djibril15

Avira AntiVir Personal Report file date: samedi 21 juin 2008 16:59 Scanning for 1349608 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows 2000 Windows version: (Service Pack 4) [5.0.2195] Boot mode: Save mode Username: x1 Computer name: X Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 14:48:18 ANTIVIR3.VDF : 7.0.4.232 250880 Bytes 20/06/2008 14:48:18 Engineversion : 8.1.0.59 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.44 278907 Bytes 21/06/2008 14:48:24 AESCN.DLL : 8.1.0.22 119157 Bytes 21/06/2008 14:48:24 AERDL.DLL : 8.1.0.20 418165 Bytes 21/06/2008 14:48:24 AEPACK.DLL : 8.1.1.6 364918 Bytes 21/06/2008 14:48:22 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 21/06/2008 14:48:22 AEHEUR.DLL : 8.1.0.32 1274231 Bytes 21/06/2008 14:48:22 AEHELP.DLL : 8.1.0.15 115063 Bytes 21/06/2008 14:48:20 AEGEN.DLL : 8.1.0.29 307573 Bytes 21/06/2008 14:48:20 AEEMU.DLL : 8.1.0.6 430451 Bytes 21/06/2008 14:48:20 AECORE.DLL : 8.1.0.31 168310 Bytes 21/06/2008 14:48:20 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 21 juin 2008 16:59 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '19' files ). Starting the file scan: Begin scan in 'C:\' <WIN2KSP4> C:\PAGEFILE.SYS [WARNING] The file could not be opened! C:\15.tmp [0] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.AR.43 [NOTE] The file was moved to '488b17c3.qua'! C:\1B.tmp [0] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.AR.43 [NOTE] The file was moved to '488b17d0.qua'! C:\WINNT\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINNT\system32\drivers\atapi.sys [WARNING] The file could not be opened! C:\WINNT\system32\MRI\btuxderr.exe [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen [NOTE] The file was moved to '48d218c6.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\488b17c3.qua [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\488b17c3.qua [1] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.AR.43 [NOTE] The file was moved to '489519b5.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\488b17d0.qua [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\488b17d0.qua [1] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Proxy.Xorpix.AR.43 [NOTE] The file was moved to '489519b6.qua'! C:\Program Files\backups\backup-20080621-153832-857.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48c01c42.qua'! C:\Temp\reywdl.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.buy.181 [NOTE] The file was moved to '48d61fff.qua'! Begin scan in 'D:\' <COPIE CD> Begin scan in 'E:\' <XAVIER> E:\agof star\Program Files\BWLOAD110.exe [DETECTION] Is the Trojan horse TR/Spy.Ayolog.IY [NOTE] The file was moved to '48a9268e.qua'! E:\agof star\Program Files\Starcraft\BWLOAD110.exe [DETECTION] Is the Trojan horse TR/Spy.Ayolog.IY [NOTE] The file was moved to '48a926a1.qua'! End of the scan: samedi 21 juin 2008 18:27 Used time: 1:27:48 min The scan has been done completely. 4802 Scanning directories 319875 Files were scanned 9 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 9 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 319866 Files not concerned 6964 Archives were scanned 3 Warnings 9 Notes

ComboFix 08-06-20.4 - x1 21/06/2008 16:21:12.2 - FAT32x86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.101 [GMT 2:00] Endroit: C:\Documents and Settings\x1\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\x1\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\2wd42i.exe C:\4hvvgm.exe C:\Temp\jfidoj.exe C:\WINNT\system32\e7op43GB.exe C:\WINNT\system32\L78M2agp.exe C:\WINNT\Tasks\At10.job C:\WINNT\Tasks\At11.job C:\WINNT\Tasks\At12.job C:\WINNT\Tasks\At13.job C:\WINNT\Tasks\At14.job C:\WINNT\Tasks\At15.job C:\WINNT\Tasks\At16.job C:\WINNT\Tasks\At17.job C:\WINNT\Tasks\At18.job C:\WINNT\Tasks\At19.job C:\WINNT\Tasks\At2.job C:\WINNT\Tasks\At20.job C:\WINNT\Tasks\At21.job C:\WINNT\Tasks\At22.job C:\WINNT\Tasks\At23.job C:\WINNT\Tasks\At24.job C:\WINNT\Tasks\At25.job C:\WINNT\Tasks\At26.job C:\WINNT\Tasks\At27.job C:\WINNT\Tasks\At28.job C:\WINNT\Tasks\At29.job C:\WINNT\Tasks\At3.job C:\WINNT\Tasks\At30.job C:\WINNT\Tasks\At31.job C:\WINNT\Tasks\At32.job C:\WINNT\Tasks\At33.job C:\WINNT\Tasks\At34.job C:\WINNT\Tasks\At35.job C:\WINNT\Tasks\At36.job C:\WINNT\Tasks\At37.job C:\WINNT\Tasks\At38.job C:\WINNT\Tasks\At39.job C:\WINNT\Tasks\At4.job C:\WINNT\Tasks\At40.job C:\WINNT\Tasks\At41.job C:\WINNT\Tasks\At42.job C:\WINNT\Tasks\At43.job C:\WINNT\Tasks\At44.job C:\WINNT\Tasks\At45.job C:\WINNT\Tasks\At46.job C:\WINNT\Tasks\At47.job C:\WINNT\Tasks\At48.job C:\WINNT\Tasks\At5.job C:\WINNT\Tasks\At7.job C:\WINNT\Tasks\At8.job C:\WINNT\Tasks\At9.job C:\WINNT\Tasks\Symantec NetDetect.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\2wd42i.exe C:\4hvvgm.exe C:\FOUND.000 C:\FOUND.000\FILE0000.CHK C:\FOUND.001 C:\FOUND.001\FILE0000.CHK C:\FOUND.001\FILE0001.CHK C:\FOUND.001\FILE0002.CHK C:\FOUND.001\FILE0003.CHK C:\FOUND.001\FILE0004.CHK C:\FOUND.002 C:\FOUND.002\FILE0000.CHK C:\FOUND.002\FILE0001.CHK C:\FOUND.002\FILE0002.CHK C:\FOUND.002\FILE0003.CHK C:\FOUND.002\FILE0004.CHK C:\FOUND.002\FILE0005.CHK C:\FOUND.003 C:\FOUND.003\FILE0000.CHK C:\FOUND.004 C:\FOUND.004\FILE0000.CHK C:\FOUND.004\FILE0001.CHK C:\FOUND.004\FILE0002.CHK C:\FOUND.004\FILE0003.CHK C:\FOUND.004\FILE0004.CHK C:\FOUND.005 C:\FOUND.005\FILE0000.CHK C:\FOUND.006 C:\FOUND.006\FILE0000.CHK C:\FOUND.006\FILE0001.CHK C:\Program Files\Symantec C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\DISreboot.exe C:\Program Files\Symantec\LiveUpdate\Lisezmoi.TXT C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE C:\Program Files\Symantec\LiveUpdate\LUALL.EXE C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL C:\Program Files\Symantec\LiveUpdate\ludirloc.dat C:\Program Files\Symantec\LiveUpdate\LUINFO.INF C:\Program Files\Symantec\LiveUpdate\LUInit.exe C:\Program Files\Symantec\LiveUpdate\LUInit.ini C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL C:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL C:\Program Files\Symantec\LiveUpdate\LuResult.txt C:\Program Files\Symantec\LiveUpdate\Lusetup-lt.exe C:\Program Files\Symantec\LiveUpdate\Luupdate.exe C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL C:\Program Files\Symantec\LiveUpdate\ProductRegComPS_2_6.DLL C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL C:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL C:\Program Files\Symantec\LiveUpdate\Settings.Default.LiveUpdate C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL C:\Program Files\thriXXX C:\Program Files\thriXXX\HentaII 3D\Logs\HentaII.log C:\SDFix C:\SDFix\SDFix\apps\assosfix.reg C:\SDFix\SDFix\apps\cliptext.exe C:\SDFix\SDFix\apps\download.exe C:\SDFix\SDFix\apps\dummy.sys C:\SDFix\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\SDFix\apps\ERDNT.E_E C:\SDFix\SDFix\apps\ERDNTDOS.LOC C:\SDFix\SDFix\apps\ERDNTWIN.LOC C:\SDFix\SDFix\apps\ERUNT.EXE C:\SDFix\SDFix\apps\ERUNT.LOC C:\SDFix\SDFix\apps\fix.reg C:\SDFix\SDFix\apps\FixBH.reg C:\SDFix\SDFix\apps\FixComponents.reg C:\SDFix\SDFix\apps\FIXCU.reg C:\SDFix\SDFix\apps\FIXLM.reg C:\SDFix\SDFix\apps\FixPath.exe C:\SDFix\SDFix\apps\FixRedir.reg C:\SDFix\SDFix\apps\FixSchedule.reg C:\SDFix\SDFix\apps\FixWebCheck.reg C:\SDFix\SDFix\apps\fixXP.reg C:\SDFix\SDFix\apps\FixXPsp2.reg C:\SDFix\SDFix\apps\grep.exe C:\SDFix\SDFix\apps\HPFix.reg C:\SDFix\SDFix\apps\HPFix2.reg C:\SDFix\SDFix\apps\HPFix3.reg C:\SDFix\SDFix\apps\HPFix4.reg C:\SDFix\SDFix\apps\HPFix5.reg C:\SDFix\SDFix\apps\HPFix6.reg C:\SDFix\SDFix\apps\HPFix7.reg C:\SDFix\SDFix\apps\HPFix8.reg C:\SDFix\SDFix\apps\HPFix9.reg C:\SDFix\SDFix\apps\isadmin.exe C:\SDFix\SDFix\apps\leg2.txt C:\SDFix\SDFix\apps\legacy.txt C:\SDFix\SDFix\apps\legacybk.txt C:\SDFix\SDFix\apps\locate.com C:\SDFix\SDFix\apps\LS.exe C:\SDFix\SDFix\apps\MD5File.exe C:\SDFix\SDFix\apps\MyGcpvFix.reg C:\SDFix\SDFix\apps\MyGkFix2.reg C:\SDFix\SDFix\apps\Process.exe C:\SDFix\SDFix\apps\procs.exe C:\SDFix\SDFix\apps\psservice.exe C:\SDFix\SDFix\apps\Rem.txt C:\SDFix\SDFix\apps\Rem2.txt C:\SDFix\SDFix\apps\Replace\regedit.exe C:\SDFix\SDFix\apps\Replace\W2K.exe C:\SDFix\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\SDFix\apps\Replace\w2k\null.sys C:\SDFix\SDFix\apps\Replace\XP.exe C:\SDFix\SDFix\apps\Replace\xp\beep.sys C:\SDFix\SDFix\apps\Replace\xp\null.sys C:\SDFix\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\SDFix\apps\RestartIt!.exe C:\SDFix\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\SDFix\apps\sc.exe C:\SDFix\SDFix\apps\sed.exe C:\SDFix\SDFix\apps\SF.exe C:\SDFix\SDFix\apps\shutdown.exe C:\SDFix\SDFix\apps\srv2.txt C:\SDFix\SDFix\apps\srv2bk.txt C:\SDFix\SDFix\apps\svc.txt C:\SDFix\SDFix\apps\svcbk.txt C:\SDFix\SDFix\apps\swreg.exe C:\SDFix\SDFix\apps\swsc.exe C:\SDFix\SDFix\apps\unzip.exe C:\SDFix\SDFix\apps\vfind.exe C:\SDFix\SDFix\apps\WINMSG.EXE C:\SDFix\SDFix\apps\winsec.reg C:\SDFix\SDFix\apps\zip.exe C:\SDFix\SDFix\backups\backupreg.zip C:\SDFix\SDFix\backups\backups.zip C:\SDFix\SDFix\backups\HOSTS C:\SDFix\SDFix\catchme.exe C:\SDFix\SDFix\dummy.sys C:\SDFix\SDFix\Report.txt C:\SDFix\SDFix\RunThis.bat C:\SDFix\SDFix\SDFIX_ReadMe_Online.url C:\SDFix\SDFix\sinowaltest1.txt C:\SDFix\SDFix\W2K_CodecRepair.inf C:\SDFix\SDFix\XP_CodecRepair.inf C:\Temp\jfidoj.exe C:\WINNT\system32\btdgvwfu.dll C:\WINNT\system32\cwcxjaac.dll C:\WINNT\system32\cxbrykgg.dll C:\WINNT\system32\e7op43GB.exe C:\WINNT\system32\pbivrnch.dll C:\WINNT\Tasks\At10.job C:\WINNT\Tasks\At11.job C:\WINNT\Tasks\At12.job C:\WINNT\Tasks\At13.job C:\WINNT\Tasks\At14.job C:\WINNT\Tasks\At15.job C:\WINNT\Tasks\At16.job C:\WINNT\Tasks\At17.job C:\WINNT\Tasks\At18.job C:\WINNT\Tasks\At19.job C:\WINNT\Tasks\At2.job C:\WINNT\Tasks\At20.job C:\WINNT\Tasks\At21.job C:\WINNT\Tasks\At22.job C:\WINNT\Tasks\At23.job C:\WINNT\Tasks\At24.job C:\WINNT\Tasks\At25.job C:\WINNT\Tasks\At26.job C:\WINNT\Tasks\At27.job C:\WINNT\Tasks\At28.job C:\WINNT\Tasks\At29.job C:\WINNT\Tasks\At3.job C:\WINNT\Tasks\At30.job C:\WINNT\Tasks\At31.job C:\WINNT\Tasks\At32.job C:\WINNT\Tasks\At33.job C:\WINNT\Tasks\At34.job C:\WINNT\Tasks\At35.job C:\WINNT\Tasks\At36.job C:\WINNT\Tasks\At37.job C:\WINNT\Tasks\At38.job C:\WINNT\Tasks\At39.job C:\WINNT\Tasks\At4.job C:\WINNT\Tasks\At40.job C:\WINNT\Tasks\At41.job C:\WINNT\Tasks\At42.job C:\WINNT\Tasks\At43.job C:\WINNT\Tasks\At44.job C:\WINNT\Tasks\At45.job C:\WINNT\Tasks\At46.job C:\WINNT\Tasks\At47.job C:\WINNT\Tasks\At48.job C:\WINNT\Tasks\At5.job C:\WINNT\Tasks\At7.job C:\WINNT\Tasks\At8.job C:\WINNT\Tasks\At9.job C:\WINNT\Tasks\Symantec NetDetect.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LADCHKR -------\Service_ladchkr ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))))))) . 2008-06-21 14:14 . 08-06-21 14:14 <DIR> d-------- C:\WINNT\ERUNT 2008-06-21 14:08 . 08-06-21 14:08 1,012,728 ---h----- C:\WINNT\ShellIconCache 2008-06-21 11:02 . 08-06-21 11:02 23,552 --a------ C:\WINNT\system32\normaliz.dll 2008-06-21 10:59 . 99-11-02 00:42 801,072 --a------ C:\WINNT\system32\dllcache\3cpciadi.sys 2008-06-21 10:59 . 99-09-25 07:55 792,176 --a------ C:\WINNT\system32\dllcache\3cisaadi.sys 2008-06-21 10:59 . 99-09-25 07:55 774,928 --a------ C:\WINNT\system32\dllcache\3cisati.sys 2008-06-21 10:59 . 99-09-25 07:55 763,024 --a------ C:\WINNT\system32\dllcache\3cwmcru.sys 2008-06-21 10:59 . 99-12-14 23:27 92,432 --a------ C:\WINNT\system32\dllcache\acq32.dll 2008-06-21 10:59 . 03-06-19 12:05 40,752 --a------ C:\WINNT\system32\dllcache\1394bus.sys 2008-06-21 10:59 . 99-12-14 23:27 38,320 --a------ C:\WINNT\system32\dllcache\8514a.dll 2008-06-21 10:59 . 99-10-07 23:29 22,992 --a------ C:\WINNT\system32\dllcache\15_16wdm.sys 2008-06-21 10:59 . 03-06-19 12:05 10,928 --a------ C:\WINNT\system32\dllcache\4mmdat.sys 2008-06-21 01:29 . 08-06-21 01:29 <DIR> d-------- C:\Program Files\Uniblue 2008-06-21 01:29 . 08-06-21 01:30 <DIR> d-------- C:\Documents and Settings\x1\Application Data\Uniblue 2008-06-17 18:08 . 08-06-17 18:08 <DIR> d-------- C:\WINNT\system32\MRI 2008-06-17 18:07 . 08-06-17 18:07 <DIR> d-------- C:\Temp\itmp4 2008-06-17 18:07 . 08-06-17 18:07 121,637 --a------ C:\Temp\reywdl.exe 2008-06-17 13:33 . 08-06-17 13:33 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-17 11:50 . 08-06-17 11:50 54,156 --ah----- C:\WINNT\QTFont.qfn 2008-06-17 11:50 . 08-06-17 11:50 1,409 --a------ C:\WINNT\QTFont.for 2008-06-15 18:28 . 08-06-15 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-06-15 18:26 . 08-06-15 18:26 <DIR> d-------- C:\Program Files\Perfect Ace Pro Tournament Tennis 2008-06-07 02:58 . 08-06-07 02:58 <DIR> d-------- C:\WINNT\MaxTV - TVU Player Plugin 2008-06-07 02:34 . 08-06-07 02:34 <DIR> d-------- C:\WINNT\MaxTV 2008-06-07 02:34 . 08-06-07 02:34 <DIR> d-------- C:\Program Files\DMV 2008-06-07 02:20 . 08-06-07 02:20 <DIR> d-------- C:\Program Files\adslTV 2008-06-07 01:01 . 08-06-07 01:01 <DIR> d-------- C:\Documents and Settings\x1\Application Data\SecondLife 2008-06-07 00:47 . 08-06-07 00:47 <DIR> d-------- C:\Program Files\Fichiers communs\BOONTY Shared 2008-06-07 00:47 . 08-06-07 00:47 <DIR> d-------- C:\Program Files\BoontyGames 2008-06-07 00:47 . 08-06-07 00:47 <DIR> d-------- C:\Program Files\Boonty 2008-06-01 16:11 . 08-06-01 16:11 <DIR> d-------- C:\Program Files\PDF Editeur 2 2008-06-01 16:11 . 08-06-01 16:11 73,216 --a------ C:\WINNT\cadkasdeinst01f.exe 2008-05-30 15:55 . 08-05-30 15:55 <DIR> d-------- C:\Program Files\MSECache 2008-05-29 17:01 . 08-05-29 17:01 <DIR> d-------- C:\Documents and Settings\x1\Application Data\Babylon 2008-05-29 17:01 . 08-05-29 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 13:36 9,409 ----a-w C:\Program Files\hijackthis.log 2008-06-20 18:06 8 ----a-w C:\.bztarotcumul.dat 2008-06-17 09:50 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2008-06-17 09:50 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2008-06-17 08:17 717,296 ----a-w C:\WINNT\system32\drivers\sptd.sys 2008-05-10 21:16 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR 2007-06-26 16:32 1,308,216 ----a-w C:\Program Files\HiJackThis_v2.exe 2005-08-06 17:51 271 ---h--w C:\Program Files\desktop.ini 2005-08-06 17:51 22,115 ---h--w C:\Program Files\folder.htt 2002-11-04 12:54 3,392 ----a-w C:\WINNT\inf\OTHER\cmiainfo.sys 2001-05-07 22:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys 1998-05-15 14:26 220,160 --sha-w C:\WINNT\system32\LTDIS90n.dll 1998-05-20 15:14 28,672 --sha-w C:\WINNT\system32\lfawd90n.dll 1998-05-15 15:00 33,792 --sha-w C:\WINNT\system32\lfbmp90n.dll 1998-05-18 15:50 27,136 --sha-w C:\WINNT\system32\lfcal90n.dll 1998-05-15 14:59 64,512 --sha-w C:\WINNT\system32\lffax90n.dll 1997-11-21 16:03 338,944 --sha-w C:\WINNT\system32\lffpx7.dll 1998-05-20 15:14 88,576 --sha-w C:\WINNT\system32\lffpx90n.dll 1998-05-15 15:02 39,936 --sha-w C:\WINNT\system32\lfgif90n.dll 1998-05-15 15:03 31,232 --sha-w C:\WINNT\system32\lfpct90n.dll 1998-04-04 18:25 30,720 --sha-w C:\WINNT\system32\lfpcx90n.dll 1998-06-23 08:10 133,632 --sha-w C:\WINNT\system32\lfpng90n.dll 1998-05-18 16:27 29,184 --sha-w C:\WINNT\system32\lfpsd90n.dll 1998-05-15 15:05 118,272 --sha-w C:\WINNT\system32\lftif90n.dll 1998-04-04 18:26 25,600 --sha-w C:\WINNT\system32\lfwfx90n.dll 1998-05-15 15:05 28,672 --sha-w C:\WINNT\system32\lfwmf90n.dll 1998-04-04 18:26 27,648 --sha-w C:\WINNT\system32\lfwpg90n.dll 1998-05-15 14:27 238,592 --sha-w C:\WINNT\system32\ltann90n.dll 1998-04-04 18:22 146,432 --sha-w C:\WINNT\system32\ltefx90n.dll 1998-05-20 15:13 104,448 --sha-w C:\WINNT\system32\ltimg90n.dll 1998-05-20 15:14 38,400 --sha-w C:\WINNT\system32\ltisi90n.dll 1998-06-19 13:44 290,304 --sha-w C:\WINNT\system32\ltkrn90n.dll 1998-04-03 17:01 3,824 --sha-w C:\WINNT\system32\ltthk90w.dll 1998-05-19 16:53 35,328 --sha-w C:\WINNT\system32\lttwn90n.dll 1998-04-03 17:01 45,936 --sha-w C:\WINNT\system32\ltvdd90w.drv 1998-04-29 18:00 58,880 --sha-w C:\WINNT\system32\npplg90N.dll 2008-02-28 11:41 11,740 --sha-w C:\WINNT\system32\KGyGaAvL.sys 2005-08-07 17:29 56 --sh--r C:\WINNT\system32\DC1EBF704E.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WinIcon] @={3CEA8795-5FF0-49F4-9BB3-B9BCE882A11B} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 00:00 20752 C:\WINNT\system32\internat.exe] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [08-04-01 11:39 486856] "RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [07-11-21 17:07 1902592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111888 C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl,CMICtrlWnd" [] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-06-05 12:35 335872] "EM_EXEC"="C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [01-12-20 09:42 35328] "InCD"="C:\ahead\INCD\InCD.exe" [01-12-05 02:42 868352] "SoundMan"="SOUNDMAN.EXE" [02-10-16 18:24 47104 C:\WINNT\SOUNDMAN.EXE] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-04-02 11:17 180269] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 00:00 20752 C:\WINNT\system32\internat.exe] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07-02-09 17:40 171448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 189712] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINNT\system32\drivers\ps6akt6c.sys [07-07-05 17:02 ] R2 BsUDF;InCD UDF Driver;C:\WINNT\system32\drivers\BsUDF.sys [01-12-05 02:30 ] R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 12:05 ] S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINNT\system32\pr2akt6c.exe svc [] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [08-06-07 00:47 ] S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [05-03-23 16:56 ] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINNT\system32\ZDCndis5.SYS [] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-20 22:42:02 C:\WINNT\Tasks\At1.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At6.job" - C:\WINNT\system32\L78M2agp.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 16:25:27 Windows 5.0.2195 Service Pack 4 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-21 16:26:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-21 14:26:44 ComboFix2.txt 2008-06-21 13:49:22 Pre-Run: 6,346,162,176 octets libres Post-Run: 6,343,770,112 octets libres 400

