11:01 -------- d-----w- c:\windows\BDOSCAN8
2009-08-10 08:44 . 2009-08-10 08:44 -------- d-----w- c:\program files\Alwil Software
2009-08-09 19:10 . 2008-03-30 17:55 1213784 ----a-w- c:\documents and settings\Laucataxe\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-09 19:10 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Laucataxe\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-09 19:10 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Laucataxe\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-09 19:10 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Laucataxe\Application Data\HouseCall 6.6\tsc.exe
2009-08-09 16:00 . 2009-08-09 16:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-09 16:00 . 2009-08-09 16:00 152576 ----a-w- c:\documents and settings\Laucataxe\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-09 15:48 . 2009-08-09 15:48 -------- d-----w- c:\documents and settings\Laucataxe\Application Data\HouseCall 6.6
2009-08-09 15:48 . 2009-08-09 15:48 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-09 10:24 . 2009-08-09 10:24 -------- d-sh--w- C:\FOUND.003

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 11:33 . 2007-06-05 14:54 183356 ----a-w- c:\documents and settings\Laucataxe\Application Data\HouseCall 6.6\Uninstaller.exe
2009-08-10 09:12 . 2006-11-25 16:55 90112 ----a-w- c:\windows\DUMP8e66.tmp
2009-08-09 15:19 . 2006-09-28 14:43 78346 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-09 15:19 . 2006-09-28 14:43 476522 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 07:48 . 2006-11-25 16:55 90112 ----a-w- c:\windows\DUMP7cc2.tmp
2009-07-11 18:17 . 2009-07-11 18:17 -------- d-----w- c:\program files\RIAM Video Enhancer
2009-07-03 16:57 . 2006-01-09 18:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 10:43 . 2009-06-25 10:43 -------- d-----w- c:\documents and settings\Laucataxe\Application Data\GigaTribe
2009-06-25 10:43 . 2009-06-25 10:43 -------- d-----w- c:\program files\GigaTribe
2009-06-16 14:40 . 2004-08-10 03:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-10 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2005-06-29 01:56 1297408 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-14 321344]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7397376]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-11 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 08:10 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ImageMixer HDD Camera Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ImageMixer HDD Camera Monitor.lnk
backup=c:\windows\pss\ImageMixer HDD Camera Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless-G Notebook Adapter Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless-G Notebook Adapter Utility.lnk
backup=c:\windows\pss\Wireless-G Notebook Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Laucataxe^Menu Démarrer^Programmes^Démarrage^GigaTribe.lnk]
path=c:\documents and settings\Laucataxe\Menu Démarrer\Programmes\Démarrage\GigaTribe.lnk
backup=c:\windows\pss\GigaTribe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\eMule\\EMULE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2009 18:33 108289]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [10/10/2006 07:40 1097728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [04/07/2008 19:28 1527900]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lequipe.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.fr/apps/EasyUploadX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 22:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2248)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-08-12 22:14
ComboFix-quarantined-files.txt 2009-08-12 20:14
ComboFix2.txt 2009-08-12 16:52
ComboFix3.txt 2009-08-12 16:38
ComboFix4.txt 2009-08-10 16:31
ComboFix5.txt 2009-08-12 20:08

Pre-Run: 7 145 947 136 octets libres
Post-Run: 7 157 547 008 octets libres

187 --- E O F --- 2009-08-12 07:43

Ce sujet a été déplacé de la catégorie Accès Internet & Réseaux vers la catégorie Sécurité - Virus par Maith