Bonjour !

Aprés une trés longue absence me revoilà, en forme, mais pas mon pc J'ai besoin de vos lumiéres...

Voilà aprés plusieurs scan au démarage avec avast, aprés plusieurs utilisation de spyboot, ad aware... Je n'arrive toujours pas à éliminer cette infection...

J'ai essayé de faire un scan avec panda, mais je n'y arrive pas, ca me dit toujours que IE a rencontré un probléme et doit fermer...

Donc j'ai passé hijackthis, est voilà le résultat :


Logfile of HijackThis v1.99.1
Scan saved at 14:41:30, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Nejma\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {00D0E786-A9E4-4EC5-82BA-E4E57D285B83} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178640838812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvutrrq - wvutrrq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll


Que dois je faire ?

Merci d'avance pour votre aide

Bonjour Ninie

Ton log n'est pas complet.

Mais je pense qu'il y a déjà une infection Vundo. Alors fais ceci:


Affiche les fichiers cachés: Pour afficher les fichiers cachés


Télécharge ComboFix de sUBs sur ton bureau.

• Double-clique sur ComboFix.exe pour le lancer.
  
  
• A la question qu'il te pose, tape sur la touche Y (Yes) pour démarrer le scan.
  
  
• Patiente le temps que ComboFix travaille sans l'interrompre et sans rien toucher. (Ne clique pas dans la fenêtre de ComboFix quand il est en train de s'exècuter: Ca pourrait planter Windows)
  
  
• A la fin du scan, un rapport va être généré: C:\ComboFix.txt
  Poste ce rapport dans ta prochaine réponse.
  

Renomme HijackThis.exe en Ninie.exe et tire un nouveau rapport HijackThis à partir de Ninie.exe. Poste le aussi dans ta prochaine réponse.

merci pour ta réponse si rapide

voici avec combofix :

ComboFix 07-07-30.2 - "Nejma" 2007-08-01 19:21:52.1 [GMT 2:00] - NTFS
Microsoft Windows XP �dition familiale 5.1.2600.2.1252.1.1036.18.Vrai
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Nejma\APPLIC~1.\.rdr.ini
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\Program Files\Fichiers communs\viroq.html
C:\WINDOWS\smsys.dat
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\B0
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\win
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_NTMLSVC
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_SYSLIBRARY
-------\NtmlSvc
-------\runtime
-------\SysLibrary