ComboFix 08-06-20.4 - x1 21/06/2008 15:41:38.1 - FAT32x86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.65 [GMT 2:00] Endroit: C:\Documents and Settings\x1\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\x1\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINNT\system32\absqocic.dll C:\WINNT\system32\ngwceogw.dll C:\WINNT\system32\wvUnNggd.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\BM086e29ca.xml C:\WINNT\cookies.ini C:\WINNT\pskt.ini C:\WINNT\smdat32m.sys C:\WINNT\system32\absqocic.dll C:\WINNT\system32\cicoqsba.ini C:\WINNT\system32\dggNnUvw.ini C:\WINNT\system32\dggNnUvw.ini2 C:\WINNT\system32\huqkcuuf.ini C:\WINNT\system32\mcrh.tmp C:\WINNT\system32\MSINET.oca C:\WINNT\system32\ngwceogw.dll C:\WINNT\system32\rltijfht.ini C:\WINNT\system32\tcntaxdm.exe C:\WINNT\system32\wsnpoem C:\WINNT\system32\wsnpoem\00354E5C.uf C:\WINNT\system32\wsnpoem\audio.dll C:\WINNT\system32\wsnpoem\video.dll C:\WINNT\system32\wvUnNggd.dll C:\WINNT\Web\default.htt . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))))))) . 2008-06-21 14:14 . 08-06-21 14:14 <DIR> d-------- C:\WINNT\ERUNT 2008-06-21 14:08 . 08-06-21 14:08 1,012,728 ---h----- C:\WINNT\ShellIconCache 2008-06-21 11:50 . 08-06-21 11:50 <DIR> d-------- C:\SDFix 2008-06-21 11:02 . 08-06-21 11:02 23,552 --a------ C:\WINNT\system32\normaliz.dll 2008-06-21 10:59 . 99-11-02 00:42 801,072 --a------ C:\WINNT\system32\dllcache\3cpciadi.sys 2008-06-21 10:59 . 99-09-25 07:55 792,176 --a------ C:\WINNT\system32\dllcache\3cisaadi.sys 2008-06-21 10:59 . 99-09-25 07:55 774,928 --a------ C:\WINNT\system32\dllcache\3cisati.sys 2008-06-21 10:59 . 99-09-25 07:55 763,024 --a------ C:\WINNT\system32\dllcache\3cwmcru.sys 2008-06-21 10:59 . 99-12-14 23:27 92,432 --a------ C:\WINNT\system32\dllcache\acq32.dll 2008-06-21 10:59 . 03-06-19 12:05 40,752 --a------ C:\WINNT\system32\dllcache\1394bus.sys 2008-06-21 10:59 . 99-12-14 23:27 38,320 --a------ C:\WINNT\system32\dllcache\8514a.dll 2008-06-21 10:59 . 99-10-07 23:29 22,992 --a------ C:\WINNT\system32\dllcache\15_16wdm.sys 2008-06-21 10:59 . 03-06-19 12:05 10,928 --a------ C:\WINNT\system32\dllcache\4mmdat.sys 2008-06-21 10:41 . 08-06-21 10:41 <DIR> d-------- C:\FOUND.006 2008-06-21 01:45 . 08-06-21 01:45 <DIR> d-------- C:\FOUND.005 2008-06-21 01:29 . 08-06-21 01:29 <DIR> d-------- C:\Program Files\Uniblue 2008-06-21 01:29 . 08-06-21 01:30 <DIR> d-------- C:\Documents and Settings\x1\Application Data\Uniblue 2008-06-20 20:18 . 08-06-20 20:18 <DIR> d-------- C:\FOUND.004 2008-06-20 18:35 . 08-06-20 18:35 99,328 --a------ C:\WINNT\system32\cxbrykgg.dll 2008-06-20 18:32 . 08-06-20 18:32 79,872 --a------ C:\WINNT\system32\pbivrnch.dll 2008-06-20 18:29 . 08-06-20 18:29 90,112 --a------ C:\WINNT\system32\cwcxjaac.dll 2008-06-19 19:50 . 08-06-19 19:50 <DIR> d-------- C:\FOUND.003 2008-06-19 18:32 . 08-06-19 18:32 <DIR> d-------- C:\FOUND.002 2008-06-19 18:27 . 08-06-19 18:27 90,112 --a------ C:\WINNT\system32\btdgvwfu.dll 2008-06-18 16:33 . 08-06-18 16:33 <DIR> d-------- C:\FOUND.001 2008-06-18 16:10 . 08-06-18 16:10 <DIR> d-------- C:\FOUND.000 2008-06-17 18:08 . 08-06-17 18:08 <DIR> d-------- C:\WINNT\system32\MRI 2008-06-17 18:07 . 08-06-17 18:07 <DIR> d-------- C:\Temp\itmp4 2008-06-17 18:07 . 08-06-17 18:07 121,637 --a------ C:\Temp\reywdl.exe 2008-06-17 13:33 . 08-06-17 13:33 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-17 13:11 . 08-06-17 13:11 109,056 --a------ C:\2wd42i.exe 2008-06-17 13:11 . 08-06-17 13:11 21,104 --a------ C:\4hvvgm.exe 2008-06-17 11:50 . 08-06-17 11:50 54,156 --ah----- C:\WINNT\QTFont.qfn 2008-06-17 11:50 . 08-06-17 11:50 1,409 --a------ C:\WINNT\QTFont.for 2008-06-16 17:33 . 08-06-16 22:30 35,842 --a------ C:\WINNT\system32\e7op43GB.exe 2008-06-15 18:28 . 08-06-15 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-06-15 18:26 . 08-06-15 18:26 <DIR> d-------- C:\Program Files\Perfect Ace Pro Tournament Tennis 2008-06-15 16:35 . 08-06-15 16:35 29,760 --a------ C:\Temp\jfidoj.exe 2008-06-08 08:50 . 08-06-08 08:50 <DIR> d-------- C:\Program Files\thriXXX 2008-06-07 02:58 . 08-06-07 02:58 <DIR> d-------- C:\WINNT\MaxTV - TVU Player Plugin 2008-06-07 02:34 . 08-06-07 02:34 <DIR> d-------- C:\WINNT\MaxTV 2008-06-07 02:34 . 08-06-07 02:34 <DIR> d-------- C:\Program Files\DMV 2008-06-07 02:20 . 08-06-07 02:20 <DIR> d-------- C:\Program Files\adslTV 2008-06-07 01:01 . 08-06-07 01:01 <DIR> d-------- C:\Documents and Settings\x1\Application Data\SecondLife 2008-06-07 00:47 . 08-06-07 00:47 <DIR> d-------- C:\Program Files\Fichiers communs\BOONTY Shared 2008-06-07 00:47 . 08-06-07 00:47 <DIR> d-------- C:\Program Files\BoontyGames 2008-06-07 00:47 . 08-06-07 00:47 <DIR> d-------- C:\Program Files\Boonty 2008-06-01 16:11 . 08-06-01 16:11 <DIR> d-------- C:\Program Files\PDF Editeur 2 2008-06-01 16:11 . 08-06-01 16:11 73,216 --a------ C:\WINNT\cadkasdeinst01f.exe 2008-05-30 15:55 . 08-05-30 15:55 <DIR> d-------- C:\Program Files\MSECache 2008-05-29 17:01 . 08-05-29 17:01 <DIR> d-------- C:\Documents and Settings\x1\Application Data\Babylon 2008-05-29 17:01 . 08-05-29 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 13:36 9,409 ----a-w C:\Program Files\hijackthis.log 2008-06-20 18:06 8 ----a-w C:\.bztarotcumul.dat 2008-06-17 09:50 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2008-06-17 09:50 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2008-06-17 08:17 717,296 ----a-w C:\WINNT\system32\drivers\sptd.sys 2008-05-10 21:16 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR 2007-06-26 16:32 1,308,216 ----a-w C:\Program Files\HiJackThis_v2.exe 2005-08-06 17:51 271 ---h--w C:\Program Files\desktop.ini 2005-08-06 17:51 22,115 ---h--w C:\Program Files\folder.htt 2002-11-04 12:54 3,392 ----a-w C:\WINNT\inf\OTHER\cmiainfo.sys 2001-05-07 22:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys 1998-05-15 14:26 220,160 --sha-w C:\WINNT\system32\LTDIS90n.dll 1998-05-20 15:14 28,672 --sha-w C:\WINNT\system32\lfawd90n.dll 1998-05-15 15:00 33,792 --sha-w C:\WINNT\system32\lfbmp90n.dll 1998-05-18 15:50 27,136 --sha-w C:\WINNT\system32\lfcal90n.dll 1998-05-15 14:59 64,512 --sha-w C:\WINNT\system32\lffax90n.dll 1997-11-21 16:03 338,944 --sha-w C:\WINNT\system32\lffpx7.dll 1998-05-20 15:14 88,576 --sha-w C:\WINNT\system32\lffpx90n.dll 1998-05-15 15:02 39,936 --sha-w C:\WINNT\system32\lfgif90n.dll 1998-05-15 15:03 31,232 --sha-w C:\WINNT\system32\lfpct90n.dll 1998-04-04 18:25 30,720 --sha-w C:\WINNT\system32\lfpcx90n.dll 1998-06-23 08:10 133,632 --sha-w C:\WINNT\system32\lfpng90n.dll 1998-05-18 16:27 29,184 --sha-w C:\WINNT\system32\lfpsd90n.dll 1998-05-15 15:05 118,272 --sha-w C:\WINNT\system32\lftif90n.dll 1998-04-04 18:26 25,600 --sha-w C:\WINNT\system32\lfwfx90n.dll 1998-05-15 15:05 28,672 --sha-w C:\WINNT\system32\lfwmf90n.dll 1998-04-04 18:26 27,648 --sha-w C:\WINNT\system32\lfwpg90n.dll 1998-05-15 14:27 238,592 --sha-w C:\WINNT\system32\ltann90n.dll 1998-04-04 18:22 146,432 --sha-w C:\WINNT\system32\ltefx90n.dll 1998-05-20 15:13 104,448 --sha-w C:\WINNT\system32\ltimg90n.dll 1998-05-20 15:14 38,400 --sha-w C:\WINNT\system32\ltisi90n.dll 1998-06-19 13:44 290,304 --sha-w C:\WINNT\system32\ltkrn90n.dll 1998-04-03 17:01 3,824 --sha-w C:\WINNT\system32\ltthk90w.dll 1998-05-19 16:53 35,328 --sha-w C:\WINNT\system32\lttwn90n.dll 1998-04-03 17:01 45,936 --sha-w C:\WINNT\system32\ltvdd90w.drv 1998-04-29 18:00 58,880 --sha-w C:\WINNT\system32\npplg90N.dll 2008-02-28 11:41 11,740 --sha-w C:\WINNT\system32\KGyGaAvL.sys 2005-08-07 17:29 56 --sh--r C:\WINNT\system32\DC1EBF704E.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WinIcon] @={3CEA8795-5FF0-49F4-9BB3-B9BCE882A11B} [HKEY_CLASSES_ROOT\CLSID\{3CEA8795-5FF0-49F4-9BB3-B9BCE882A11B}] C:\WINNT\System32\bsdeff32.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 00:00 20752 C:\WINNT\system32\internat.exe] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [08-04-01 11:39 486856] "RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [07-11-21 17:07 1902592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111888 C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl,CMICtrlWnd" [] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-06-05 12:35 335872] "EM_EXEC"="C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [01-12-20 09:42 35328] "InCD"="C:\ahead\INCD\InCD.exe" [01-12-05 02:42 868352] "SoundMan"="SOUNDMAN.EXE" [02-10-16 18:24 47104 C:\WINNT\SOUNDMAN.EXE] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-04-02 11:17 180269] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 00:00 20752 C:\WINNT\system32\internat.exe] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07-02-09 17:40 171448] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 189712] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINNT\system32\drivers\ps6akt6c.sys [07-07-05 17:02 ] R2 BsUDF;InCD UDF Driver;C:\WINNT\system32\drivers\BsUDF.sys [01-12-05 02:30 ] R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 12:05 ] S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINNT\system32\pr2akt6c.exe svc [] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [08-06-07 00:47 ] S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [05-03-23 16:56 ] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINNT\system32\ZDCndis5.SYS [] S4 ladchkr;ladchkr;C:\WINNT\system32\ladchkr.exe [] *Newly Created Service* - IPNAT *Newly Created Service* - RASAUTO *Newly Created Service* - SHAREDACCESS . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-21 11:21:58 C:\WINNT\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2008-06-20 22:42:02 C:\WINNT\Tasks\At1.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 23:00:02 C:\WINNT\Tasks\At2.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-21 00:00:26 C:\WINNT\Tasks\At3.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-21 01:00:02 C:\WINNT\Tasks\At4.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At5.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At6.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At7.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At8.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At9.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At10.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-15 14:36:18 C:\WINNT\Tasks\At11.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-21 09:00:02 C:\WINNT\Tasks\At12.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-21 10:00:02 C:\WINNT\Tasks\At13.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-21 11:00:02 C:\WINNT\Tasks\At14.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-21 12:00:04 C:\WINNT\Tasks\At15.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-21 13:00:02 C:\WINNT\Tasks\At16.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 14:00:00 C:\WINNT\Tasks\At17.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 15:00:02 C:\WINNT\Tasks\At18.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 16:00:02 C:\WINNT\Tasks\At19.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 17:00:02 C:\WINNT\Tasks\At20.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 18:00:02 C:\WINNT\Tasks\At21.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 19:00:02 C:\WINNT\Tasks\At22.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 20:00:00 C:\WINNT\Tasks\At23.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 21:00:02 C:\WINNT\Tasks\At24.job" - C:\WINNT\system32\L78M2agp.exe "2008-06-20 22:10:12 C:\WINNT\Tasks\At25.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 23:00:12 C:\WINNT\Tasks\At26.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-21 00:15:58 C:\WINNT\Tasks\At27.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-21 01:22:10 C:\WINNT\Tasks\At28.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-16 15:33:20 C:\WINNT\Tasks\At29.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-16 15:33:20 C:\WINNT\Tasks\At30.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-16 15:33:20 C:\WINNT\Tasks\At31.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-16 15:33:20 C:\WINNT\Tasks\At32.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-16 15:33:20 C:\WINNT\Tasks\At33.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-16 15:33:20 C:\WINNT\Tasks\At34.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-16 15:33:20 C:\WINNT\Tasks\At35.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-21 12:42:38 C:\WINNT\Tasks\At36.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-21 10:00:12 C:\WINNT\Tasks\At37.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-21 11:00:12 C:\WINNT\Tasks\At38.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-21 12:00:20 C:\WINNT\Tasks\At39.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-21 13:00:02 C:\WINNT\Tasks\At40.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 14:00:12 C:\WINNT\Tasks\At41.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 15:00:12 C:\WINNT\Tasks\At42.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 16:00:12 C:\WINNT\Tasks\At43.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 17:00:12 C:\WINNT\Tasks\At44.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 18:00:12 C:\WINNT\Tasks\At45.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 23:05:30 C:\WINNT\Tasks\At46.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 20:00:12 C:\WINNT\Tasks\At47.job" - C:\WINNT\system32\e7op43GB.exe "2008-06-20 21:00:12 C:\WINNT\Tasks\At48.job" - C:\WINNT\system32\e7op43GB.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 15:47:11 Windows 5.0.2195 Service Pack 4 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-21 15:49:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-21 13:49:16 Pre-Run: 6,206,357,504 octets libres Post-Run: 6,340,755,456 octets libres 284

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 14:44:55 Windows 5.0.2195 Service Pack 4 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:20:03, on 21/06/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\internat.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe D:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\e7op43GB.exe C:\Program Files\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: {6fe0bdb0-b1bb-79cb-c094-a3da8c3b98c6} - {6c89b3c8-ad3a-490c-bc97-bb1b0bdb0ef6} - C:\WINNT\system32\ngwceogw.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: (no name) - {E8B80CE4-882E-4DE4-B94C-7E7E1C47B832} - C:\WINNT\system32\wvUnNggd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [0b5d1a56] rundll32.exe "C:\WINNT\system32\absqocic.dll",b O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{E9085E86-4F1B-4D62-952B-986D631BB992}: NameServer = 193.252.19.3,193.252.19.4 O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINNT\system32\pr2akt6c.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Schedule - Unknown owner - C:\WINNT\system32\MSTask.exe O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe O24 - Desktop Component 0: (no name) - file:///E:/Mes%20documents/Mes%20images/610_hp.jpg -- End of file - 9996 bytes

ok SDFix: Version 1.195 Run by x1 on sam. 21/06/2008 at 14:19 Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\SDFix\SDFix Checking Services : Name : {DEF85C80-216A-43ab-AF70-1665EDBE2780} Path : \??\C:\WINNT\TEMP\88.tmp {DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINNT\system32\vtUlMgfF.dll - Deleted C:\14.TMP - Deleted C:\19.TMP - Deleted C:\1A.TMP - Deleted C:\1F.TMP - Deleted C:\20.TMP - Deleted C:\Temp\1cb\syscheck.log - Deleted C:\WINNT\system32\goc\vbashcom3.exe - Deleted C:\WINNT\system32\netrax01\netrax011065.exe - Deleted C:\Documents and Settings\x1\win.exe - Deleted C:\WINNT\system32\cssrss.exe - Deleted C:\WINNT\system32\msnav32.ax - Deleted C:\WINNT\system32\pac.txt - Deleted C:\WINNT\Temp\ed47fa.$ - Deleted Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer or CureIt by Dr.Web Could Not Remove C:\WINNT\Temp\bca4e2da.$$$ Could Not Remove C:\WINNT\Temp\fa56d7ec.$$$ Folder C:\Temp\1cb - Removed Folder C:\WINNT\system32\ert - Removed Folder C:\WINNT\system32\goc - Removed Folder C:\WINNT\system32\netrax01 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 14:44:55 Windows 5.0.2195 Service Pack 4 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Remaining Files : C:\WINNT\Temp\bca4e2da.$$$ Found C:\WINNT\Temp\fa56d7ec.$$$ Found File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 19 Jun 2003 164,112 A.SH. --- "C:\WINNT\system32\OLEPRO32.DLL" Thu 19 Jun 2003 143,632 A.SH. --- "C:\WINNT\system32\ASYCFILT.DLL" Thu 19 Jun 2003 3,856 A.SH. --- "C:\WINNT\system32\COMCAT.DLL" Mon 22 May 1995 640,512 A.SH. --- "C:\WINNT\system32\OC30.DLL" Tue 11 Jul 1995 24,576 A.SH. --- "C:\WINNT\system32\AWCODC32.DLL" Tue 11 Jul 1995 6,144 A.SH. --- "C:\WINNT\system32\AWDCXC32.DLL" Thu 16 Nov 1995 11,776 A.SH. --- "C:\WINNT\system32\AWDENC32.DLL" Tue 11 Jul 1995 26,624 A.SH. --- "C:\WINNT\system32\AWRESX32.DLL" Mon 9 Oct 1995 10,240 A.SH. --- "C:\WINNT\system32\AWVIEW32.DLL" Sat 4 Apr 1998 24,576 A.SH. --- "C:\WINNT\system32\LFAVI90N.DLL" Fri 15 May 1998 235,008 A.SH. --- "C:\WINNT\system32\LFCMP90n.DLL" Wed 24 Jun 1998 237,568 A.SH. --- "C:\WINNT\system32\LFDIC90N.DLL" Sat 4 Apr 1998 31,232 A.SH. --- "C:\WINNT\system32\LFEPS90N.DLL" Fri 15 May 1998 46,592 A.SH. --- "C:\WINNT\system32\LFICA90N.DLL" Sat 4 Apr 1998 27,136 A.SH. --- "C:\WINNT\system32\LFIMG90N.DLL" Tue 30 Sep 1997 122,880 A.SH. --- "C:\WINNT\system32\LFKODAK.DLL" Sat 4 Apr 1998 35,840 A.SH. --- "C:\WINNT\system32\LFLMA90N.DLL" Sat 4 Apr 1998 31,232 A.SH. --- "C:\WINNT\system32\LFLMB90N.DLL" Sat 4 Apr 1998 25,600 A.SH. --- "C:\WINNT\system32\LFMAC90N.DLL" Sat 4 Apr 1998 26,112 A.SH. --- "C:\WINNT\system32\LFMSP90N.DLL" Sat 4 Apr 1998 26,624 A.SH. --- "C:\WINNT\system32\LFPCD90N.DLL" Sat 4 Apr 1998 26,112 A.SH. --- "C:\WINNT\system32\LFRAS90N.DLL" Sat 4 Apr 1998 28,160 A.SH. --- "C:\WINNT\system32\LFTGA90N.DLL" Fri 15 May 1998 220,160 A.SH. --- "C:\WINNT\system32\LTDIS90n.dll" Mon 18 May 1998 145,920 A.SH. --- "C:\WINNT\system32\LTDLG90N.DLL" Mon 29 Jun 1998 43,520 A.SH. --- "C:\WINNT\system32\LTNET90N.DLL" Wed 20 May 1998 148,480 A.SH. --- "C:\WINNT\system32\LTVID90N.DLL" Wed 20 May 1998 28,672 A.SH. --- "C:\WINNT\system32\lfawd90n.dll" Fri 15 May 1998 33,792 A.SH. --- "C:\WINNT\system32\lfbmp90n.dll" Mon 18 May 1998 27,136 A.SH. --- "C:\WINNT\system32\lfcal90n.dll" Fri 15 May 1998 64,512 A.SH. --- "C:\WINNT\system32\lffax90n.dll" Fri 21 Nov 1997 338,944 A.SH. --- "C:\WINNT\system32\lffpx7.dll" Wed 20 May 1998 88,576 A.SH. --- "C:\WINNT\system32\lffpx90n.dll" Fri 15 May 1998 39,936 A.SH. --- "C:\WINNT\system32\lfgif90n.dll" Fri 15 May 1998 31,232 A.SH. --- "C:\WINNT\system32\lfpct90n.dll" Sat 4 Apr 1998 30,720 A.SH. --- "C:\WINNT\system32\lfpcx90n.dll" Tue 23 Jun 1998 133,632 A.SH. --- "C:\WINNT\system32\lfpng90n.dll" Mon 18 May 1998 29,184 A.SH. --- "C:\WINNT\system32\lfpsd90n.dll" Fri 15 May 1998 118,272 A.SH. --- "C:\WINNT\system32\lftif90n.dll" Sat 4 Apr 1998 25,600 A.SH. --- "C:\WINNT\system32\lfwfx90n.dll" Fri 15 May 1998 28,672 A.SH. --- "C:\WINNT\system32\lfwmf90n.dll" Sat 4 Apr 1998 27,648 A.SH. --- "C:\WINNT\system32\lfwpg90n.dll" Fri 15 May 1998 238,592 A.SH. --- "C:\WINNT\system32\ltann90n.dll" Sat 4 Apr 1998 146,432 A.SH. --- "C:\WINNT\system32\ltefx90n.dll" Tue 23 Jun 1998 99,328 A.SH. --- "C:\WINNT\system32\ltfil90n.DLL" Wed 20 May 1998 104,448 A.SH. --- "C:\WINNT\system32\ltimg90n.dll" Wed 20 May 1998 38,400 A.SH. --- "C:\WINNT\system32\ltisi90n.dll" Fri 19 Jun 1998 290,304 A.SH. --- "C:\WINNT\system32\ltkrn90n.dll" Fri 3 Apr 1998 3,824 A.SH. --- "C:\WINNT\system32\ltthk90w.dll" Tue 19 May 1998 35,328 A.SH. --- "C:\WINNT\system32\lttwn90n.dll" Wed 29 Apr 1998 58,880 A.SH. --- "C:\WINNT\system32\npplg90N.dll" Thu 28 Feb 2008 11,740 A.SH. --- "C:\WINNT\system32\KGyGaAvL.sys" Sun 7 Aug 2005 56 ..SHR --- "C:\WINNT\system32\DC1EBF704E.sys" Thu 19 Jun 2003 626,960 A.SH. --- "C:\WINNT\system32\OLEAUT32.DLL" Fri 17 Mar 2006 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak" Fri 17 Mar 2006 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak" Mon 15 Aug 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 12 Mar 2006 49,152 ..SH. --- "C:\Documents and Settings\x1\Bureau\Setup0.exe" Sun 12 Mar 2006 5,632 ..SH. --- "C:\Documents and Settings\x1\Bureau\Hook2.dll" Sun 12 Mar 2006 6,900,082 ..SH. --- "C:\Documents and Settings\x1\Bureau\Setup1.exe" Sun 12 Mar 2006 49,152 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINNT\system32\ladchkr.exe" Sun 12 Mar 2006 49,152 A.SH. --- "C:\_OTMoveIt\MovedFiles\WINNT\system32\adchkr.exe" Wed 20 Sep 2006 19,456 ...H. --- "C:\Documents and Settings\x1\Application Data\Microsoft\Word\~WRL0003.tmp" Finished!

Bonjour, Voila mon Pc est pas très en forme en ce moment...Pourriez vous m'aider un coup de main à le nettoyer Merci Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:12:47, on 21/06/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINNT\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\internat.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe D:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\e7op43GB.exe C:\WINNT\system32\msiexec.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6A898493-8788-4DF7-A864-622AB664659C} - C:\WINNT\system32\wvUnNggd.dll O2 - BHO: {6fe0bdb0-b1bb-79cb-c094-a3da8c3b98c6} - {6c89b3c8-ad3a-490c-bc97-bb1b0bdb0ef6} - C:\WINNT\system32\ngwceogw.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - C:\WINNT\system32\vtUlMgfF.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [0b5d1a56] rundll32.exe "C:\WINNT\system32\absqocic.dll",b O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{E9085E86-4F1B-4D62-952B-986D631BB992}: NameServer = 193.252.19.3,193.252.19.4 O20 - Winlogon Notify: vtUlMgfF - C:\WINNT\SYSTEM32\vtUlMgfF.dll O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINNT\system32\pr2akt6c.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Schedule - Unknown owner - C:\WINNT\system32\MSTask.exe O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe O24 - Desktop Component 0: (no name) - file:///E:/Mes%20documents/Mes%20images/610_hp.jpg Merci

ca a l'air d'aller Merci

KASPERSKY ONLINE SCANNER REPORT Sunday, July 29, 2007 7:25:53 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 29/07/2007 Kaspersky Anti-Virus database records: 346589 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ Scan Statistics Total number of scanned objects 104192 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 00:39:59 Infected Object Name Virus Name Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_688.dat Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\XAVIER\NTUSER.DAT Object is locked skipped C:\Documents and Settings\XAVIER\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\XAVIER\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\XAVIER\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\XAVIER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\XAVIER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\XAVIER\Cookies\index.dat Object is locked skipped C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP218\change.log Object is locked skipped C:\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.

G perdu le log de spy sweeper... Logfile of HijackThis v1.99.1 Scan saved at 17:03:32, on 20/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Alwil Software\Avast4\aswUpdSv.exe C:\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\sistray.exe C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Alwil Software\Avast4\ashMaiSv.exe C:\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [siSPower] "Rundll32.exe" SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE" O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" O4 - HKLM\..\Run: [avast!] C:\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F795B75D-D1EB-4C2E-B27D-D2215983EB87}: NameServer = 193.252.19.3,193.252.19.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Clean Navipromo version 2.0.5 commencé le 20/07/2007 à 15:36:57,92 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO Mode suppression par méthode manuelle Nom du fichier saisi : dbylnno *** Recherche, Creation backups et suppression *** C:\WINDOWS\system32\dbylnno_navup.dat absent ! C:\WINDOWS\system32\dbylnno_navtmp.dat absent ! C:\WINDOWS\system32\dbylnno_m2s.xml absent ! C:\WINDOWS\System32\dbylnno.exe trouvé ! Copie C:\WINDOWS\system32\dbylnno.exe réalise avec succes ! C:\WINDOWS\system32\dbylnno.exe supprimé ! C:\WINDOWS\System32\dbylnno.dat trouvé ! Copie C:\WINDOWS\system32\dbylnno.dat réalise avec succes ! C:\WINDOWS\system32\dbylnno.dat supprimé ! C:\WINDOWS\System32\dbylnno_nav.dat trouvé ! Copie C:\WINDOWS\system32\dbylnno_nav.dat réalise avec succes ! C:\WINDOWS\system32\dbylnno_nav.dat supprimé ! C:\WINDOWS\System32\dbylnno_navps.dat trouvé ! Copie C:\WINDOWS\system32\dbylnno_navps.dat réalise avec succes ! C:\WINDOWS\system32\dbylnno_navps.dat supprimé ! C:\WINDOWS\prefetch\dbylnno*.pf trouvé ! Copie C:\WINDOWS\prefetch\dbylnno*.pf réalise avec succes ! C:\WINDOWS\prefetch\dbylnno*.pf supprimé ! *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\WebMediaPlayer ...suppression... C:\Program Files\WebMediaPlayer supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\XAVIER\Application Data *** *** Suppression fichiers *** C:\DOCUME~1\XAVIER\Bureau\WebMediaPlayer.lnk supprimé ! C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\XAVIER\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * ** *** **** ***** ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! 4)Certificats : Certificat Egroup supprimé ! *** Nettoyage termine le 20/07/2007 à 15:40:17,98 *** J'avais oublié le nouveau rapport hijack Logfile of HijackThis v1.99.1 Scan saved at 15:43:07, on 20/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Alwil Software\Avast4\aswUpdSv.exe C:\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Alwil Software\Avast4\setup\avast.setup C:\Acer\eManager\anbmServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Alwil Software\Avast4\ashMaiSv.exe C:\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [avast!] C:\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F795B75D-D1EB-4C2E-B27D-D2215983EB87}: NameServer = 193.252.19.3,193.252.19.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

Voila --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 15:20:10 20/07/2007 + Résultat de l'analyse: C:\Documents and Settings\XAVIER\Cookies\xavier@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@2.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@3.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@www.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@3.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@connextra[1].txt -> TrackingCookie.Connextra : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@ie.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@edge.ru4[1].txt -> TrackingCookie.Ru4 : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@try.starware[1].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@h.starware[1].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@try.starware[1].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@yadro[3].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\XAVIER\Local Settings\Temp\Cookies\xavier@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\XAVIER\Cookies\xavier@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport 07/20/07 15:25:13 [info]: BlackLight Engine 1.0.64 initialized 07/20/07 15:25:13 [info]: OS: 5.1 build 2600 (Service Pack 2) 07/20/07 15:25:13 [Note]: 7019 4 07/20/07 15:25:13 [Note]: 7005 0 07/20/07 15:25:31 [Note]: 7006 0 07/20/07 15:25:31 [Note]: 7011 1660 07/20/07 15:25:33 [Note]: 7026 0 07/20/07 15:25:33 [Note]: 7026 0 07/20/07 15:25:33 [Note]: 7024 3 07/20/07 15:25:33 [info]: Hidden process: C:\windows\system32\dbylnno.exe 07/20/07 15:25:35 [Note]: FSRAW library version 1.7.1022 07/20/07 15:25:57 [info]: Hidden file: C:\windows\system32\dbylnno.exe 07/20/07 15:25:58 [info]: Hidden file: c:\WINDOWS\SYSTEM32\DBYLNNO.DAT 07/20/07 15:25:59 [info]: Hidden file: c:\WINDOWS\SYSTEM32\DBYLNN~1.DAT 07/20/07 15:26:00 [info]: Hidden file: c:\WINDOWS\SYSTEM32\DBYLNN~2.DAT 07/20/07 15:26:02 [Note]: 2000 1012 07/20/07 15:26:02 [Note]: 2000 1012 07/20/07 15:26:20 [Note]: 7007 0

Bonjour, voila tout est dans le titre Logfile of HijackThis v1.99.1 Scan saved at 13:12:40, on 20/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Alwil Software\Avast4\aswUpdSv.exe C:\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe C:\Alwil Software\Avast4\ashMaiSv.exe C:\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\uTorrent\utorrent.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [avast!] C:\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F795B75D-D1EB-4C2E-B27D-D2215983EB87}: NameServer = 193.252.19.3,193.252.19.4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe Merci d'avance

Merci je vais faire ca des que possible

Diaghelp DiagHelp version v1.1.2 - http://www.malekal.com excute le mer. 27/06/2007 à 14:12:44,81 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINNT\System32/drivers\sptd.sys -->26/06/2007 15:24:46 C:\WINNT\System32/drivers\aswmon.sys -->30/04/2007 17:41:56 C:\WINNT\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42 C:\WINNT\System32/drivers\aswRdr.sys -->30/04/2007 17:39:42 C:\WINNT\System32/drivers\aswTdi.sys -->30/04/2007 17:38:52 C:\WINNT\System32/drivers\aavmker4.sys -->30/04/2007 17:37:24 C:\WINNT\System32/drivers\vaxscsi.sys -->28/10/2006 18:18:36 C:\WINNT\System32\Perflib_Perfdata_2a8.dat -->26/06/2007 18:20:00 C:\WINNT\System32\win_4.exe -->26/06/2007 18:03:18 C:\WINNT\System32\d3d9caps.dat -->22/06/2007 17:33:44 C:\WINNT\System32\Perflib_Perfdata_298.dat -->17/06/2007 00:38:40 C:\WINNT\System32\CONFIG.NT -->16/06/2007 23:55:56 C:\WINNT\System32\aswBoot.exe -->30/04/2007 17:46:10 C:\WINNT\System32\AvastSS.scr -->30/04/2007 17:35:28 C:\WINNT\System32\FNTCACHE.DAT -->25/03/2007 16:16:20 C:\WINNT\System32\Perflib_Perfdata_49c.dat -->01/01/2007 14:01:34 C:\WINNT\System32\Perflib_Perfdata_4d8.dat -->03/11/2006 09:47:38 C:\WINNT\System32\ws718479.ocx -->27/10/2006 14:45:20 C:\WINNT\System32\ansi.cfg -->23/08/2006 12:16:26 C:\WINNT\System32\Perflib_Perfdata_440.dat -->16/08/2006 12:05:08 C:\WINNT\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat -->16/08/2006 00:00:36 C:\WINNT\System32\SpoonUninstall.exe -->16/08/2006 00:00:36 C:\WINNT\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.bmp -->16/08/2006 00:00:28 C:\WINNT\System32\Perflib_Perfdata_454.dat -->13/08/2006 21:07:58 C:\WINNT\System32\SpoonUninstall-dBpowerAMP Music Converter.dat -->13/08/2006 14:01:58 C:\WINNT\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp -->13/08/2006 14:01:30 C:\WINNT\System32\Perflib_Perfdata_44c.dat -->05/08/2006 16:30:14 C:\WINNT\System32\hosts -->15/07/2006 10:11:56 C:\WINNT\System32\CmdLineExt.dll -->27/06/2006 18:26:00 C:\WINNT\System32\cdral.dll -->24/06/2006 22:37:10 C:\WINNT\System32\cdrtc.dll -->24/06/2006 22:37:10 C:\WINNT\System32\KGyGaAvL.sys -->14/05/2006 12:59:54 C:\WINNT\ntbtlog.txt -->27/06/2007 14:03:28 C:\WINNT\SchedLgU.Txt -->27/06/2007 13:41:52 C:\WINNT\ShellIconCache -->27/06/2007 13:41:46 C:\WINNT\tarot.cfg -->26/06/2007 20:35:06 C:\WINNT\setupapi.log -->26/06/2007 15:37:26 C:\WINNT\QTFont.qfn -->26/06/2007 13:56:46 C:\WINNT\ModemLog_AMI-CW52 V.92 PCI Modem.txt -->23/06/2007 01:26:12 C:\WINNT\QTFont.for -->17/06/2007 20:33:24 C:\WINNT\LUINSTALL.LOG -->17/06/2007 00:02:46 C:\WINNT\maplev4.ini -->08/06/2007 23:44:34 C:\WINNT\gotouninstall.exe -->26/05/2007 20:02:02 C:\WINNT\win.ini -->25/04/2007 20:38:36 C:\WINNT\wmsetup.log -->07/04/2007 20:03:18 C:\WINNT\DirectX.log -->18/02/2007 18:18:00 C:\WINNT\sierra.ini -->01/01/2007 18:43:54 Le volume dans le lecteur C s'appelle WIN2KSP4 Le numéro de série du volume est 0B5D-1AF9 Répertoire de C:\WINNT\system32 19/06/2003 12:05 5 392 CSRSS.EXE 1 fichier(s) 5 392 octets 0 Rép(s) 1 691 926 528 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle WIN2KSP4 Le numéro de série du volume est 0B5D-1AF9 Répertoire de C:\WINNT\Downloaded Program Files 06/08/2005 19:51 <DIR> . 06/08/2005 19:51 <DIR> .. 06/08/2005 21:03 65 desktop.ini 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 30/06/2003 22:41 1 689 WMV9VCM.inf 14/08/2005 00:26 113 664 MsnMessengerSetupDownloader.ocx 30/06/2005 15:19 227 MsnMessengerSetupDownloader.inf 05/09/2001 04:21 159 744 iSetup.exe 05/09/2001 04:22 24 576 iSetup.dll 05/09/2001 04:22 411 isetup.inf 27/03/2006 13:00 5 019 swflash.inf 04/03/2005 12:11 2 371 wmvadvd.inf 25/06/2006 12:50 1 793 erma.inf 02/11/2005 18:07 435 712 xscan53.ocx 02/11/2005 18:01 1 777 xscan.inf 14 fichier(s) 748 907 octets Total des fichiers listés : 14 fichier(s) 748 907 octets 2 Rép(s) 1 691 926 528 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\DOCUME~1\\x1\\LOCALS~1\\Temp\\winB.tmp.exe"="C:\\DOCUME~1\\x1\\LOCALS~1\\Temp\\winB.tmp.exe:*:Enabled:winB.tmp" "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-27 14:13:17 Windows 5.0.2195 Service Pack 4 FAT NTAPI scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitInListHead and KiWaitOutListHead 8 - System 188 - cmd.exe 236 - smss.exe 260 - csrss.exe 280 - winlogon.exe 304 - ashWebSv.exe 308 - services.exe 320 - lsass.exe 572 - svchost.exe 596 - spoolsv.exe 648 - aswUpdSv.exe 680 - ashServ.exe 696 - CDAC11BA.EXE 728 - svchost.exe 744 - guard.exe 864 - IEXPLORE.EXE 888 - MSTask.exe 924 - regsvc.exe 1020 - stisvc.exe 1064 - WinMgmt.exe 1076 - mspmspsv.exe 1088 - svchost.exe 1172 - Explorer.EXE 1192 - ashMaiSv.exe 1356 - atiptaxx.exe 1388 - EM_EXEC.EXE 1424 - IEXPLORE.EXE 1480 - wkcalrem.exe 1504 - SOUNDMAN.EXE 1524 - InCD.exe 1536 - realsched.exe 1544 - ashDisp.exe 1564 - internat.exe 1592 - WinCinemaMgr.ex 1628 - WLANUTL.exe Total number of processes = 35 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 80400000 - \WINNT\System32\ntoskrnl.exe 80062000 - \WINNT\System32\hal.dll ED410000 - \WINNT\System32\BOOTVID.DLL BFF18000 - sptd.sys BFF05000 - \WINNT\System32\Drivers\SCSIPORT.SYS BFEDD000 - a347bus.sys ED000000 - isapnp.sys BFEB5000 - ACPI.sys ED5C8000 - \WINNT\System32\DRIVERS\WMILIB.SYS ED010000 - pci.sys ED5C9000 - pciide.sys ED280000 - \WINNT\System32\DRIVERS\PCIIDEX.SYS ED288000 - MountMgr.sys BFE98000 - ftdisk.sys ED500000 - Diskperf.sys ED502000 - dmload.sys BFE76000 - dmio.sys ED414000 - PartMgr.sys ED504000 - viaide.sys BFE60000 - ED506000 - a347scsi.sys ED290000 - disk.sys ED020000 - \WINNT\System32\DRIVERS\CLASSPNP.SYS ED298000 - PxHelp20.sys BFE3D000 - Fastfat.sys BFE2B000 - KSecDD.sys BFE01000 - NDIS.sys ED2A0000 - viaagp1.sys BFDEE000 - sfvfs02.sys ED2A8000 - sfhlp02.sys ED508000 - sfhlp01.sys BFDDC000 - sfdrv01.sys ED50A000 - prosync1.sys BFDC0000 - prohlp02.sys BFDAA000 - Mup.sys ED050000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS BFCA5000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys ED060000 - \SystemRoot\System32\DRIVERS\SOAR.SYS BFC94000 - \SystemRoot\System32\DRIVERS\basic2.sys ED070000 - \SystemRoot\System32\DRIVERS\rksample.sys BFBE7000 - \SystemRoot\System32\DRIVERS\AmosNt.SYS BFC0D000 - \SystemRoot\System32\DRIVERS\HSF_CNXT.sys ED2F0000 - \SystemRoot\System32\Drivers\Modem.SYS ED310000 - \SystemRoot\System32\DRIVERS\USBD.SYS ED2F8000 - \SystemRoot\System32\DRIVERS\uhcd.sys BFBC5000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS ED320000 - \SystemRoot\System32\DRIVERS\usbehci.sys ED330000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys ED080000 - \SystemRoot\System32\Drivers\Cdr4_2K.SYS ED348000 - \SystemRoot\System32\DRIVERS\cdrom.sys ED358000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS BFA9A000 - \SystemRoot\system32\drivers\KS.SYS BFABA000 - \SystemRoot\system32\drivers\portcls.sys BFADF000 - \SystemRoot\system32\drivers\ALCXWDM.SYS ED090000 - \SystemRoot\System32\DRIVERS\fetnd5b.sys ED380000 - \SystemRoot\System32\DRIVERS\fdc.sys ED0A0000 - \SystemRoot\System32\DRIVERS\serial.sys ED4D4000 - \SystemRoot\System32\DRIVERS\serenum.sys ED398000 - \SystemRoot\System32\DRIVERS\parport.sys ED0B0000 - \SystemRoot\System32\DRIVERS\i8042prt.sys ED0C0000 - \SystemRoot\System32\DRIVERS\L8042pr2.sys ED0D0000 - \SystemRoot\System32\DRIVERS\lmouflt2.sys ED3B8000 - \SystemRoot\System32\DRIVERS\mouclass.sys ED516000 - \SystemRoot\System32\DRIVERS\lkbdflt2.sys ED3C8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys ED5D8000 - \SystemRoot\System32\DRIVERS\audstub.sys ED0E0000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys ED4E4000 - \SystemRoot\System32\DRIVERS\ndistapi.sys BFA83000 - \SystemRoot\System32\DRIVERS\ndiswan.sys ED4F4000 - \SystemRoot\System32\DRIVERS\TDI.SYS ED0F0000 - \SystemRoot\System32\DRIVERS\raspptp.sys ED3E8000 - \SystemRoot\System32\DRIVERS\ptilink.sys ED3F8000 - \SystemRoot\System32\DRIVERS\raspti.sys ED100000 - \SystemRoot\System32\DRIVERS\parallel.sys ED5D9000 - \SystemRoot\System32\DRIVERS\swenum.sys BFA58000 - \SystemRoot\System32\DRIVERS\update.sys BFD86000 - \SystemRoot\system32\drivers\MODEMCSA.sys ED140000 - \SystemRoot\System32\DRIVERS\usbhub.sys ED150000 - \SystemRoot\System32\DRIVERS\usbhub20.sys ED2B8000 - \SystemRoot\System32\DRIVERS\flpydisk.sys ED170000 - \SystemRoot\System32\Drivers\NDProxy.SYS B78E6000 - \SystemRoot\system32\DRIVERS\WlanUZ2K.sys ED2E0000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS ED2C8000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS BFD52000 - \SystemRoot\System32\DRIVERS\hidusb.sys ED51E000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS ED5DD000 - \SystemRoot\System32\Drivers\Null.SYS ED5DE000 - \SystemRoot\System32\Drivers\Beep.SYS BFD3E000 - \SystemRoot\System32\drivers\vga.sys ED5DF000 - \SystemRoot\System32\Drivers\mnmdd.SYS ED318000 - \SystemRoot\System32\Drivers\Msfs.SYS ED180000 - \SystemRoot\System32\Drivers\Npfs.SYS ED526000 - \SystemRoot\System32\DRIVERS\rasacd.sys B7874000 - \SystemRoot\System32\DRIVERS\tcpip.sys ED190000 - \SystemRoot\System32\DRIVERS\msgpc.sys ED1A0000 - \SystemRoot\System32\Drivers\aswTdi.SYS ED350000 - \SystemRoot\System32\DRIVERS\wanarp.sys B784A000 - \SystemRoot\System32\DRIVERS\netbt.sys ED1B0000 - \SystemRoot\System32\DRIVERS\netbios.sys B781F000 - \SystemRoot\System32\DRIVERS\rdbss.sys B77F9000 - \SystemRoot\System32\drivers\prodrv06.sys B7792000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys ED5E0000 - \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ED370000 - \SystemRoot\System32\Drivers\Aavmker4.SYS ED5E1000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS B7754000 - \SystemRoot\System32\Drivers\dump_atapi.sys A0000000 - \??\C:\WINNT\system32\win32k.sys B7706000 - \SystemRoot\System32\ati2dvag.dll B7637000 - \SystemRoot\System32\ati3d1ag.dll B74D2000 - \SystemRoot\System32\Drivers\BsUDF.SYS B7464000 - \SystemRoot\System32\drivers\afd.sys ED54C000 - \SystemRoot\System32\Drivers\ParVdm.SYS B735F000 - \SystemRoot\System32\Drivers\aswMon.SYS B7482000 - \??\C:\WINNT\system32\drivers\CdaC15BA.SYS ED552000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys B72FD000 - \SystemRoot\system32\drivers\wdmaud.sys B75AF000 - \SystemRoot\system32\drivers\sysaudio.sys B71C6000 - \SystemRoot\System32\DRIVERS\fallback.sys B73EC000 - \SystemRoot\System32\Drivers\Fips.SYS B7184000 - \SystemRoot\System32\DRIVERS\fsksnt.sys B7124000 - \SystemRoot\System32\DRIVERS\k56nt.sys B7098000 - \SystemRoot\System32\DRIVERS\srv.sys B7070000 - \??\C:\WINNT\system32\drivers\SECDRV.SYS B6F9F000 - \SystemRoot\System32\DRIVERS\faxnt.sys B7A06000 - \SystemRoot\System32\DRIVERS\tonesnt.sys B6ED7000 - \SystemRoot\System32\DRIVERS\v124nt.sys B740C000 - \SystemRoot\System32\Drivers\Cdfs.SYS B6FD0000 - \SystemRoot\System32\DRIVERS\ipsec.sys B6E33000 - \SystemRoot\System32\Drivers\aswRdr.SYS B6BC5000 - \??\C:\WINNT\system32\ZDPNDIS5.SYS ED5E2000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 131 Le volume dans le lecteur C s'appelle WIN2KSP4 Le numéro de série du volume est 0B5D-1AF9 Répertoire de C:\Program Files 06/08/2005 19:43 <DIR> . 06/08/2005 19:43 <DIR> .. 19/02/2006 18:17 <DIR> Acclaim 26/10/2005 19:52 <DIR> Activision 18/08/2005 20:46 <DIR> Adaptec 07/08/2005 19:48 <DIR> AIDA32 - Enterprise System Information 07/08/2005 19:02 <DIR> Alcohol Soft 28/01/2006 20:20 <DIR> A-Ray Scanner 06/08/2005 20:20 <DIR> ATI Technologies 16/06/2007 23:55 <DIR> Avast4 08/08/2005 13:09 <DIR> AvRack 04/07/2006 00:52 <DIR> backups 24/09/2005 13:43 <DIR> Bethesda Softworks 09/08/2005 00:43 <DIR> BzTarot 18/08/2005 12:57 <DIR> CDex_150 15/04/2007 23:35 <DIR> CFWebAdvancedU_BOBTV.FR 06/08/2005 19:51 <DIR> ComPlus Applications 06/08/2005 20:30 <DIR> CONEXANT 27/04/2006 23:14 <DIR> CueClub 22/10/2005 18:20 <DIR> Cyanide 13/08/2006 14:01 <DIR> dBpowerAMP 24/10/2005 16:33 <DIR> directx 07/08/2005 19:29 <DIR> DivX 25/12/2005 19:45 <DIR> EA Sports 26/02/2006 00:21 <DIR> EACOM 28/01/2006 18:25 <DIR> Eidos Interactive 17/03/2006 17:40 <DIR> eMule 11/03/2006 20:09 <DIR> ETAJV PC 23/08/2006 18:42 <DIR> ewido anti-spyware 4.0 06/08/2005 19:43 <DIR> Fichiers communs 10/08/2005 13:16 <DIR> FIFA 2005 12/02/2007 17:33 <DIR> Game Graphic Studio 07/08/2005 19:29 <DIR> Google 26/05/2007 20:02 <DIR> GOTO.games 02/10/2005 00:06 218 112 HijackThis.exe 25/08/2006 15:13 6 908 hijackthis.log 12/03/2006 13:33 <DIR> InstantTouch 11/11/2006 17:59 <DIR> IntelliTamper 06/08/2005 19:51 <DIR> Internet Explorer 11/03/2006 22:41 <DIR> Jarkanoid 3 31/12/2006 16:27 <DIR> KONAMI 07/08/2005 19:28 <DIR> Lavasoft 04/09/2005 15:53 <DIR> Mars 06/08/2005 19:52 <DIR> microsoft frontpage 07/08/2005 15:25 <DIR> Microsoft Visual Studio 19/11/2005 17:16 <DIR> mp3DirectCut 04/09/2005 14:52 <DIR> MSN Apps 04/09/2005 14:49 <DIR> MSN Messenger 07/08/2005 15:34 <DIR> MSPress 08/08/2005 20:47 <DIR> NBA LIVE 2004 06/08/2005 19:51 <DIR> NetMeeting 06/08/2005 19:51 <DIR> Outlook Express 30/09/2006 14:42 <DIR> PDFCreator 08/08/2005 03:48 <DIR> Pool 'm Up 02/10/2005 18:15 <DIR> QuickTime 02/04/2006 11:17 <DIR> Real 08/08/2005 13:09 <DIR> Realtek Sound Manager 21/04/2007 19:39 <DIR> ReflexiveArcade 05/07/2006 11:28 <DIR> SAGEM 09/08/2005 13:51 <DIR> Sierra On-Line 29/04/2006 14:32 <DIR> SlySoft 07/08/2005 15:29 <DIR> Snapshot Viewer 07/08/2005 19:30 <DIR> Spybot - Search & Destroy 07/08/2005 15:45 <DIR> Symantec 15/10/2006 17:07 <DIR> TI Education 30/06/2006 20:33 <DIR> Ubisoft 05/11/2005 18:49 <DIR> UNO Freeware 11/03/2006 19:01 <DIR> Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter 27/10/2006 10:41 <DIR> uTorrent 06/08/2005 20:09 <DIR> VIA Technologies, Inc 15/08/2005 14:08 <DIR> Warcraft III 18/06/2007 19:48 <DIR> Webtarot 07/08/2005 19:31 <DIR> Winamp 06/08/2005 19:51 <DIR> Windows Media Player 06/08/2005 19:50 <DIR> Windows NT 26/06/2007 15:07 <DIR> WinISO 07/08/2005 19:32 <DIR> WinRAR 21/04/2007 17:47 <DIR> Zylom Games 2 fichier(s) 225 020 octets 76 Rép(s) 1 691 320 320 octets libres Le volume dans le lecteur C s'appelle WIN2KSP4 Le numéro de série du volume est 0B5D-1AF9 Répertoire de C:\Program Files\fichiers communs 06/08/2005 19:43 <DIR> . 06/08/2005 19:43 <DIR> .. 06/08/2005 19:43 <DIR> Microsoft Shared 06/08/2005 19:43 <DIR> ODBC 06/08/2005 19:51 <DIR> System 06/08/2005 19:51 <DIR> Services 06/08/2005 20:19 <DIR> InstallShield 06/08/2005 20:34 <DIR> Logitech 06/08/2005 20:37 <DIR> Adobe 20/12/2005 21:28 <DIR> Macrovision Shared 07/08/2005 15:25 <DIR> Designer 29/12/2005 19:55 <DIR> DirectX 02/04/2006 11:17 <DIR> Real 07/08/2005 15:45 <DIR> Symantec Shared 02/04/2006 11:17 <DIR> xing shared 24/06/2006 22:37 <DIR> Adaptec Shared 14/08/2005 01:06 <DIR> NSV 0 fichier(s) 0 octets 17 Rép(s) 1 691 828 224 octets libres Le volume dans le lecteur C s'appelle WIN2KSP4 Le numéro de série du volume est 0B5D-1AF9 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 06/08/2005 19:55 <DIR> . 06/08/2005 19:55 <DIR> .. 14/02/2001 14:36 127 033 MSOWS40c.DLL 03/06/1999 19:09 122 937 MSOWS409.DLL 18/03/1999 05:37 593 977 RAGENT.DLL 01/03/2002 00:03 561 209 MSONSEXT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 1 691 828 224 octets libres Le volume dans le lecteur C s'appelle WIN2KSP4 Le numéro de série du volume est 0B5D-1AF9 Répertoire de C:\ 26/06/2007 18:20 99 072 nkwncvkg1.exe 26/06/2007 18:21 11 060 xx1232255.exe 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 4 fichier(s) 281 652 octets 0 Rép(s) 1 691 828 224 octets libres c:\Documents and Settings\x1\Bureau\antivir-personal-edition-7_antivir_personal_edition_classic_7_6.34.01.11_version_win_9x_anglais_10821.exe c:\Documents and Settings\x1\Bureau\csv15full.exe c:\Documents and Settings\x1\Bureau\ewido-setup_4.0.0.172c.exe c:\Documents and Settings\x1\Bureau\fifa[1].07.fr.exe c:\Documents and Settings\x1\Bureau\FlashFXP_34_Setup.exe c:\Documents and Settings\x1\Bureau\HiJackThis_v2.exe c:\Documents and Settings\x1\Bureau\Install_PCM_Patch_15R.exe c:\Documents and Settings\x1\Bureau\OTMoveIt.exe c:\Documents and Settings\x1\Bureau\SDFix.exe c:\Documents and Settings\x1\Bureau\setup.exe c:\Documents and Settings\x1\Bureau\Setup0.exe c:\Documents and Settings\x1\Bureau\Setup1.exe c:\Documents and Settings\x1\Bureau\TXCSetup_1Beta6_31.exe c:\Documents and Settings\x1\Bureau\WINISO53.EXE c:\Documents and Settings\x1\Bureau\Ball Racer\Ball Racer.exe c:\Documents and Settings\x1\Bureau\jeux\3d_petanque_unlimited_share.exe c:\Documents and Settings\x1\Bureau\jeux\airhockey.exe c:\Documents and Settings\x1\Bureau\jeux\cc_patch.exe c:\Documents and Settings\x1\Bureau\jeux\cueclub.exe c:\Documents and Settings\x1\Bureau\jeux\volleyballf.exe c:\Documents and Settings\x1\Bureau\jeux\arkanoid\Arkanoid.exe c:\Documents and Settings\x1\Bureau\jeux\volt\406taxi.exe c:\Documents and Settings\x1\Bureau\jeux\volt\AMCO_TT.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Canyon Run.exe c:\Documents and Settings\x1\Bureau\jeux\volt\clioV6.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Colorado Speedway.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Dirt Crossing.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Glacier Cliffs 2.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Glacier Cliffs.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Grand Prix De Morvan.exe c:\Documents and Settings\x1\Bureau\jeux\volt\gtsr.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Hockenheimring.exe c:\Documents and Settings\x1\Bureau\jeux\volt\Keew.exe c:\Documents and Settings\x1\Bureau\jeux\volt\LamCountach.exe c:\Documents and Settings\x1\Bureau\jeux\volt\M3.exe c:\Documents and Settings\x1\Bureau\jeux\volt\RGVT500.exe c:\Documents and Settings\x1\Bureau\jeux\volt\taxi2.exe c:\Documents and Settings\x1\Bureau\jeux\volt\ToyTruckUSA.exe c:\Documents and Settings\x1\Bureau\jeux\volt\YamahaR1.exe c:\Documents and Settings\x1\Bureau\jeux\blob\volley.exe c:\Documents and Settings\x1\Bureau\SDFix\catchme.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\download.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\FixPath.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\moveex.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\Process.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\shutdown.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\x1\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\x1\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\x1\Bureau\SDFix\backups\find.exe c:\Documents and Settings\x1\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\x1\Bureau\SDFix\backups\regedit.exe c:\Documents and Settings\x1\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\x1\Bureau\DiagHelp\diff.exe c:\Documents and Settings\x1\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\x1\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\x1\Bureau\DiagHelp\find2.exe c:\Documents and Settings\x1\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\x1\Bureau\DiagHelp\grep.exe c:\Documents and Settings\x1\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\x1\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\x1\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\x1\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\x1\Bureau\DiagHelp\streams.exe c:\Documents and Settings\x1\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\x1\Bureau\tabs\Arkanoid_2000_1.7.exe c:\Documents and Settings\x1\Bureau\tabs\GP4DEMO_FR.EXE c:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\gbobwfyx.exe c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll c:\Documents and Settings\x1\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVG5}\xmlparse.dll ****** Fin du rapport DiagHelp SDfix SDFix: Version 1.88 Run by x1 on mer. 27/06/2007 at 14:04 Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\DOCUME~1\x1\Bureau\SDFix Safe Mode: Checking Services: Name: Driver runtime ImagePath: \??\C:\WINNT\system32\nso12k.sys \??\C:\WINNT\System32\drivers\runtime.sys Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\DOCUME~1\x1\LOCALS~1\Temp\winF.tmp.exe - Deleted C:\WINNT\system32\3_exception.nls - Deleted C:\WINNT\system32\cssrss.exe - Deleted C:\WINNT\system32\nso12k.sys - Deleted Removing Temp Files... ADS Check: Checking C:\WINNT C:\WINNT No streams found. Checking C:\WINNT\system32 C:\WINNT\system32 No streams found. Checking C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe No streams found. Checking C:\WINNT\system32\ntoskrnl.exe C:\WINNT\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\x1\Bureau\SDFix\backups\backups.zip Listing Files with Hidden Attributes: C:\WINNT\system32\OLEPRO32.DLL C:\WINNT\system32\ASYCFILT.DLL C:\WINNT\system32\COMCAT.DLL C:\WINNT\system32\PCDLIB32.DLL C:\WINNT\system32\OC30.DLL C:\WINNT\system32\AWCODC32.DLL C:\WINNT\system32\AWDCXC32.DLL C:\WINNT\system32\AWDENC32.DLL C:\WINNT\system32\AWRESX32.DLL C:\WINNT\system32\AWVIEW32.DLL C:\WINNT\system32\LFAVI90N.DLL C:\WINNT\system32\LFCMP90n.DLL C:\WINNT\system32\LFDIC90N.DLL C:\WINNT\system32\LFEPS90N.DLL C:\WINNT\system32\LFICA90N.DLL C:\WINNT\system32\LFIMG90N.DLL C:\WINNT\system32\LFKODAK.DLL C:\WINNT\system32\LFLMA90N.DLL C:\WINNT\system32\LFLMB90N.DLL C:\WINNT\system32\LFMAC90N.DLL C:\WINNT\system32\LFMSP90N.DLL C:\WINNT\system32\LFPCD90N.DLL C:\WINNT\system32\LFRAS90N.DLL C:\WINNT\system32\LFTGA90N.DLL C:\WINNT\system32\LTDIS90n.dll C:\WINNT\system32\LTDLG90N.DLL C:\WINNT\system32\LTNET90N.DLL C:\WINNT\system32\LTVID90N.DLL C:\WINNT\system32\lfawd90n.dll C:\WINNT\system32\lfbmp90n.dll C:\WINNT\system32\lfcal90n.dll C:\WINNT\system32\lffax90n.dll C:\WINNT\system32\lffpx7.dll C:\WINNT\system32\lffpx90n.dll C:\WINNT\system32\lfgif90n.dll C:\WINNT\system32\lfpct90n.dll C:\WINNT\system32\lfpcx90n.dll C:\WINNT\system32\lfpng90n.dll C:\WINNT\system32\lfpsd90n.dll C:\WINNT\system32\lftif90n.dll C:\WINNT\system32\lfwfx90n.dll C:\WINNT\system32\lfwmf90n.dll C:\WINNT\system32\lfwpg90n.dll C:\WINNT\system32\ltann90n.dll C:\WINNT\system32\ltefx90n.dll C:\WINNT\system32\ltfil90n.DLL C:\WINNT\system32\ltimg90n.dll C:\WINNT\system32\ltisi90n.dll C:\WINNT\system32\ltkrn90n.dll C:\WINNT\system32\ltthk90w.dll C:\WINNT\system32\lttwn90n.dll C:\WINNT\system32\npplg90N.dll C:\WINNT\system32\OLEAUT32.DLL C:\Documents and Settings\x1\Bureau\Hook2.dll C:\WINNT\system32\win_4.exe C:\Documents and Settings\x1\Bureau\Setup0.exe C:\Documents and Settings\x1\Bureau\Setup1.exe C:\_OTMoveIt\MovedFiles\WINNT\system32\ladchkr.exe C:\_OTMoveIt\MovedFiles\WINNT\system32\adchkr.exe C:\WINNT\system32\KGyGaAvL.sys C:\WINNT\system32\DC1EBF704E.sys C:\Documents and Settings\x1\Application Data\Microsoft\Word\~WRL0003.tmp Listing User Accounts: Administrateur Invit‚ x1 XAVIER La commande s'est termin‚e correctement. Finished _OtMoveit C:\WINNT\avp.exe moved successfully. C:\WINNT\mgrs.exe moved successfully. C:\WINNT\system32\ladchkr.exe moved successfully. C:\WINNT\system32\adchkr.exe moved successfully. DllUnregisterServer procedure not found in C:\WINNT\SYSTEM32\winjks32.dll C:\WINNT\SYSTEM32\winjks32.dll NOT unregistered. C:\WINNT\SYSTEM32\winjks32.dll moved successfully. C:\Documents and Settings\All Users\Application Data\gbobwfyx.exe moved successfully. Created on 06/27/2007 13:40:28 Hijack Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:17:21, on 27/06/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINNT\Explorer.EXE C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\WINNT\system32\internat.exe C:\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\x1\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sC2] C:\WINNT\system32\scchk32.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E55000F0-7373-47C3-9B1E-A8497D12413F}: NameServer = 193.252.19.3,193.252.19.4 O20 - Winlogon Notify: winjks32 - winjks32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ladchkr - Unknown owner - C:\WINNT\system32\ladchkr.exe (file missing) O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe -- End of file - 9628 bytes

qui peut m'aider svp

Bonjour, je soupconne l'existence de malware. Pourriez vous m'aider a les éradiquer. MERCI d'avance. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:35:09, on 26/06/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINNT\Explorer.EXE C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\WINNT\avp.exe C:\Documents and Settings\All Users\Application Data\gbobwfyx.exe C:\WINNT\mgrs.exe C:\WINNT\system32\internat.exe C:\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\x1\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\Run: [Ads checker] adchkr.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avp] C:\WINNT\avp.exe O4 - HKLM\..\Run: [gbobwfyx.exe] C:\Documents and Settings\All Users\Application Data\gbobwfyx.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E55000F0-7373-47C3-9B1E-A8497D12413F}: NameServer = 193.252.19.3,193.252.19.4 O20 - Winlogon Notify: winjks32 - C:\WINNT\SYSTEM32\winjks32.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ladchkr - Unknown owner - C:\WINNT\system32\ladchkr.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\System32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe Merci encore

ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 15:11:37 25/08/2006 + Scan result: C:\WINNT\system32\Hook2.dll -> Logger.Agent.ln : Cleaned with backup (quarantined). C:\Documents and Settings\x1\Cookies\x1@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\x1\Cookies\x1@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\x1\Cookies\x1@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\x1\Cookies\x1@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\x1\Cookies\x1@www.belstat[2].txt -> TrackingCookie.Belstat : Cleaned. C:\Documents and Settings\x1\Cookies\x1@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned. C:\Documents and Settings\x1\Cookies\x1@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\x1\Cookies\x1@cliks[2].txt -> TrackingCookie.Cliks : Cleaned. C:\Documents and Settings\x1\Cookies\x1@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\x1\Cookies\x1@com[2].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\x1\Cookies\x1@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned. C:\Documents and Settings\x1\Cookies\x1@estat[1].txt -> TrackingCookie.Estat : Cleaned. C:\Documents and Settings\x1\Cookies\x1@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\x1\Cookies\x1@need2find[2].txt -> TrackingCookie.Need2find : Cleaned. C:\Documents and Settings\x1\Cookies\x1@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\x1\Cookies\x1@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned. C:\Documents and Settings\x1\Cookies\x1@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\x1\Cookies\x1@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\x1\Cookies\x1@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\x1\Cookies\x1@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\x1\Cookies\x1@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\x1\Cookies\x1@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 15:13:19, on 25/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\regsvc.exe C:\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINNT\system32\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINNT\system32\internat.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ladchkr - Unknown owner - C:\WINNT\system32\ladchkr.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Que puis je optimiser svp

Log d'antivir Report file date: mercredi 23 août 2006 10:54 Jobname: 'Manual Selection' Scanning for 343586 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows 2000 Windows version: (Service Pack 4) [5.0.2195] Version informations: AVSCAN.EXE : 7.0.0.30 536616 21/03/2006 13:48:30 AVSCAN.DLL : 7.0.0.30 40488 21/03/2006 13:48:30 LUKE.DLL : 7.0.0.30 114728 21/03/2006 13:48:30 LUKERES.DLL : 7.0.0.30 25600 21/03/2006 13:48:30 ANTIVIR0.VDF : 6.32.0.60 4323840 27/03/2006 09:11:46 ANTIVIR1.VDF : 6.34.0.11 1424384 27/03/2006 09:11:48 ANTIVIR2.VDF : 6.34.0.75 207872 27/03/2006 09:11:48 ANTIVIR3.VDF : 6.34.0.102 57856 27/03/2006 09:11:50 AVEWIN32.DLL : 7.0.0.3 1167872 28/02/2006 16:06:46 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:02 AVREP.DLL : 6.34.0.100 2461736 27/03/2006 09:11:50 AVPACK32.DLL : 6.33.0.6 331816 09/01/2006 09:03:38 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:50 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:50 Start of the scan: mercredi 23 août 2006 10:54 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 32 files ). Starting the file scan: C:\PAGEFILE.SYS [WARNING] The file could not be opened! C:\WINNT\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINNT\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINNT\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINNT\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINNT\system32\config\SYSTEM.ALT [WARNING] The file could not be opened! C:\WINNT\system32\config\SAM [WARNING] The file could not be opened! C:\WINNT\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINNT\system32\config\SYSTEM [WARNING] The file could not be opened! C:\WINNT\system32\config\SOFTWARE [WARNING] The file could not be opened! C:\WINNT\system32\config\DEFAULT [WARNING] The file could not be opened! C:\WINNT\system32\drivers\atapi.sys [WARNING] The file could not be opened! C:\Documents and Settings\x1\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\x1\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\x1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\x1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! End of the scan: mercredi 23 août 2006 11:49 Used time: 54:28 min The scan has been done completely. 3292 Scanning directories 165467 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 5734 Archives were scanned 33 Warnings 0 Notes HIJACK Logfile of HijackThis v1.99.1 Scan saved at 12:48:26, on 23/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\regsvc.exe C:\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINNT\system32\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINNT\system32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\explorer.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe O4 - HKLM\..\Run: [Ads checker] adchkr.exe O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E55000F0-7373-47C3-9B1E-A8497D12413F}: NameServer = 193.252.19.3,193.252.19.4 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\system32\vbsys2.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ladchkr - Unknown owner - C:\WINNT\system32\ladchkr.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

G fait le pré nettoyage avant de poster

Bonsoir Voila j'ai des petits problèmes pas grave assez récurrents...Qu'est qu'il faudrait que je nettoie ici deja svp? Merci Logfile of HijackThis v1.99.1 Scan saved at 00:25:41, on 22/08/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\regsvc.exe C:\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINNT\SOUNDMAN.EXE C:\WINNT\system32\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINNT\system32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\WINNT\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe O4 - HKLM\..\Run: [Ads checker] adchkr.exe O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Winlogin] E:\Mes documents\Temp\svchost.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\system32\vbsys2.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ladchkr - Unknown owner - C:\WINNT\system32\ladchkr.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe Encore merci d'avance

Voici mon log Logfile of HijackThis v1.99.1 Scan saved at 22:53:21, on 07/05/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\regsvc.exe C:\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\ahead\INCD\InCD.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINNT\SOUNDMAN.EXE C:\WINNT\system32\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\WINNT\system32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Mes documents\Temp\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\Documents and Settings\x1\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.firstload.de/affiliate/log.php?log=12790 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.firstload.de/affiliate/log.php?log=12790 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 212.202.37.32 google.ae O1 - Hosts: 212.202.37.32 googel.ae O1 - Hosts: 212.202.37.32 gogle.ae O1 - Hosts: 212.202.37.32 googl.ae O1 - Hosts: 212.202.37.32 gogel.ae O1 - Hosts: 212.202.37.32 gogl.ae O1 - Hosts: 212.202.37.32 wwwgoogel.ae O1 - Hosts: 212.202.37.32 wwwgogle.ae O1 - Hosts: 212.202.37.32 wwwgoogl.ae O1 - Hosts: 212.202.37.32 wwwgogl.ae O1 - Hosts: 212.202.37.32 www-googel.ae O1 - Hosts: 212.202.37.32 www-gogle.ae O1 - Hosts: 212.202.37.32 www-googl.ae O1 - Hosts: 212.202.37.32 www-gogl.ae O1 - Hosts: 212.202.37.32 www-gogel.ae O1 - Hosts: 212.202.37.32 www-google.ae O1 - Hosts: 212.202.37.32 www.google.ae O1 - Hosts: 212.202.37.32 www.googel.ae O1 - Hosts: 212.202.37.32 www.gogle.ae O1 - Hosts: 212.202.37.32 www.googl.ae O1 - Hosts: 212.202.37.32 www.gogel.ae O1 - Hosts: 212.202.37.32 www.gogl.ae O1 - Hosts: 212.202.37.32 google.as O1 - Hosts: 212.202.37.32 googel.as O1 - Hosts: 212.202.37.32 gogle.as O1 - Hosts: 212.202.37.32 googl.as O1 - Hosts: 212.202.37.32 gogel.as O1 - Hosts: 212.202.37.32 gogl.as O1 - Hosts: 212.202.37.32 wwwgoogel.as O1 - Hosts: 212.202.37.32 wwwgogle.as O1 - Hosts: 212.202.37.32 wwwgoogl.as O1 - Hosts: 212.202.37.32 wwwgogl.as O1 - Hosts: 212.202.37.32 www-googel.as O1 - Hosts: 212.202.37.32 www-gogle.as O1 - Hosts: 212.202.37.32 www-googl.as O1 - Hosts: 212.202.37.32 www-gogl.as O1 - Hosts: 212.202.37.32 www-gogel.as O1 - Hosts: 212.202.37.32 www-google.as O1 - Hosts: 212.202.37.32 www.google.as O1 - Hosts: 212.202.37.32 www.googel.as O1 - Hosts: 212.202.37.32 www.gogle.as O1 - Hosts: 212.202.37.32 www.googl.as O1 - Hosts: 212.202.37.32 www.gogel.as O1 - Hosts: 212.202.37.32 www.gogl.as O1 - Hosts: 212.202.37.32 google.at O1 - Hosts: 212.202.37.32 googel.at O1 - Hosts: 212.202.37.32 gogle.at O1 - Hosts: 212.202.37.32 googl.at O1 - Hosts: 212.202.37.32 gogel.at O1 - Hosts: 212.202.37.32 gogl.at O1 - Hosts: 212.202.37.32 wwwgoogel.at O1 - Hosts: 212.202.37.32 wwwgogle.at O1 - Hosts: 212.202.37.32 wwwgoogl.at O1 - Hosts: 212.202.37.32 wwwgogl.at O1 - Hosts: 212.202.37.32 www-googel.at O1 - Hosts: 212.202.37.32 www-gogle.at O1 - Hosts: 212.202.37.32 www-googl.at O1 - Hosts: 212.202.37.32 www-gogl.at O1 - Hosts: 212.202.37.32 www-gogel.at O1 - Hosts: 212.202.37.32 www-google.at O1 - Hosts: 212.202.37.32 www.google.at O1 - Hosts: 212.202.37.32 www.googel.at O1 - Hosts: 212.202.37.32 www.gogle.at O1 - Hosts: 212.202.37.32 www.googl.at O1 - Hosts: 212.202.37.32 www.gogel.at O1 - Hosts: 212.202.37.32 www.gogl.at O1 - Hosts: 212.202.37.32 google.au O1 - Hosts: 212.202.37.32 googel.au O1 - Hosts: 212.202.37.32 gogle.au O1 - Hosts: 212.202.37.32 googl.au O1 - Hosts: 212.202.37.32 gogel.au O1 - Hosts: 212.202.37.32 gogl.au O1 - Hosts: 212.202.37.32 wwwgoogel.au O1 - Hosts: 212.202.37.32 wwwgogle.au O1 - Hosts: 212.202.37.32 wwwgoogl.au O1 - Hosts: 212.202.37.32 wwwgogl.au O1 - Hosts: 212.202.37.32 www-googel.au O1 - Hosts: 212.202.37.32 www-gogle.au O1 - Hosts: 212.202.37.32 www-googl.au O1 - Hosts: 212.202.37.32 www-gogl.au O1 - Hosts: 212.202.37.32 www-gogel.au O1 - Hosts: 212.202.37.32 www-google.au O1 - Hosts: 212.202.37.32 www.google.au O1 - Hosts: 212.202.37.32 www.googel.au O1 - Hosts: 212.202.37.32 www.gogle.au O1 - Hosts: 212.202.37.32 www.googl.au O1 - Hosts: 212.202.37.32 www.gogel.au O1 - Hosts: 212.202.37.32 www.gogl.au O1 - Hosts: 212.202.37.32 google.bi O1 - Hosts: 212.202.37.32 googel.bi O1 - Hosts: 212.202.37.32 gogle.bi O1 - Hosts: 212.202.37.32 googl.bi O1 - Hosts: 212.202.37.32 gogel.bi O1 - Hosts: 212.202.37.32 gogl.bi O1 - Hosts: 212.202.37.32 wwwgoogel.bi O1 - Hosts: 212.202.37.32 wwwgogle.bi O1 - Hosts: 212.202.37.32 wwwgoogl.bi O1 - Hosts: 212.202.37.32 wwwgogl.bi O1 - Hosts: 212.202.37.32 www-googel.bi O1 - Hosts: 212.202.37.32 www-gogle.bi O1 - Hosts: 212.202.37.32 www-googl.bi O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\ahead\INCD\InCD.exe O4 - HKLM\..\Run: [WorksFUD] C:\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe O4 - HKLM\..\Run: [Ads checker] adchkr.exe O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Winlogin] E:\Mes documents\Temp\svchost.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E55000F0-7373-47C3-9B1E-A8497D12413F}: NameServer = 193.252.19.3,193.252.19.4 O18 - Filter: text/html - (no CLSID) - (no file) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ladchkr - Unknown owner - C:\WINNT\system32\ladchkr.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe Qu'est ce qui se passe avec tous ces trucs en 01

oui mais je passe quand meme des jeux + récents....

Bonjour tout d'abord, ma config : Ordinateur Système d'exploitation Microsoft Windows 2000 Professional Service Pack du système Service Pack 4 Internet Explorer 6.0.2800.1106 (IE 6.0 SP1) Nom du système X Nom d'utilisateur x1 Domaine de connexion X Carte mère Type de processeur AMD Athlon XP, 1800 MHz (6.75 x 267) 2200+ Nom de la carte mère Inconnu Chipset de la carte mère VIA VT8377 Apollo KT400 Mémoire système 256 Mo (PC2700 DDR SDRAM) Type de BIOS Award (02/10/03) Port de communication Port de communication (COM1) Port de communication Port de communication (COM2) Port de communication Port imprimante ECP (LPT1) Moniteur Carte vidéo RADEON 7000 SERIES (64 Mo) Accélérateur 3D ATI RV100 DDR Moniteur Relisys RE770 (E402511132) Multimédia Carte audio VIA AC'97 Enhanced Audio Controller Mon problème est que j'ai installer le jeu top spin, mais au démarrage, g un gentil petit message qui dit " Votre carte video ne supporte pas une fonctionnalité necessaire a Top spin. Vous devriez mettre a jour vos pilotes. ( elle ne supporte pas les vertex et/ou pixel shaders 1.1 )" Donc, c vrai que mes pilotes datent mais j'hésite a les mettre a jour car la dernière fois ca m'a value un formatage voir http://forum.zebulon.fr/index.php?showtopic=71715&st=0 pour explications Que faire, est ca que ca va me refaire le coup? Merci

C vrai mais g toujours eu ca, je v essayer de ventiler un peu mieux