rapport hidjack

[roleb]

bonjour Gof

 

desolée pour le désordre des manipulations, mais navilog ne voulais pas se lancer au départ...donc j'ai effectué l'étape suivante, puis suis revenue a navilog , qui a fonctionné normalement... je ne pensais pas qu'il y aurait peut etre des conséquences..dsl

Le scan malwaresbytes est en cours mais trés long...

je vous envoie sa dès que possible

[Gof]

Oui, je vois ça.

 

D'autant que tu as oublié de repasser ensuite les outils en option 2 (Toolbar S&D et Navilog1) comme demandé. A la fin de MBAM, génère ces rapports en option 2, j'essaierais de retrouver mes petits au milieu de tous ces rapports.

[roleb]

oui mais il fallait vous envoyé les rapports avant de passer à l'option 2...j'avais peur de faire une betise dc...je le relance en etape 2 ou pas ?

[Gof]

Après que MBAM ait fini de travailler oui

[roleb]

OK OK

[roleb]

Malwarebytes' Anti-Malware 1.35

Version de la base de données: 1939

Windows 5.1.2600 Service Pack 3

 

05/04/2009 14:01:42

mbam-log-2009-04-05 (14-01-42).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 129219

Temps écoulé: 2 hour(s), 25 minute(s), 19 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 15

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstinit (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\carole\Local Settings\Application Data\acycg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Local Settings\Application Data\acycg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Local Settings\Application Data\acycg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Local Settings\Application Data\ocyki_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Local Settings\Application Data\ocyki_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Local Settings\Application Data\ocyki.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{9B0E07FC-353A-40D7-9B9B-E0850E4ACAF6}\RP288\A0079419.exe (Adware.Navipromo) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Application Data\Microsoft\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Local Settings\Application Data\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Application Data\Microsoft\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\carole\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

C:\WINDOWS\system\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[roleb]

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Duron Processor )

BIOS : PhoenixBIOS 4.0 Release 6.0.1

USER : carole ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090405-0] 4.8.1335 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:19 Go (Free:4 Go)

D:\ (Local Disk) - NTFS - Total:27 Go (Free:21 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 05/04/2009|14:23 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ Extensions

 

(carole) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.aliceadsl.fr/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 04/04/2009|21:44 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 05/04/2009|14:13 - Option : [2]

3 - "C:\ToolBar SD\TB_3.txt" - 05/04/2009|14:30 - Option : [2]

 

-----------\\ Fin du rapport a 14:30:37,63

 

Clean Navipromo version 3.7.6 commencé le 05/04/2009 à 14:14:47,81

 

Outil exécuté depuis C:\Program Files\navilog1

 

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Duron Processor )

BIOS : PhoenixBIOS 4.0 Release 6.0.1

USER : carole ( Administrator )

BOOT : Normal boot

 

Antivirus : avast! antivirus 4.8.1335 [VPS 090405-0] 4.8.1335 (Activated)

 

 

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:19 Go (Free:4 Go)

D:\ (Local Disk) - NTFS - Total:27 Go (Free:21 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

 

Mode suppression automatique

avec prise en charge résultats Catchme et GNS

 

 

Nettoyage exécuté au redémarrage de l'ordinateur

 

 

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

 

 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

 

* Suppression dans "C:\windows\System32" *

 

 

* Suppression dans "C:\Documents and Settings\carole\locals~1\applic~1" *

 

 

* Suppression dans "C:\DOCUME~1\audrey\locals~1\applic~1" *

 

* Suppression dans "C:\DOCUME~1\papa\locals~1\applic~1" *

 

* Suppression dans "C:\DOCUME~1\thomas\locals~1\applic~1" *

 

 

*** Suppression dossiers dans "C:\windows" ***

 

 

*** Suppression dossiers dans "C:\Program Files" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

 

 

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\carole\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\audrey\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\papa\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\thomas\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\carole\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\audrey\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\papa\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\thomas\locals~1\applic~1" ***

 

 

*** Suppression dossiers dans "C:\Documents and Settings\carole\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\audrey\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\papa\menudm~1\progra~1" ***

 

 

*** Suppression dossiers dans "C:\DOCUME~1\thomas\menudm~1\progra~1" ***

 

 

 

*** Suppression fichiers ***

 

 

*** Suppression fichiers temporaires ***

 

Nettoyage contenu C:\windows\Temp effectué !

Nettoyage contenu C:\Documents and Settings\carole\locals~1\Temp effectué !

 

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

 

2)Recherche, création sauvegardes et suppression Heuristique :

 

 

* Dans "C:\windows\system32" *

 

 

* Dans "C:\Documents and Settings\carole\locals~1\applic~1" *

 

 

* Dans "C:\DOCUME~1\audrey\locals~1\applic~1" *

 

 

* Dans "C:\DOCUME~1\papa\locals~1\applic~1" *

 

 

* Dans "C:\DOCUME~1\thomas\locals~1\applic~1" *

 

 

*** Sauvegarde du Registre vers dossier Safebackup ***

 

sauvegarde du Registre réalisée avec succès !

 

*** Nettoyage Registre ***

 

Nettoyage Registre Ok

 

 

*** Certificats ***

 

Certificat Egroup supprimé !

Certificat Electronic-Group supprimé !

Certificat Montorgueil absent !

Certificat OOO-Favorit supprimé !

Certificat Sunny-Day-Design-Ltdt absent !

 

*** Recherche autres dossiers et fichiers connus ***

 

 

 

*** Nettoyage terminé le 05/04/2009 à 14:22:07,75 ***

[Gof]

Bon

 

Renouvelle un rapport RSIT :

 

Double-clique sur RSIT.exe afin de lancer RSIT.

• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  

[roleb]

Logfile of random's system information tool 1.06 (written by random/random)

Run by carole at 2009-04-05 15:45:51

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 5 GB (25%) free of 19 GB

Total RAM: 375 MB (10% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:47:48, on 05/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\windows\system32\spoolsv.exe

C:\windows\system32\drivers\KodakCCS.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\WgaTray.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\Explorer.EXE

C:\windows\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\QuickTime\qttask.exe

C:\windows\System32\drivers\rsvp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\carole\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Documents and Settings\carole\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\windows\system32\wuauclt.exe

C:\Documents and Settings\carole\Local Settings\Temporary Internet Files\Content.IE5\3KD7MA4S\RSIT[1].exe

C:\Documents and Settings\carole\Bureau\carole.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

F3 - REG:win.ini: load=C:\DOCUME~1\carole\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: [spool] C:\DOCUME~1\carole\LOCALS~1\Temp\spoolsv.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\windows\System32\drivers\rsvp.exe /waitservice

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\carole\LOCALS~1\APPLIC~1\mstsc.exe /waitservice (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\windows\System\dllhst3g.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\carole\LOCALS~1\APPLIC~1\mstsc.exe /waitservice (User 'Default user')

O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\carole\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe

 

--

End of file - 4271 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-28 155648]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"Spool"=C:\DOCUME~1\carole\LOCALS~1\Temp\spoolsv.exe [2009-03-31 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-06-02 1660952]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"rsvp"=C:\windows\System32\drivers\rsvp.exe [2009-03-31 86016]

 

C:\Documents and Settings\carole\Menu Démarrer\Programmes\Démarrage

Outil de notification Live Search.lnk - C:\Documents and Settings\carole\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\windows\system32\WgaLogon.dll [2008-09-06 267304]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"

"C:\Documents and Settings\carole\Local Settings\Temp\~temp\mdnk52\mdm.exe"="C:\Documents and Settings\carole\Local Settings\Temp\~temp\mdnk52\mdm.exe:*:Disabled:mdm"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

======List of files/folders created in the last 1 months======

 

2009-04-05 14:14:47 ----A---- C:\cleannavi.txt

2009-04-05 14:11:14 ----A---- C:\TB.txt

2009-04-04 22:22:10 ----AD---- C:\Program Files\Furnish Pro

2009-04-04 22:03:30 ----A---- C:\windows\logman.exe

2009-04-04 22:00:03 ----A---- C:\Documents and Settings\carole\Application Data\dllhst3g.exe

2009-04-04 21:40:47 ----D---- C:\ToolBar SD

2009-04-04 21:20:34 ----D---- C:\_OTMoveIt

2009-04-04 21:09:54 ----A---- C:\fixnavi.txt

2009-04-04 21:08:29 ----D---- C:\Program Files\Navilog1

2009-04-04 19:59:03 ----D---- C:\Documents and Settings\All Users\Application Data\HipSoft

2009-04-04 19:53:37 ----D---- C:\Program Files\Oberon Media

2009-04-04 19:53:35 ----D---- C:\Program Files\M6 Jeux

2009-04-04 17:51:46 ----D---- C:\Documents and Settings\carole\Application Data\Malwarebytes

2009-04-04 17:51:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-04-04 17:51:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-04-04 16:55:03 ----D---- C:\rsit

2009-03-30 20:00:39 ----D---- C:\Program Files\LUXYA WC-1300 Corporation

2009-03-30 20:00:11 ----A---- C:\windows\system32\VMSnap23.exe

2009-03-30 20:00:10 ----A---- C:\windows\system32\VMCap323.exe

2009-03-30 20:00:05 ----A---- C:\windows\system32\Domino.exe

2009-03-30 20:00:01 ----D---- C:\windows\CatRoot

2009-03-30 19:59:58 ----D---- C:\Program Files\STV

2009-03-30 18:53:30 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia

2009-03-29 12:24:41 ----D---- C:\Documents and Settings\carole\Application Data\Yahoo!

2009-03-29 12:24:41 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2009-03-29 12:24:31 ----D---- C:\Program Files\Yahoo!

2009-03-29 12:24:17 ----D---- C:\Program Files\CCleaner

2009-03-23 14:43:32 ----D---- C:\Program Files\Panda Security

2009-03-22 17:18:58 ----RHD---- C:\Documents and Settings\carole\Application Data\SecuROM

2009-03-21 09:39:09 ----A---- C:\windows\system32\aswBoot.exe

2009-03-20 19:17:02 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-03-20 12:50:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-03-11 14:05:24 ----HDC---- C:\windows\$NtUninstallKB960225$

2009-03-11 14:04:42 ----HDC---- C:\windows\$NtUninstallKB938464-v2$

2009-03-11 14:03:56 ----HDC---- C:\windows\$NtUninstallKB958690$

 

======List of files/folders modified in the last 1 months======

 

2009-04-05 14:55:06 ----D---- C:\WINDOWS

2009-04-05 14:25:19 ----D---- C:\windows\Temp

2009-04-05 14:22:07 ----D---- C:\windows\system32

2009-04-05 14:20:01 ----D---- C:\windows\Prefetch

2009-04-05 14:16:34 ----N---- C:\windows\SchedLgU.Txt

2009-04-05 14:08:23 ----D---- C:\windows\system32\drivers

2009-04-05 14:01:41 ----SD---- C:\Documents and Settings\carole\Application Data\Microsoft

2009-04-05 14:01:41 ----D---- C:\windows\system

2009-04-05 10:53:59 ----RD---- C:\Program Files

2009-04-04 23:56:25 ----D---- C:\windows\system32\CatRoot2

2009-04-04 20:39:30 ----D---- C:\Program Files\BarreConfCMCIC

2009-04-04 20:30:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-04-02 12:44:13 ----SHD---- C:\windows\Installer

2009-03-31 19:51:14 ----A---- C:\Documents and Settings\carole\Application Data\rsvp.exe

2009-03-30 20:43:32 ----A---- C:\windows\win.ini

2009-03-30 20:30:28 ----HD---- C:\windows\inf

2009-03-30 20:08:14 ----RSHDC---- C:\windows\system32\dllcache

2009-03-30 20:00:57 ----HD---- C:\Program Files\InstallShield Installation Information

2009-03-30 19:59:58 ----SD---- C:\windows\Downloaded Program Files

2009-03-30 19:59:56 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-03-29 12:44:11 ----D---- C:\windows\Debug

2009-03-29 12:44:03 ----D---- C:\windows\Minidump

2009-03-29 12:18:06 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-03-29 12:18:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-29 10:15:59 ----A---- C:\windows\system32\PerfStringBackup.INI

2009-03-24 20:53:13 ----D---- C:\windows\system32\CatRoot

2009-03-23 16:06:26 ----D---- C:\Documents and Settings\carole\Application Data\HPAppData

2009-03-22 11:37:26 ----D---- C:\windows\system32\inetsrv

2009-03-20 13:26:33 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-03-20 13:25:49 ----D---- C:\Program Files\Adobe

2009-03-15 00:22:18 ----D---- C:\Program Files\Microsoft Picture It! PhotoPub

2009-03-13 22:45:27 ----D---- C:\Program Files\Vuze

2009-03-13 22:44:56 ----D---- C:\Documents and Settings\carole\Application Data\Azureus

2009-03-11 14:04:45 ----D---- C:\windows\WinSxS

2009-03-11 10:40:18 ----HD---- C:\windows\$hf_mig$

2009-03-10 12:36:14 ----D---- C:\Program Files\eMule

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 DcCam;Kodak Camera Proxy; C:\windows\System32\DRIVERS\DcCam.sys [2003-06-18 36826]

R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2009-02-05 94032]

R2 DCFS2K;Kodak DCFS2K Driver; C:\windows\system32\drivers\dcfs2k.sys [2003-06-18 38997]

R2 Fallback;Fallback; C:\windows\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]

R2 Fsks;Fsks; C:\windows\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]

R2 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R2 K56;K56; C:\windows\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]

R2 SoftFax;SoftFax; C:\windows\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]

R2 Tones;Tones; C:\windows\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]

R2 V124;V124; C:\windows\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]

R3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 basic2;basic2; C:\windows\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]

R3 hsf_msft;hsf_msft; C:\windows\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]

R3 Rksample;Rksample; C:\windows\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2001-08-28 5888]

R3 S3SavageNB;S3SavageNB; C:\windows\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]

R3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\windows\System32\DRIVERS\usb8023.sys [2008-04-13 12800]

R3 usbhub;Concentrateur USB2; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\windows\system32\drivers\ac97via.sys [2004-08-03 84480]

S1 Exportit;Exportit; C:\windows\System32\DRIVERS\exportit.sys [2003-06-18 138485]

S3 catchme;catchme; \??\C:\DOCUME~1\carole\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 cdiskdun;cdiskdun; \??\C:\DOCUME~1\benoit\LOCALS~1\Temp\cdiskdun.sys []

S3 DcFpoint;DcFpoint; C:\windows\System32\DRIVERS\DcFpoint.sys [2003-06-18 61568]

S3 DcLps;Legacy Polling Service; C:\windows\System32\DRIVERS\DcLps.sys [2003-06-18 8058]

S3 DcPTP;dcptp; C:\windows\System32\DRIVERS\DcPTP.sys [2003-06-18 63002]

S3 hidusb;Pilote de classe HID Microsoft; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\System32\DRIVERS\HPZid412.sys [2007-10-30 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\System32\DRIVERS\HPZipr12.sys [2007-10-30 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\System32\DRIVERS\HPZius12.sys [2007-10-30 21568]

S3 mouhid;Pilote HID de souris; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-28 12288]

S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\windows\system32\drivers\msmpu401.sys [2001-08-17 2944]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]

S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]

S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]

S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]

S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]

S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]

S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]

S3 SLIP;Détrameur décalage BDA; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur; C:\windows\System32\Drivers\StMp3Rec.sys [2006-01-20 71358]

S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Pilote USB audio (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbbus;LGE Mobile Composite USB Device; C:\windows\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\windows\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]

S3 USBModem;LGE Mobile USB Modem; C:\windows\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\windows\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 vmfilter323;323 filter service, Normal; C:\windows\system32\drivers\vmfilter323.sys [2007-09-19 476672]

S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera; C:\windows\System32\Drivers\usbvm323.sys [2006-12-26 259968]

S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 KodakCCS;Kodak Camera Connection Software; C:\windows\system32\drivers\KodakCCS.exe [2003-06-18 294972]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2009-01-19 69120]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-05 137200]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S4 ScsiAccess;ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [2003-02-04 181312]

 

-----------------EOF-----------------

[Gof]

Télécharge Combofix depuis l'un des liens ci-dessous. Tu dois le renommer avant de l'enregistrer. Enregistre-le sur ton Bureau.

 

Lien 1

Lien 2

Lien 3

 

 

 

--------------------------------------------------------------------

 

Fais un double clic sur Combo-Fix.exe & suis les invites.

• Lorsque l'outil aura terminé, il affichera un rapport.
  
• Envoye le contenu de C:\ComboFix.txt .