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-08-01 19:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 14:30 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 14:29 <REP> d-------- C:\DOCUME~1\Nejma\.housecall6.6
2007-08-01 13:50 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-07-30 23:20 <REP> d-------- C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\Lavasoft
2007-07-30 22:17 786,432 --ah----- C:\DOCUME~1\ADMINI~1.ORD\NTUSER.DAT
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Mes documents
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Menu D‚marrer
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Favoris
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Bureau
2007-07-30 22:17 <REP> d--h----- C:\DOCUME~1\ADMINI~1.ORD\Voisinage r‚seau
2007-07-30 22:17 <REP> d--h----- C:\DOCUME~1\ADMINI~1.ORD\Voisinage d'impression
2007-07-30 22:17 <REP> d--h----- C:\DOCUME~1\ADMINI~1.ORD\ModŠles
2007-07-30 22:17 <REP> d-------- C:\DOCUME~1\ADMINI~1.ORD\WINDOWS
2007-07-30 22:17 <REP> d-------- C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\InterTrust
2007-07-30 01:50 7,277 --a------ C:\DOCUME~1\Nejma\zmcqjz.exe
2007-07-30 01:45 6,689 --a------ C:\WINDOWS\system32\ldcore.dll
2007-07-30 01:45 <REP> d-------- C:\Temp\brr
2007-07-30 01:45 <REP> d-------- C:\Temp\0c2
2007-07-30 01:45 <REP> d-------- C:\Temp
2007-07-30 00:55 26,000 --a------ C:\WINDOWS\system32\libcintles3.dll
2007-07-27 16:26 <REP> d-------- C:\Program Files\Macrogaming
2007-07-25 18:06 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\Canon
2007-07-25 18:05 7,680 --a------ C:\WINDOWS\system32\CNMVS6s.DLL
2007-07-25 18:05 116,736 --a------ C:\WINDOWS\system32\CNMLM6s.DLL
2007-07-25 18:05 <REP> d--h----- C:\BJPrinter
2007-07-25 17:59 <REP> d-------- C:\Program Files\ScanSoft
2007-07-25 17:59 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-07-25 17:59 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\ScanSoft
2007-07-25 17:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-07-25 17:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-07-25 17:54 94,208 --a------ C:\WINDOWS\system32\CNCL130.DLL
2007-07-25 17:54 90,112 --a------ C:\WINDOWS\system32\CNCI130.DLL
2007-07-25 17:54 557,056 --a------ C:\WINDOWS\system32\CNCC130.DLL
2007-07-25 17:54 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-07-25 17:54 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2007-07-25 17:54 <REP> d--h----- C:\CanonMP
2007-07-25 17:54 <REP> d-------- C:\WINDOWS\StartHtmico
2007-07-25 17:54 <REP> d-------- C:\WINDOWS\MP130,110
2007-07-25 17:53 <REP> d-------- C:\Program Files\Canon
2007-07-19 23:00 <REP> d-------- C:\Program Files\IncrediMail
2007-07-18 14:17 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\Talkback
2007-07-02 23:15 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\Ulead Systems
2007-07-02 23:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-07-02 23:14 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-02 23:14 47,616 --a------ C:\WINDOWS\system\IYUV_32.DLL
2007-07-02 22:34 65,536 --a------ C:\WINDOWS\amcap533.exe
2007-07-02 22:34 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
2007-07-02 22:34 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL
2007-07-02 22:34 131,072 --a------ C:\WINDOWS\system\SP5X_32.DLL
2007-07-02 22:34 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2007-07-02 22:34 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys
2007-07-02 22:34 <REP> d-------- C:\WINDOWS\Setup533
2007-07-01 12:36 <REP> d-------- C:\WINDOWS\system32\ActiveScan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 14:29 1447 --a------ C:\WINDOWS\mozver.dat
2007-07-31 19:43 --------- d-------- C:\Program Files\a-squared Free
2007-07-30 23:41 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-27 16:35 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-07-25 18:10 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Arcsoft
2007-07-25 17:57 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 17:57 --------- d-------- C:\Program Files\ArcSoft
2007-07-22 13:54 --------- d-------- C:\Program Files\Ludiclub
2007-07-22 13:48 29424 --a------ C:\DOCUME~1\Nejma\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-14 14:59 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\dvdcss
2007-07-11 00:00 70818 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-07-11 00:00 458682 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-04 01:54 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Skype
2007-07-02 22:36 --------- d-------- C:\Program Files\Ulead Systems
2007-07-01 15:03 --------- d-------- C:\Program Files\MSN Messenger
2007-07-01 15:03 --------- d-------- C:\Program Files\Messenger
2007-06-27 21:06 --------- d-------- C:\Program Files\Skype
2007-06-27 21:06 --------- d-------- C:\Program Files\Fichiers communs\Skype
2007-06-27 13:10 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-06-23 16:05 512 --ah----- C:\os466477.bin
2007-06-21 13:11 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Screenshot Sender
2007-06-11 21:19 --------- d-------- C:\Program Files\Athan
2007-06-11 21:16 737280 --a------ C:\WINDOWS\iun6002.exe
2007-06-11 16:09 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-10 00:02 365 --a------ C:\WINDOWS\system32\tsfgljawdc_navps.dat
2007-06-10 00:01 7265 --a------ C:\WINDOWS\system32\tsfgljawdc.dat
2007-06-08 12:26 268015 --a------ C:\WINDOWS\system32\tsfgljawdc_nav.dat
2007-06-06 12:24 --------- d-------- C:\Program Files\Windows Live
2007-06-06 11:40 332288 --a------ C:\WINDOWS\system32\tsfgljawdc.exe
2007-06-05 21:28 --------- d-------- C:\Program Files\Akimania
2007-06-03 19:58 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Paltalk
2007-06-01 15:50 --------- d-------- C:\Program Files\Paltalk Messenger
2007-05-25 19:27 25088 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-21 16:18 135519 --a------ C:\WINDOWS\HPHins11.dat
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-09 19:23 0 -rahs---- C:\MSDOS.SYS
2007-05-09 19:23 0 -rahs---- C:\IO.SYS
2007-05-08 21:45 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-08 17:00 0 --ah----- C:\WINDOWS\system32\wmtlf.exe
2007-05-08 16:58 118 --a------ C:\WINDOWS\system32\dsrrtbtm.bat
2007-05-08 16:57 0 --a------ C:\WINDOWS\system32\yul.exe
2007-05-08 16:51 0 --ah----- C:\WINDOWS\system32\iqajenzu.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D0E786-A9E4-4EC5-82BA-E4E57D285B83}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Config System"=config.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Fichiers communs\viroq.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutrrq]
wvutrrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=C:\WINDOWS\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
C:\DOCUME~1\Nejma\LOCALS~1\Temp\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]
C:\WINDOWS\System32\quzi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]
C:\WINDOWS\Temp\startdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsfgljawdc]
c:\windows\system32\tsfgljawdc.exe tsfgljawdc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Config System]
config.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SLService"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"ATI Smart"=2 (0x2)
"aswUpdSv"=2 (0x2)
"a2free"=2 (0x2)

R0 agpCPQ;Filtre de bus AGP Compaq;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver;C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 Slntamr;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 RecAgent;recagent;\??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 19:26:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01 19:28:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 19:27

--- E O F ---

Et le hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:30:10, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nejma\Bureau\Ninie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {00D0E786-A9E4-4EC5-82BA-E4E57D285B83} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178640838812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvutrrq - wvutrrq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Je sais pas si il est complet là ?

Je sais pas si c'est important lol, mais je vais quand même le préciser... Pour que je puisse avoir accés à ma session en mode "normal" lol, j'ai fati éxécuter "msconfig" pour tout désactivier dans l'onglet démarage et service, et cocher aussi "masquer tous les services microsoft". Voilà je sais pas du tout si c'est important mais je préfére le préciser...

Merci

Oui quand je démarre normalement, une fois la session ouverte ça bloque, je ne peux pas ouvrir de programme, ça reste bloqué, ou ça ne répond pas, et ne s’ouvre pas. Oui j'ai activé mon antivirus et mon parefeu.


J’ai réussi à tous supprimer.


Voici le rapport avec navilog1 :

Search Navipromo version 2.0.5 commencé le 01/08/2007 à 23:55:39,59

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***


*** Recherche dossiers dans C:\WINDOWS ***


*** Recherche dossiers dans C:\Program Files ***


*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Recherche dossiers dans C:\Documents and Settings\Nejma\Application Data ***


*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 08/01/07 at 23:55:41.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ...................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 08/02/07 at 00:02:26 (return code = 0).


*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]


Recherche Clé Magic Control


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********

3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse Terminé le 02/08/2007 à 0:02:37,40 ***

Voici le rapport avec MSNFix :

MSN_Fix 1.452

C:\Documents and Settings\Nejma\Bureau\MSNFix\MSNFix
Fix exécuté le 02/08/2007 - 0:06:21,71 By Nejma
mode normal

************************ Recherche les fichiers présents

... C:\???.tmp

************************ Recherche les dossiers présents

... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\???.tmp


************************ Suppression des dossiers

.. OK ... C:\Temp\


************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\QTJava.zip] F6FB16B48A4DB0CCF6401A39DD8A5BF9


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02082007_ 0072725.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

J’ai bien relancé HijackThis et coché les lignes :

O2 - BHO: (no name) - {00D0E786-A9E4-4EC5-82BA-E4E57D285B83} - (no file)
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O20 - Winlogon Notify: wvutrrq - wvutrrq.dll (file missing)


J’ai recherché « config.exe » voilà ce que j’ai trouvé :

- ipconfig.exe dans le dossier : C:\WINDOWS\system32
- ipconfig.exe dans le dossier : C:\WINDOWS\ServicepackFiles\i386
- msconfig.exe dans le dossier : C:\WINDOWS\ServicepackFiles\i386
- msconfig.exe dans le dossier : C:\WINDOWS\PCHealth\HelpCtr\Binaries

Voici le rapport du scan pour C:\WINDOWS\system32\CNMVS6s.DLL :

Scan taken on 01 Aug 2007 22:19:15 (GMT)
A-Squared : Found nothing
AntiVir : Found nothing
ArcaVir : Found nothing
Avast : Found nothing
AVG Antivirus : Found nothing
BitDefender : Found nothing
ClamAV : Found nothing
CPsecure : Found nothing
Dr.Web : Found nothing
F-Prot Antivirus : Found nothing
F-Secure Anti-Virus : Found nothing
Fortinet : Found nothing
Kaspersky Anti-Virus : Found nothing
NOD32 : Found nothing
Norman Virus Control : Found nothing
Panda Antivirus : Found nothing
Rising Antivirus : Found nothing
Sophos Antivirus : Found nothing
VirusBuster : Found nothing
VBA32 : Found nothing



Et le rapport pour C:\os466477.bin :


Scan taken on 01 Aug 2007 22:22:35 (GMT)
A-Squared : Found nothing
AntiVir : Found nothing
ArcaVir : Found nothing
Avast : Found nothing
AVG Antivirus : Found nothing
BitDefender : Found nothing
ClamAV : Found nothing
Cpsecure : Found nothing
Dr.Web : Found nothing
F-Prot Antivirus: Found nothing
F-Secure Anti-Virus : Found nothing
Fortinet : Found nothing
Kaspersky Anti-Virus : Found nothing
NOD32 : Found nothing
Norman Virus Control : Found nothing
Panda Antivirus : Found nothing
Rising Antivirus : Found nothing
Sophos Antivirus : Found nothing
VirusBuster : Found nothing
VBA32 : Found nothing

Le rapport du scan avec AVG :


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 01:22:14 02/08/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP176\A0060580.dll -> Backdoor.IRCBot.acd : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir -> Downloader.Agent.acl : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0056465.sys -> Downloader.Agent.acl : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\ldcore.dll.vir -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP173\A0045299.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0049408.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0052419.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0052436.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0053430.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0054440.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0056467.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP176\A0060486.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP176\A0060579.dll -> Downloader.Small.dxm : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP173\A0035211.exe -> Downloader.VB.awj : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP95\A0011477.exe -> Dropper.Small : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\smsys.dat.vir -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP173\A0045367.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP173\A0046381.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0048392.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0048404.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0049416.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0052427.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0053437.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0054446.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0055454.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0056471.sys -> Proxy.Agent.mx : Nettoyé.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP174\A0057475.sys -> Proxy.Agent.mx : Nettoyé.
:mozilla.136:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.137:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.107:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.118:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.197:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.198:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.199:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.200:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.201:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Nejma\Cookies\nejma@pandasoftware.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.112:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.113:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.42:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.43:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.50:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.51:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.53:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.54:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.216:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Nejma\Cookies\nejma@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.24:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.70:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.31:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.48:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.49:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.52:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.29:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Coremetrics : Nettoyé.
:mozilla.73:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.23:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.26:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.49:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.50:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.51:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.52:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.53:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.14:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.16:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.160:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
:mozilla.161:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
:mozilla.162:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
:mozilla.159:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Nejma\Cookies\nejma@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.19:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.60:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.106:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.167:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.168:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.169:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.170:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.171:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.30:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.32:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.33:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.37:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.38:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.44:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.45:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.59:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Nejma\Cookies\nejma@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.34:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.35:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.36:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.37:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.38:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Nejma\Cookies\nejma@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.152:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5c95h5ro.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.77:C:\Documents and Settings\Nejma\Application Data\Mozilla\Firefox\Profiles\dvc0bqwv.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.


Fin du rapport

Le log avec ComboFix :


ComboFix 07-07-30.2 - "Nejma" 2007-08-02 1:36:10.2 [GMT 2:00] - NTFS
Microsoft Windows XP �dition familiale 5.1.2600.2.1252.1.1036.18.Vrai


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\asc3550u


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-08-02 00:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-01 23:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-01 23:54 <REP> d-------- C:\Program Files\Navilog1
2007-08-01 19:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 14:30 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 14:29 <REP> d-------- C:\DOCUME~1\Nejma\.housecall6.6
2007-08-01 13:50 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-07-30 23:20 <REP> d-------- C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\Lavasoft
2007-07-30 22:17 786,432 --ah----- C:\DOCUME~1\ADMINI~1.ORD\NTUSER.DAT
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Mes documents
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Menu D‚marrer
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Favoris
2007-07-30 22:17 <REP> dr------- C:\DOCUME~1\ADMINI~1.ORD\Bureau
2007-07-30 22:17 <REP> d--h----- C:\DOCUME~1\ADMINI~1.ORD\Voisinage r‚seau
2007-07-30 22:17 <REP> d--h----- C:\DOCUME~1\ADMINI~1.ORD\Voisinage d'impression
2007-07-30 22:17 <REP> d--h----- C:\DOCUME~1\ADMINI~1.ORD\ModŠles
2007-07-30 22:17 <REP> d-------- C:\DOCUME~1\ADMINI~1.ORD\WINDOWS
2007-07-30 22:17 <REP> d-------- C:\DOCUME~1\ADMINI~1.ORD\APPLIC~1\InterTrust
2007-07-27 16:26 <REP> d-------- C:\Program Files\Macrogaming
2007-07-25 18:06 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\Canon
2007-07-25 18:05 7,680 --a------ C:\WINDOWS\system32\CNMVS6s.DLL
2007-07-25 18:05 116,736 --a------ C:\WINDOWS\system32\CNMLM6s.DLL
2007-07-25 18:05 <REP> d--h----- C:\BJPrinter
2007-07-25 17:59 <REP> d-------- C:\Program Files\ScanSoft
2007-07-25 17:59 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-07-25 17:59 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\ScanSoft
2007-07-25 17:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-07-25 17:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-07-25 17:54 94,208 --a------ C:\WINDOWS\system32\CNCL130.DLL
2007-07-25 17:54 90,112 --a------ C:\WINDOWS\system32\CNCI130.DLL
2007-07-25 17:54 557,056 --a------ C:\WINDOWS\system32\CNCC130.DLL
2007-07-25 17:54 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-07-25 17:54 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2007-07-25 17:54 <REP> d--h----- C:\CanonMP
2007-07-25 17:54 <REP> d-------- C:\WINDOWS\StartHtmico
2007-07-25 17:54 <REP> d-------- C:\WINDOWS\MP130,110
2007-07-25 17:53 <REP> d-------- C:\Program Files\Canon
2007-07-19 23:00 <REP> d-------- C:\Program Files\IncrediMail
2007-07-18 14:17 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\Talkback
2007-07-02 23:15 <REP> d-------- C:\DOCUME~1\Nejma\APPLIC~1\Ulead Systems
2007-07-02 23:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-07-02 23:14 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-07-02 23:14 47,616 --a------ C:\WINDOWS\system\IYUV_32.DLL
2007-07-02 22:34 65,536 --a------ C:\WINDOWS\amcap533.exe
2007-07-02 22:34 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
2007-07-02 22:34 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL
2007-07-02 22:34 131,072 --a------ C:\WINDOWS\system\SP5X_32.DLL
2007-07-02 22:34 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2007-07-02 22:34 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys
2007-07-02 22:34 <REP> d-------- C:\WINDOWS\Setup533


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 14:29 1447 --a------ C:\WINDOWS\mozver.dat
2007-07-31 19:43 --------- d-------- C:\Program Files\a-squared Free
2007-07-30 23:41 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-27 16:35 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-07-25 18:10 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Arcsoft
2007-07-25 17:57 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 17:57 --------- d-------- C:\Program Files\ArcSoft
2007-07-22 13:54 --------- d-------- C:\Program Files\Ludiclub
2007-07-22 13:48 29424 --a------ C:\DOCUME~1\Nejma\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-14 14:59 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\dvdcss
2007-07-11 00:00 70818 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-07-11 00:00 458682 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-04 01:54 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Skype
2007-07-02 22:36 --------- d-------- C:\Program Files\Ulead Systems
2007-07-01 15:03 --------- d-------- C:\Program Files\MSN Messenger
2007-07-01 15:03 --------- d-------- C:\Program Files\Messenger
2007-06-27 21:06 --------- d-------- C:\Program Files\Skype
2007-06-27 21:06 --------- d-------- C:\Program Files\Fichiers communs\Skype
2007-06-27 13:10 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-06-23 16:05 512 --ah----- C:\os466477.bin
2007-06-21 13:11 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Screenshot Sender
2007-06-11 21:19 --------- d-------- C:\Program Files\Athan
2007-06-11 16:09 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-06 12:24 --------- d-------- C:\Program Files\Windows Live
2007-06-05 21:28 --------- d-------- C:\Program Files\Akimania
2007-06-03 19:58 --------- d-------- C:\DOCUME~1\Nejma\APPLIC~1\Paltalk
2007-06-01 15:50 --------- d-------- C:\Program Files\Paltalk Messenger
2007-05-25 19:27 25088 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-21 16:18 135519 --a------ C:\WINDOWS\HPHins11.dat
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-09 19:23 0 -rahs---- C:\MSDOS.SYS
2007-05-09 19:23 0 -rahs---- C:\IO.SYS
2007-05-08 21:45 0 --a------ C:\WINDOWS\nsreg.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-02 00:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Fichiers communs\viroq.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=C:\WINDOWS\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
C:\DOCUME~1\Nejma\LOCALS~1\Temp\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]
C:\WINDOWS\System32\quzi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]
C:\WINDOWS\Temp\startdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsfgljawdc]
c:\windows\system32\tsfgljawdc.exe tsfgljawdc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Config System]
config.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SLService"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"ATI Smart"=2 (0x2)
"a2free"=2 (0x2)

R0 agpCPQ;Filtre de bus AGP Compaq;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver;C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 Slntamr;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 RecAgent;recagent;\??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 01:41:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 1:44:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 01:43
C:\ComboFix2.txt ... 2007-08-01 19:28

--- E O F ---

Et enfin, log de hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 01:45:44, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Documents and Settings\Nejma\Mes documents\infection\hijackthis\Ninie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178640838812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe