Résolu : PC infecté

lolo1411 · le 13 mars 2008

Voila

-----------------------[ Lop S&D 4.0.6 XP/Vista ]----------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Laurent ] [ "C:\Lop SD" ]

[ 13/03/2008 | 22:06:57,78 ] [ PC : MAISON ]

[ MAJ : 11-03-2008 | 01:12 ]

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans Application Data ]------------

[11/03/2008|07:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\$_hpcst$.hpc

[01/09/2005|07:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\.

[01/09/2005|07:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\..

[04/12/2006|23:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI

[01/09/2005|07:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[01/09/2005|07:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[01/09/2005|07:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[13/03/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[13/03/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[04/12/2006|23:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[16/01/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds

[04/12/2006|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel

[11/03/2008|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[09/12/2006|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[15/07/2007|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Help Test Bias File

[19/01/2008|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft

[06/01/2007|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[09/03/2008|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log

[14/07/2007|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations

[04/12/2006|23:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[15/02/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear

[08/03/2008|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[07/03/2008|22:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[04/12/2006|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee

[16/01/2007|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com

[07/12/2006|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall

[28/01/2008|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[06/11/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo

[06/03/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games

[21/02/2008|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople

[31/10/2007|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania

[04/02/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games

[14/07/2007|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite

[05/01/2008|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst

[06/11/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Runic

[12/12/2007|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games

[11/01/2008|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus

[06/01/2007|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

[14/02/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games

[03/03/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[01/12/2007|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio

[03/01/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ViaMichelin

[22/12/2006|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[07/03/2008|21:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[31/10/2007|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[09/03/2008|19:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\$_hpcst$.hpc

[01/09/2005|07:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[01/09/2005|07:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[04/12/2006|23:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI

[11/03/2008|22:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[01/09/2005|07:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[01/09/2005|07:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/01/2008|16:45] C:\DOCUME~1\INVIT~1\APPLIC~1\.

[08/01/2008|16:45] C:\DOCUME~1\INVIT~1\APPLIC~1\..

[04/12/2006|23:54] C:\DOCUME~1\INVIT~1\APPLIC~1\ATI

[01/09/2005|07:08] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini

[24/12/2007|15:20] C:\DOCUME~1\INVIT~1\APPLIC~1\Google

[17/01/2008|18:28] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities

[08/01/2008|16:38] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia

[03/01/2008|19:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

[08/01/2008|16:45] C:\DOCUME~1\INVIT~1\APPLIC~1\PlayFirst

[08/01/2008|16:43] C:\DOCUME~1\INVIT~1\APPLIC~1\Sandlot Games

[17/01/2008|18:28] C:\DOCUME~1\INVIT~1\APPLIC~1\Zylom

[18/01/2008|12:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Zylom Games

[03/01/2008|21:23] C:\DOCUME~1\Laurent\APPLIC~1\$_hpcst$.hpc

[09/03/2008|19:15] C:\DOCUME~1\Laurent\APPLIC~1\.

[09/03/2008|19:15] C:\DOCUME~1\Laurent\APPLIC~1\..

[09/03/2008|21:58] C:\DOCUME~1\Laurent\APPLIC~1\Adobe

[22/05/2007|11:38] C:\DOCUME~1\Laurent\APPLIC~1\AdobeUM

[05/11/2007|12:10] C:\DOCUME~1\Laurent\APPLIC~1\Ahead

[04/12/2006|23:54] C:\DOCUME~1\Laurent\APPLIC~1\ATI

[12/02/2007|22:05] C:\DOCUME~1\Laurent\APPLIC~1\Corel

[01/09/2005|07:08] C:\DOCUME~1\Laurent\APPLIC~1\desktop.ini

[07/12/2006|22:53] C:\DOCUME~1\Laurent\APPLIC~1\eConf

[09/12/2006|20:30] C:\DOCUME~1\Laurent\APPLIC~1\Google

[07/12/2006|22:29] C:\DOCUME~1\Laurent\APPLIC~1\Help

[04/03/2007|13:02] C:\DOCUME~1\Laurent\APPLIC~1\HP

[01/01/2008|16:09] C:\DOCUME~1\Laurent\APPLIC~1\Identities

[21/12/2006|22:39] C:\DOCUME~1\Laurent\APPLIC~1\Leadertech

[03/10/2007|10:20] C:\DOCUME~1\Laurent\APPLIC~1\Macromedia

[07/03/2008|22:30] C:\DOCUME~1\Laurent\APPLIC~1\Malwarebytes

[07/12/2006|22:06] C:\DOCUME~1\Laurent\APPLIC~1\McAfee.com Personal Firewall

[09/03/2008|19:15] C:\DOCUME~1\Laurent\APPLIC~1\Microsoft

[10/12/2006|20:27] C:\DOCUME~1\Laurent\APPLIC~1\Microsoft Web Folders

[19/12/2006|21:41] C:\DOCUME~1\Laurent\APPLIC~1\MSNInstaller

[14/07/2007|21:14] C:\DOCUME~1\Laurent\APPLIC~1\Nokia

[14/07/2007|21:14] C:\DOCUME~1\Laurent\APPLIC~1\PC Suite

[05/11/2007|13:22] C:\DOCUME~1\Laurent\APPLIC~1\Pegasys Inc

[10/11/2007|20:39] C:\DOCUME~1\Laurent\APPLIC~1\PlayFirst

[21/12/2006|22:39] C:\DOCUME~1\Laurent\APPLIC~1\Sonic

[05/11/2007|13:42] C:\DOCUME~1\Laurent\APPLIC~1\STOIK

[03/01/2007|20:22] C:\DOCUME~1\Laurent\APPLIC~1\Sun

[02/09/2007|18:57] C:\DOCUME~1\Laurent\APPLIC~1\U3

[16/12/2007|15:04] C:\DOCUME~1\Laurent\APPLIC~1\Zylom

[07/12/2006|22:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[07/12/2006|22:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[07/12/2006|22:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall

[01/09/2005|07:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/09/2005|07:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[01/09/2005|07:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[01/09/2005|07:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/01/2008|13:13] C:\DOCUME~1\Patricia\APPLIC~1\$_hpcst$.hpc

[10/03/2008|19:51] C:\DOCUME~1\Patricia\APPLIC~1\.

[10/03/2008|19:51] C:\DOCUME~1\Patricia\APPLIC~1\..

[12/12/2006|17:30] C:\DOCUME~1\Patricia\APPLIC~1\Adobe

[12/12/2006|17:30] C:\DOCUME~1\Patricia\APPLIC~1\AdobeUM

[04/12/2006|23:54] C:\DOCUME~1\Patricia\APPLIC~1\ATI

[30/12/2006|21:56] C:\DOCUME~1\Patricia\APPLIC~1\Corel

[01/09/2005|07:08] C:\DOCUME~1\Patricia\APPLIC~1\desktop.ini

[18/02/2008|08:38] C:\DOCUME~1\Patricia\APPLIC~1\Fuzzy Games

[18/11/2007|16:20] C:\DOCUME~1\Patricia\APPLIC~1\Gaijin Ent

[06/03/2008|19:50] C:\DOCUME~1\Patricia\APPLIC~1\gemsweeperextractedgfx

[11/12/2006|09:54] C:\DOCUME~1\Patricia\APPLIC~1\Google

[11/12/2006|08:58] C:\DOCUME~1\Patricia\APPLIC~1\Help

[08/01/2007|20:45] C:\DOCUME~1\Patricia\APPLIC~1\HP

[21/02/2008|19:28] C:\DOCUME~1\Patricia\APPLIC~1\Identities

[07/01/2008|10:06] C:\DOCUME~1\Patricia\APPLIC~1\iWin

[25/11/2007|16:06] C:\DOCUME~1\Patricia\APPLIC~1\Jane s Hotel

[24/10/2007|10:21] C:\DOCUME~1\Patricia\APPLIC~1\Macromedia

[27/12/2007|17:38] C:\DOCUME~1\Patricia\APPLIC~1\Magic Academy

[08/12/2006|07:10] C:\DOCUME~1\Patricia\APPLIC~1\McAfee.com Personal Firewall

[10/03/2008|19:52] C:\DOCUME~1\Patricia\APPLIC~1\Microsoft

[07/11/2007|18:08] C:\DOCUME~1\Patricia\APPLIC~1\My Games

[15/07/2007|08:21] C:\DOCUME~1\Patricia\APPLIC~1\PC Suite

[07/01/2008|20:43] C:\DOCUME~1\Patricia\APPLIC~1\PlayFirst

[31/10/2007|18:46] C:\DOCUME~1\Patricia\APPLIC~1\Sandlot Games

[06/11/2007|08:29] C:\DOCUME~1\Patricia\APPLIC~1\STOIK

[09/01/2007|19:48] C:\DOCUME~1\Patricia\APPLIC~1\Sun

[07/02/2008|11:18] C:\DOCUME~1\Patricia\APPLIC~1\Super-Cow

[05/12/2007|12:34] C:\DOCUME~1\Patricia\APPLIC~1\Wildfire

[18/02/2008|08:38] C:\DOCUME~1\Patricia\APPLIC~1\Zylom

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[22/02/2008 15:05][--a------] C:\WINDOWS\tasks\Norton Security Scan.job

[13/03/2008 21:33][--ah-----] C:\WINDOWS\tasks\SA.DAT

[10/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[12/03/2008|15:13] C:\Program Files\.

[12/03/2008|15:13] C:\Program Files\..

[04/12/2006|23:45] C:\Program Files\Adobe

[02/01/2007|21:26] C:\Program Files\Alwil Software

[14/05/2007|19:11] C:\Program Files\Anniversaire

[10/03/2008|21:13] C:\Program Files\a-squared Anti-Malware

[04/12/2006|23:44] C:\Program Files\ATI Technologies

[04/12/2006|23:51] C:\Program Files\BAE

[15/06/2007|16:22] C:\Program Files\Black Sheep Studio

[04/12/2006|23:45] C:\Program Files\Broadcom

[16/01/2007|20:53] C:\Program Files\Calendrier

[19/05/2007|15:29] C:\Program Files\Canon

[07/03/2008|21:52] C:\Program Files\CCleaner

[10/06/2007|09:28] C:\Program Files\ChatAndPlay

[01/09/2005|07:13] C:\Program Files\ComPlus Applications

[16/05/2007|09:56] C:\Program Files\Corel

[04/12/2006|23:45] C:\Program Files\Dell

[04/12/2006|23:51] C:\Program Files\Dell Network Assistant

[14/07/2007|21:14] C:\Program Files\DIFX

[16/02/2007|12:54] C:\Program Files\directx

[16/02/2007|14:25] C:\Program Files\EA GAMES

[16/02/2007|14:25] C:\Program Files\Electronic Arts

[09/03/2008|21:38] C:\Program Files\Fichiers communs

[11/05/2007|20:33] C:\Program Files\Free

[09/03/2008|20:14] C:\Program Files\FreeAngel

[01/09/2005|07:27] C:\Program Files\GemMasterFrench

[01/02/2007|08:07] C:\Program Files\Google

[28/06/2007|17:27] C:\Program Files\Hasbro Interactive

[25/07/2007|19:25] C:\Program Files\Hewlett-Packard

[25/07/2007|19:26] C:\Program Files\HP

[09/03/2008|20:19] C:\Program Files\IKEA HomePlanner

[09/03/2008|21:22] C:\Program Files\IncrediMail

[09/03/2008|20:33] C:\Program Files\InstallShield Installation Information

[04/12/2006|23:45] C:\Program Files\InterActual

[11/03/2008|22:13] C:\Program Files\Internet Explorer

[04/12/2006|23:40] C:\Program Files\Java

[08/03/2008|23:38] C:\Program Files\Lavasoft

[02/07/2007|12:12] C:\Program Files\LEGO Media

[19/02/2008|13:46] C:\Program Files\Macrogaming

[09/03/2008|20:23] C:\Program Files\MaCuisineLapeyre

[04/12/2006|23:50] C:\Program Files\McAfee

[04/12/2006|23:40] C:\Program Files\Messenger

[16/01/2007|21:47] C:\Program Files\metagenia

[03/01/2008|21:22] C:\Program Files\Microsoft ActiveSync

[10/12/2006|20:27] C:\Program Files\microsoft frontpage

[09/12/2006|20:41] C:\Program Files\Microsoft Money

[10/12/2006|20:27] C:\Program Files\Microsoft Office

[09/03/2008|21:16] C:\Program Files\Microsoft R‚f‚rence

[04/12/2006|23:45] C:\Program Files\Microsoft Works

[09/03/2008|20:44] C:\Program Files\Mindscape

[09/03/2008|19:01] C:\Program Files\Movie Maker

[09/03/2008|20:30] C:\Program Files\Mozilla Firefox

[09/03/2008|20:30] C:\Program Files\MSN

[04/02/2007|18:11] C:\Program Files\MSN Apps

[09/03/2008|21:38] C:\Program Files\MSN Games

[01/09/2005|07:12] C:\Program Files\MSN Gaming Zone

[09/12/2006|22:09] C:\Program Files\MSXML 4.0

[01/09/2005|07:15] C:\Program Files\NetMeeting

[14/07/2007|21:14] C:\Program Files\Nokia

[22/02/2008|15:00] C:\Program Files\Norton Security Scan

[01/09/2005|07:13] C:\Program Files\Online Services

[09/03/2008|19:01] C:\Program Files\Outlook Express

[14/07/2007|21:14] C:\Program Files\PC Connectivity Solution

[17/03/2007|09:08] C:\Program Files\PrintKey 2000 Fr

[24/02/2007|17:29] C:\Program Files\QuickTime

[04/12/2006|23:47] C:\Program Files\Roxio

[01/03/2008|12:51] C:\Program Files\Save Close Bat

[10/04/2007|16:04] C:\Program Files\SdLL

[01/09/2005|07:15] C:\Program Files\Services en ligne

[26/11/2007|21:14] C:\Program Files\Sierra On-Line

[04/12/2006|23:42] C:\Program Files\Sigmatel

[04/12/2006|23:48] C:\Program Files\Sonic

[08/03/2008|21:21] C:\Program Files\ToniArts

[07/03/2008|21:10] C:\Program Files\Trend Micro

[17/06/2007|10:40] C:\Program Files\Trust

[16/12/2006|08:52] C:\Program Files\Ubi Soft

[01/09/2005|07:25] C:\Program Files\Uninstall Information

[03/01/2008|21:53] C:\Program Files\ViaMichelin

[09/03/2008|22:06] C:\Program Files\Wanadoo

[20/01/2007|19:12] C:\Program Files\Windows Media Connect 2

[11/03/2008|22:37] C:\Program Files\Windows Media Player

[01/09/2005|07:12] C:\Program Files\Windows NT

[01/09/2005|07:12] C:\Program Files\Windows Plus

[01/09/2005|07:15] C:\Program Files\WindowsUpdate

[01/09/2005|07:18] C:\Program Files\xerox

[07/03/2008|21:52] C:\Program Files\Yahoo!

[09/03/2008|22:07] C:\Program Files\Zylom Games

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[09/03/2008|21:38] C:\Program Files\Fichiers communs\.

[09/03/2008|21:38] C:\Program Files\Fichiers communs\..

[04/12/2006|23:45] C:\Program Files\Fichiers communs\Adobe

[05/11/2007|13:03] C:\Program Files\Fichiers communs\Ahead

[04/12/2006|23:46] C:\Program Files\Fichiers communs\Corel

[10/12/2006|20:29] C:\Program Files\Fichiers communs\Designer

[05/07/2007|17:03] C:\Program Files\Fichiers communs\DirectX

[06/01/2007|18:15] C:\Program Files\Fichiers communs\Hewlett-Packard

[25/07/2007|19:27] C:\Program Files\Fichiers communs\HP

[27/12/2006|17:23] C:\Program Files\Fichiers communs\InstallShield

[04/12/2006|23:39] C:\Program Files\Fichiers communs\Java

[03/01/2008|21:22] C:\Program Files\Fichiers communs\Microsoft Shared

[01/09/2005|07:15] C:\Program Files\Fichiers communs\MSSoap

[14/07/2007|21:14] C:\Program Files\Fichiers communs\Nokia

[01/09/2005|07:08] C:\Program Files\Fichiers communs\ODBC

[17/06/2007|10:40] C:\Program Files\Fichiers communs\PCCamera

[14/07/2007|21:14] C:\Program Files\Fichiers communs\PCSuite

[04/12/2006|23:47] C:\Program Files\Fichiers communs\Roxio Shared

[01/09/2005|07:15] C:\Program Files\Fichiers communs\Services

[25/07/2007|19:01] C:\Program Files\Fichiers communs\Sonic Shared

[01/09/2005|07:08] C:\Program Files\Fichiers communs\SpeechEngines

[09/03/2008|19:01] C:\Program Files\Fichiers communs\System

[02/01/2007|21:11] C:\Program Files\Fichiers communs\SystemRequirementsLab

[04/12/2006|23:47] C:\Program Files\Fichiers communs\TiVo Shared

[09/03/2008|20:19] C:\Program Files\Fichiers communs\Wise Installation Wizard

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-13 22:08:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\kjkkj.ini2

! VUNDO Possible !

/!\ [Fich:260][Doss:136] C:\DOCUME~1\Laurent\LOCALS~1\Temp

/!\ [Fich:205][Doss:0] C:\DOCUME~1\Laurent\Cookies

/!\ [Fich:305][Doss:4] C:\DOCUME~1\Laurent\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 22:09:06,82 ]----------------------

Lien Rag · le 13 mars 2008

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer.

Clique sur le bouton "Scan for Vundo"

Lorsque le scan est complété, clique sur le bouton Remove Vundo.

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

lolo1411 · le 13 mars 2008

Voila le fichier Vundofix.txt

VundoFix V7.0.3

Scan started at 22:24:49 13/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\cjviwayv.dll

C:\WINDOWS\system32\ghuqpqqt.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cjviwayv.dll

C:\WINDOWS\system32\cjviwayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghuqpqqt.dll

C:\WINDOWS\system32\ghuqpqqt.dll Has been deleted!

Performing Repairs to the registry.

Done!

et le nouveau log hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:36:07, on 13/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\a-squared Anti-Malware\a2guard.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061204

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.babygo.fr:8118

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Disk Panel Configuration] dpcsvc.exe

O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [5cd68c9b] rundll32.exe "C:\WINDOWS\system32\rketadag.dll",b

O4 - HKLM\..\Run: [bM5fe5bf07] Rundll32.exe "C:\WINDOWS\system32\estpkplv.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.secuser.com

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 7565 bytes

Lien Rag · le 14 mars 2008

Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec

[*] Double clique combofix.exe.

[*] Tape sur la touche Y (Yes) pour démarrer le scan.

[*] ComboFix redémarrera ton PC

[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Modifié le 14 mars 2008 par Lien Rag

lolo1411 · le 14 mars 2008

Voila les 2 rapports

ComboFix 08-03-14.2 - Laurent 2008-03-14 22:39:41.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1785 [GMT 1:00]

Endroit: C:\Documents and Settings\Laurent\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BM5fe5bf07.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\apkqgsrm.dll

C:\WINDOWS\system32\bmnececk.dll

C:\WINDOWS\system32\ecwnqsrh.dll

C:\WINDOWS\system32\efcaawx.dll

C:\WINDOWS\system32\epeiydud.dll

C:\WINDOWS\system32\estpkplv.dll

C:\WINDOWS\system32\fccayxu.dll

C:\WINDOWS\system32\fccyyaw.dll

C:\WINDOWS\system32\fdhntomw.dll

C:\WINDOWS\system32\fdjusyfq.dll

C:\WINDOWS\system32\gainofdv.dll

C:\WINDOWS\system32\gqiafivk.dll

C:\WINDOWS\system32\grcbihgk.dll

C:\WINDOWS\system32\hgggfdb.dll

C:\WINDOWS\system32\hvhyemkb.dll

C:\WINDOWS\system32\igylhxnc.ini

C:\WINDOWS\system32\iifcywv.dll

C:\WINDOWS\system32\iifedbb.dll

C:\WINDOWS\system32\iifghhi.dll

C:\WINDOWS\system32\jkkjk.dll

C:\WINDOWS\system32\jkklijh.dll

C:\WINDOWS\system32\juegynio.dll

C:\WINDOWS\system32\khffggf.dll

C:\WINDOWS\system32\kjkkj.ini

C:\WINDOWS\system32\kjkkj.ini2

C:\WINDOWS\system32\kpeqkwlw.dll

C:\WINDOWS\system32\krmdnggh.dll

C:\WINDOWS\system32\ljjghge.dll

C:\WINDOWS\system32\ljjkhee.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mljgecd.dll

C:\WINDOWS\system32\mtllsbng.ini

C:\WINDOWS\system32\nlhpdsmm.dll

C:\WINDOWS\system32\nwnjohsf.dll

C:\WINDOWS\system32\opnkheb.dll

C:\WINDOWS\system32\opnoopq.dll

C:\WINDOWS\system32\pdamnilr.dll

C:\WINDOWS\system32\qommkii.dll

C:\WINDOWS\system32\qommnno.dll

C:\WINDOWS\system32\ssqnmll.dll

C:\WINDOWS\system32\uxhgmqmd.dll

C:\WINDOWS\system32\vturrss.dll

C:\WINDOWS\system32\wmotnhdf.ini

C:\WINDOWS\system32\xxywurq.dll

C:\WINDOWS\system32\xxywuvt.dll

C:\WINDOWS\system32\yayvvut.dll

.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))))))))

.

2008-03-13 22:24 . 2008-03-13 22:31 <REP> d-------- C:\VundoFix Backups

2008-03-13 21:37 . 2008-03-14 22:10 1,366,923 ---hs---- C:\WINDOWS\system32\gadatekr.ini

2008-03-12 19:38 . 2008-03-13 22:09 <REP> d-------- C:\Lop SD

2008-03-12 14:10 . 2008-03-12 14:10 90,688 --a------ C:\WINDOWS\system32\cnxhlygi.dll

2008-03-12 14:07 . 2008-03-12 14:07 89,152 --a------ C:\WINDOWS\system32\oiomavau.dll

2008-03-11 22:42 . 2004-08-10 13:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll

2008-03-11 22:41 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll

2008-03-11 22:38 . 2008-03-11 22:38 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-03-11 22:38 . 2008-03-11 22:38 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-03-11 22:38 . 2008-03-11 22:38 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-03-11 22:38 . 2008-03-11 22:38 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-03-11 22:38 . 2008-03-11 22:38 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-03-11 22:38 . 2008-03-11 22:38 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-03-11 22:25 . 2004-08-10 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2008-03-11 22:25 . 2004-08-10 13:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll

2008-03-11 22:25 . 2004-08-10 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2008-03-11 22:25 . 2004-08-10 13:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll

2008-03-11 21:49 . 2004-08-10 13:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe

2008-03-11 21:49 . 2004-08-10 13:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe

2008-03-11 21:49 . 2004-08-10 13:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll

2008-03-11 21:49 . 2004-08-10 13:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe

2008-03-11 21:49 . 2004-08-10 13:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe

2008-03-11 21:33 . 2004-08-10 13:00 1,086,058 -ra------ C:\WINDOWS\SET54.tmp

2008-03-11 21:33 . 2004-08-10 13:00 106,147 -ra------ C:\WINDOWS\SET51.tmp

2008-03-11 21:33 . 2006-03-30 11:03 22,339 -ra------ C:\WINDOWS\SETA3.tmp

2008-03-11 21:33 . 2004-08-10 13:00 14,043 -ra------ C:\WINDOWS\SET60.tmp

2008-03-11 21:33 . 2005-03-30 18:54 10,559 -ra------ C:\WINDOWS\SETA4.tmp

2008-03-10 20:36 . 2008-03-12 13:11 1,562,517 ---hs---- C:\WINDOWS\system32\gimugbdb.ini

2008-03-10 19:59 . 2008-03-10 20:23 1,318,583 --ahs---- C:\WINDOWS\system32\pnxkituk.ini

2008-03-09 21:58 . 2008-03-10 19:52 1,318,463 --ahs---- C:\WINDOWS\system32\qgtrrkeq.ini

2008-03-09 19:28 . 2008-03-09 19:28 <REP> d-------- C:\WINDOWS\dell

2008-03-09 18:42 . 2008-03-11 21:58 4,382 --a------ C:\WINDOWS\imsins.BAK

2008-03-09 18:41 . 2004-08-10 13:00 1,086,058 -ra------ C:\WINDOWS\SETEB.tmp

2008-03-09 18:41 . 2004-08-10 13:00 106,147 -ra------ C:\WINDOWS\SETE8.tmp

2008-03-09 18:41 . 2006-03-30 11:03 22,339 -ra------ C:\WINDOWS\SET13A.tmp

2008-03-09 18:41 . 2004-08-10 13:00 14,043 -ra------ C:\WINDOWS\SETF7.tmp

2008-03-09 18:41 . 2005-03-30 18:54 10,559 -ra------ C:\WINDOWS\SET13B.tmp

2008-03-09 18:41 . 2004-08-10 13:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat

2008-03-09 18:40 . 2008-03-11 21:55 330,272 --a------ C:\WINDOWS\setupapi.old

2008-03-08 23:38 . 2008-03-08 23:38 <REP> d-------- C:\Program Files\Lavasoft

2008-03-08 23:38 . 2008-03-08 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-08 23:00 . 2008-03-10 21:13 <REP> d-------- C:\Program Files\a-squared Anti-Malware

2008-03-08 22:56 . 2008-03-08 22:56 936,621 --a------ C:\upload_moi_MAISON.tar.RB0

2008-03-08 21:49 . 2008-03-09 21:52 1,307,981 --ahs---- C:\WINDOWS\system32\rdfftebf.ini

2008-03-08 21:44 . 2008-03-08 21:44 <REP> d-------- C:\WINDOWS\report

2008-03-08 21:44 . 2008-03-08 21:44 <REP> d-------- C:\WINDOWS\AU_Backup

2008-03-08 21:44 . 2008-03-08 21:44 35,479,541 --a------ C:\WINDOWS\VPTNFILE.145

2008-03-08 21:44 . 2008-03-08 21:44 35,479,541 --a------ C:\WINDOWS\LPT$VPN.145

2008-03-08 21:44 . 2008-03-08 21:44 1,926,288 --a------ C:\WINDOWS\tsc.ptn

2008-03-08 21:44 . 2008-03-08 21:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll

2008-03-08 21:44 . 2008-03-08 21:44 267,845 --a------ C:\WINDOWS\tsc.exe

2008-03-08 21:44 . 2008-03-08 21:44 86,094 --a------ C:\WINDOWS\BPMNT.dll

2008-03-08 21:44 . 2008-03-08 21:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll

2008-03-08 21:44 . 2008-03-08 22:57 823 --a------ C:\WINDOWS\tsc.ini

2008-03-08 21:43 . 2008-03-08 21:44 <REP> d-------- C:\WINDOWS\AU_Temp

2008-03-08 21:43 . 2008-03-08 21:43 <REP> d-------- C:\WINDOWS\AU_Log

2008-03-08 21:43 . 2008-03-08 21:43 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL

2008-03-08 21:43 . 2008-03-08 21:43 286,720 --a------ C:\WINDOWS\PATCH.EXE

2008-03-08 21:43 . 2008-03-08 21:43 69,689 --a------ C:\WINDOWS\UNZIP.DLL

2008-03-08 21:43 . 2008-03-08 21:43 170 --a------ C:\WINDOWS\GetServer.ini

2008-03-08 21:21 . 2008-03-08 21:21 <REP> d-------- C:\Program Files\ToniArts

2008-03-07 22:40 . 2008-03-11 21:18 1,824 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-07 22:30 . 2008-03-07 22:30 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes

2008-03-07 22:30 . 2008-03-07 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-03-07 21:58 . 2008-03-07 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-03-07 21:52 . 2008-03-07 21:52 <REP> d-------- C:\Program Files\Yahoo!

2008-03-07 21:52 . 2008-03-07 21:52 <REP> d-------- C:\Program Files\CCleaner

2008-03-07 21:10 . 2008-03-07 21:10 <REP> d-------- C:\Program Files\Trend Micro

2008-03-06 20:44 . 2008-03-07 17:59 1,308,448 --ahs---- C:\WINDOWS\system32\ajidufsk.ini

2008-03-06 20:44 . 2008-03-09 21:28 268 --ah----- C:\sqmdata19.sqm

2008-03-06 20:44 . 2008-03-09 21:28 244 --ah----- C:\sqmnoopt19.sqm

2008-03-06 19:50 . 2008-03-06 19:50 <REP> d-------- C:\Documents and Settings\Patricia\Application Data\gemsweeperextractedgfx

2008-03-06 19:50 . 2008-03-06 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\My Games

2008-03-06 12:19 . 2008-03-09 20:39 244 --ah----- C:\sqmnoopt18.sqm

2008-03-06 12:19 . 2008-03-09 20:39 232 --ah----- C:\sqmdata18.sqm

2008-03-05 22:14 . 2008-03-09 19:59 244 --ah----- C:\sqmnoopt17.sqm

2008-03-05 22:14 . 2008-03-09 19:59 232 --ah----- C:\sqmdata17.sqm

2008-03-05 22:12 . 2008-03-09 19:19 244 --ah----- C:\sqmnoopt16.sqm

2008-03-05 22:12 . 2008-03-09 19:19 232 --ah----- C:\sqmdata16.sqm

2008-03-05 22:10 . 2008-03-09 19:16 244 --ah----- C:\sqmnoopt15.sqm

2008-03-05 22:10 . 2008-03-09 19:16 232 --ah----- C:\sqmdata15.sqm

2008-03-05 20:03 . 2008-03-09 08:29 244 --ah----- C:\sqmnoopt14.sqm

2008-03-05 20:03 . 2008-03-09 08:29 232 --ah----- C:\sqmdata14.sqm

2008-03-05 16:16 . 2008-03-09 00:02 268 --ah----- C:\sqmdata13.sqm

2008-03-05 16:16 . 2008-03-09 00:02 244 --ah----- C:\sqmnoopt13.sqm

2008-03-05 14:23 . 2008-03-08 18:49 268 --ah----- C:\sqmdata12.sqm

2008-03-05 14:23 . 2008-03-08 18:49 244 --ah----- C:\sqmnoopt12.sqm

2008-03-05 12:56 . 2008-03-08 12:04 268 --ah----- C:\sqmdata11.sqm

2008-03-05 12:56 . 2008-03-08 12:04 244 --ah----- C:\sqmnoopt11.sqm

2008-03-05 10:56 . 2008-03-05 16:53 1,303,277 --ahs---- C:\WINDOWS\system32\maernbgf.ini

2008-03-05 10:51 . 2008-03-07 23:05 172 --ah----- C:\sqmnoopt10.sqm

2008-03-05 10:51 . 2008-03-07 23:05 172 --ah----- C:\sqmdata10.sqm

2008-03-05 10:48 . 2008-03-07 23:03 268 --ah----- C:\sqmdata09.sqm

2008-03-05 10:48 . 2008-03-07 23:03 244 --ah----- C:\sqmnoopt09.sqm

2008-03-04 20:53 . 2008-03-07 18:16 172 --ah----- C:\sqmnoopt08.sqm

2008-03-04 20:53 . 2008-03-07 18:16 172 --ah----- C:\sqmdata08.sqm

2008-03-04 20:51 . 2008-03-07 18:14 268 --ah----- C:\sqmdata07.sqm

2008-03-04 20:51 . 2008-03-07 18:14 244 --ah----- C:\sqmnoopt07.sqm

2008-03-04 20:20 . 2008-03-07 18:07 268 --ah----- C:\sqmdata06.sqm

2008-03-04 20:20 . 2008-03-07 18:07 244 --ah----- C:\sqmnoopt06.sqm

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-09 21:07 --------- d-----w C:\Program Files\Zylom Games

2008-03-09 21:06 --------- d-----w C:\Program Files\Wanadoo

2008-03-09 20:38 --------- d-----w C:\Program Files\MSN Games

2008-03-09 20:22 --------- d-----w C:\Program Files\IncrediMail

2008-03-09 20:16 --------- d-----w C:\Program Files\Microsoft Référence

2008-03-09 19:44 --------- d-----w C:\Program Files\Mindscape

2008-03-09 19:33 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-09 19:23 --------- d-----w C:\Program Files\MaCuisineLapeyre

2008-03-09 19:19 --------- d-----w C:\Program Files\IKEA HomePlanner

2008-03-09 19:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-03-09 19:14 --------- d-----w C:\Program Files\FreeAngel

2008-03-03 18:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-22 14:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-02-18 07:38 --------- d-----w C:\Documents and Settings\Patricia\Application Data\Zylom

2008-02-15 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear

2008-02-07 10:18 --------- d-----w C:\Documents and Settings\Patricia\Application Data\Super-Cow

2008-02-04 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games

2008-02-04 16:25 230,432 ----a-w C:\StiImg.dat

2008-01-19 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft

2008-01-16 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds

2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 08:45 68856]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Disk Panel Configuration"="dpcsvc.exe" []

"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 13:00 208952]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 13:00 44032]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 11:00 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvvut]

yayvvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Corel Family & Friends Reminders.LNK]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Corel Family & Friends Reminders.LNK

backup=C:\WINDOWS\pss\Corel Family & Friends Reminders.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk

backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk

backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Laurent^Menu Démarrer^Programmes^Démarrage^Memo.lnk]

path=C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\Memo.lnk

backup=C:\WINDOWS\pss\Memo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Laurent^Menu Démarrer^Programmes^Démarrage^PrintKey 2000 Fr.lnk]

path=C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk

backup=C:\WINDOWS\pss\PrintKey 2000 Fr.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Laurent^Menu Démarrer^Programmes^Démarrage^raccourcis_kplan.exe.lnk]

path=C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\raccourcis_kplan.exe.lnk

backup=C:\WINDOWS\pss\raccourcis_kplan.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

--a--c--- 2006-01-02 18:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a------ 2007-12-04 14:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]

--a--c--- 2006-09-18 18:35 3022336 C:\Program Files\Calendrier\Cld2000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

--a--c--- 2006-08-14 15:20 462336 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-10 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

--a--c--- 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

--a--c--- 2005-10-05 04:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyAway]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2007-09-04 20:03 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-06-26 21:45 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 01:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2004-07-27 17:50 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MATH DOES FIRST MODE]

C:\Documents and Settings\All Users\Application Data\live 64 math does\bias jugs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

--a------ 1999-08-04 00:00 127040 C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

--a------ 2006-11-07 14:49 1121280 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 14:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2006-08-15 11:00 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-05-19 08:45 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzz_ImInstaller_Magentic]

C:\DOCUME~1\Claire\LOCALS~1\Temp\ImInstaller\Magentic\magentic_install

[1].exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 23:27]

R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 23:29]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]

S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys []

S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1992ba5a-5923-11dc-9615-001372313bc5}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-02-22 14:05:18 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-14 22:50:29

Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-03-14 22:53:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-14 21:53:26

.

2008-03-14 21:10:48 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:55:00, on 14/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\a-squared Anti-Malware\a2guard.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061204

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.babygo.fr:8118

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll