Votre question

HELP !! pages internet redirigées

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Décembre 2007 23:40:47

bonjour

Mes pages internet sont systematiquement redirigées vers d'autres pages non demandées (webprayers..)

Quelle est la marche a suivre pour eradiquer le probleme ?

Merci

Autres pages sur : help pages internet redirigees

8 Décembre 2007 01:56:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:01, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamourgouyette.spaces.live.com//PhotoUpload/MsnP...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamourgouyette.spaces.live.com/PhotoUpload/MsnPU...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13FD772-BEA9-40A7-B1BC-C5753A207CBF}: NameServer = 130.244.127.161,130.244.127.162
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O21 - SSODL: E404Helper - {16014d35-528f-483e-a847-1ab8c053c3a6} - e404d.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7866 bytes
Contenus similaires
8 Décembre 2007 17:10:20

Re

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
10 Décembre 2007 13:28:32

ComboFix 07-12-09.1 - admin 2007-12-10 13:10:13.1 - NTFSx86
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTNDIS
-------\LEGACY_SYSLIBRARY
-------\ntndis
-------\SysLibrary
-------\xpdx


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))))))))
.

2007-12-09 05:53 . 2007-12-09 06:03 <REP> d-------- C:\Documents and Settings\admin\barre d outils
2007-12-07 11:47 . 2007-12-07 11:48 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-06 23:18 . 2007-12-06 23:18 <REP> d-------- C:\Documents and Settings\admin\Application Data\Grisoft
2007-12-06 23:17 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-06 13:16 . 2007-12-06 13:39 423 --a------ C:\WINDOWS\cdplayer.ini
2007-12-03 21:30 . 2007-12-03 22:31 46,592 --a------ C:\WINDOWS\system32\e404d.dll
2007-12-02 23:19 . 2007-12-02 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-30 23:48 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-30 23:48 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-30 23:48 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-30 23:48 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-30 23:48 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 23:48 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-30 23:47 . 2007-11-30 23:47 <REP> d-------- C:\Program Files\Alwil Software
2007-11-30 23:47 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-30 23:47 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-30 21:52 . 2007-11-30 21:52 <REP> d-------- C:\Program Files\CCleaner
2007-11-28 14:34 . 2007-11-28 14:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft
2007-11-28 14:34 . 2007-11-28 14:34 <REP> d-------- C:\Documents and Settings\admin\Application Data\Emjysoft
2007-11-21 18:18 . 2007-11-21 18:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-20 23:13 . 2007-10-20 01:56 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-20 23:13 . 2007-10-20 01:56 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-11-20 23:13 . 2007-10-20 01:56 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-11-20 23:12 . 2007-11-20 23:14 <REP> d-------- C:\Program Files\DivX
2007-11-20 23:07 . 2007-11-20 23:12 17,807,632 --a------ C:\Program Files\DivXInstaller.exe
2007-11-20 22:20 . 2007-11-20 22:20 2,725,528 --a------ C:\Program Files\ccsetup202.exe
2007-11-19 21:59 . 2004-09-07 13:47 57,344 --------- C:\WINDOWS\Alcxmntr.exe
2007-11-19 21:50 . 2007-11-19 21:50 <REP> d-------- C:\Program Files\HP
2007-11-19 21:25 . 2007-11-19 21:25 <REP> d-------- C:\WINDOWS\Options
2007-11-19 21:25 . 2007-11-19 21:25 <REP> d-------- C:\Program Files\Philips
2007-11-19 21:25 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe
2007-11-19 21:25 . 2005-02-26 16:25 91,527 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-11-19 21:25 . 2004-04-26 15:48 53,248 --a------ C:\WINDOWS\amcap.exe
2007-11-19 19:29 . 2007-11-19 19:29 1,004,197 --a------ C:\WINDOWS\system32\Tokio Hotel.scr
2007-11-19 18:21 . 2004-06-09 15:37 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2007-11-18 20:37 . 2004-02-25 18:00 40,448 --------- C:\WINDOWS\system32\ChCfg.exe
2007-11-18 20:36 . 2007-11-18 20:36 <REP> d-------- C:\Program Files\Realtek AC97
2007-11-18 20:36 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-11-18 20:35 . 2004-09-20 15:20 16,121,856 --------- C:\WINDOWS\system32\alsndmgr.cpl
2007-11-18 20:35 . 2004-09-21 11:13 9,196,032 --------- C:\WINDOWS\system32\RTLCPL.exe
2007-11-18 20:35 . 2004-09-10 10:12 208,896 --------- C:\WINDOWS\alcupd.exe
2007-11-18 20:35 . 2004-09-07 14:23 156,672 --------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-11-18 20:35 . 2002-02-05 13:54 141,016 --------- C:\WINDOWS\system32\alsndmgr.wav
2007-11-18 20:35 . 2004-09-01 20:04 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-11-18 20:35 . 2004-09-16 20:39 69,632 --a------ C:\WINDOWS\soundman.exe
2007-11-18 13:22 . 2007-11-20 22:58 <REP> d-------- C:\Program Files\Roland Garros 2007
2007-11-18 00:46 . 2007-11-18 01:00 17,788,920 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe
2007-11-15 15:31 . 2007-11-15 15:34 <REP> d-------- C:\Documents and Settings\admin\Application Data\Scribus
2007-11-15 14:20 . 2007-11-15 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-15 14:18 . 2007-11-15 14:18 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-14 22:56 . 2007-11-30 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-14 21:47 . 2007-11-14 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2007-11-14 21:47 . 2007-11-14 21:47 <REP> d-------- C:\Documents and Settings\admin\Application Data\eBay
2007-11-13 20:56 . 2007-11-13 20:56 <REP> d-------- C:\Program Files\Trend Micro
2007-11-13 14:37 . 2007-11-13 14:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-13 14:36 . 2007-02-12 14:07 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-13 14:36 . 2007-02-12 13:05 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-13 12:13 . 2007-11-13 12:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-12 01:24 . 2007-11-12 01:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-10 10:46 . 2007-11-10 10:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-10 10:46 . 2007-11-10 10:49 <REP> d-------- C:\Documents and Settings\admin\Application Data\PlayFirst

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 11:57 --------- d-----w C:\Documents and Settings\admin\Application Data\WholeSecurity
2007-12-09 05:51 --------- d-----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2007-12-07 23:19 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-07 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-06 20:27 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-12-06 19:13 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 23:54 --------- d-----w C:\Program Files\Windows Live
2007-11-19 20:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 20:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-14 20:32 --------- d-----w C:\Program Files\Ahead
2007-11-10 09:49 --------- d-----w C:\Documents and Settings\admin\Application Data\Zylom
2007-11-10 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-08 15:42 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-11-08 15:42 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-08 15:41 --------- d-----w C:\Program Files\Real
2007-11-08 00:43 --------- d-----w C:\Program Files\Design Science
2007-11-02 20:54 --------- d-----w C:\Documents and Settings\admin\Application Data\NeroVision
2007-11-01 10:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Datel
2007-10-31 19:18 --------- d-----w C:\Program Files\Logitech
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-22 12:14 --------- d-----w C:\Documents and Settings\admin\Application Data\Windows Desktop Search
2007-10-22 11:26 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-22 11:25 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-22 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-25 13:34 5,120 --sha-w C:\Program Files\Thumbs.db
2007-02-15 14:36 99,391,568 ----a-w C:\Program Files\openoffice-org_openoffice.org_2.1.0_francais_10677.exe
2006-11-30 15:34 57,115,310 -c--a-w C:\Program Files\openofficeorg3.cab
2006-11-30 15:34 3,293,189 -c--a-w C:\Program Files\openofficeorg4.cab
2006-11-30 15:25 15,519,277 -c--a-w C:\Program Files\openofficeorg2.cab
2006-11-30 15:22 18,447,022 -c--a-w C:\Program Files\openofficeorg1.cab
2006-11-30 15:17 5,298,688 -c--a-w C:\Program Files\openofficeorg21.msi
2006-07-17 09:52 1,351,168 -c--a-w C:\Program Files\Setup.msi
2005-08-06 09:35 2,383,872 -c--a-w C:\Program Files\cursorxp_free.exe
2004-08-10 09:52 5,583,277 ----a-w C:\Program Files\_SETUP.1
2004-08-10 09:52 5 -c--a-w C:\Program Files\DISK1.ID
2004-08-10 09:52 34 -c--a-w C:\Program Files\SETUP.INI
2004-08-10 09:52 207,520 -c--a-w C:\Program Files\_SETUP.LIB
2004-08-10 09:52 1,551 -c--a-w C:\Program Files\SETUP.PKG
2004-03-04 02:28 6,446 ----a-w C:\Program Files\SETUP.LST
2001-09-25 20:05 1,707,856 ----a-w C:\Program Files\InstMsiA.Exe
2001-09-11 23:04 1,821,008 ----a-w C:\Program Files\InstMsiW.Exe
2000-03-14 22:00 142,848 ----a-w C:\Program Files\setup1.exe
1999-04-08 09:26 81,342 ----a-w C:\Program Files\SETUP.INS
1999-03-23 07:12 8,192 ----a-w C:\Program Files\_ISDEL.EXE
1999-03-23 07:12 6,128 ----a-w C:\Program Files\_SETUP.DLL
1999-03-23 07:12 45,312 ----a-w C:\Program Files\SETUP.EXE
1999-03-23 07:12 294,079 -c--a-w C:\Program Files\_INST32I.EX_
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-09-03 14:25]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 15:25]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-08 16:42]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 17:35]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 20:39 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {16014d35-528f-483e-a847-1ab8c053c3a6} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-10-14 11:20 1224754 --------- C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rg]
2007-05-23 11:53 1441792 --a------ C:\Program Files\Roland Garros 2007\oneclick.exe

R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 Z550bus;Sony Ericsson Z550 driver (WDM);C:\WINDOWS\system32\DRIVERS\Z550bus.sys
S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\Z550mdfl.sys
S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\Z550mdm.sys
S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\Z550mgmt.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 14:04:31 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-10 12:16:08 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-04 15:41:45 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\admin\LOCALS~1\Temp\bgeteorq3B53D6D.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 13:16:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 13:21:23 - machine was rebooted
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:51, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamourgouyette.spaces.live.com//PhotoUpload/MsnP...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamourgouyette.spaces.live.com/PhotoUpload/MsnPU...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13FD772-BEA9-40A7-B1BC-C5753A207CBF}: NameServer = 130.244.127.161,130.244.127.162
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O21 - SSODL: E404Helper - {16014d35-528f-483e-a847-1ab8c053c3a6} - e404d.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8817 bytes

10 Décembre 2007 14:12:24

Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\e404d.dll
C:\DOCUME~1\admin\LOCALS~1\Temp\bgeteorq3B53D6D.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"=-


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
11 Décembre 2007 11:57:37

ComboFix 07-12-09.1 - admin 2007-12-11 11:40:19.2 - NTFSx86
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\admin\LOCALS~1\Temp\bgeteorq3B53D6D.dll
C:\WINDOWS\system32\e404d.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\e404d.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.

2007-12-09 05:53 . 2007-12-09 06:03 <REP> d-------- C:\Documents and Settings\admin\barre d outils
2007-12-07 11:47 . 2007-12-07 11:48 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-06 23:18 . 2007-12-06 23:18 <REP> d-------- C:\Documents and Settings\admin\Application Data\Grisoft
2007-12-06 23:17 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-06 13:16 . 2007-12-06 13:39 423 --a------ C:\WINDOWS\cdplayer.ini
2007-12-02 23:19 . 2007-12-02 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-30 23:48 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-30 23:48 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-30 23:48 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-30 23:48 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-30 23:48 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 23:48 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-30 23:47 . 2007-11-30 23:47 <REP> d-------- C:\Program Files\Alwil Software
2007-11-30 23:47 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-30 23:47 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-30 21:52 . 2007-11-30 21:52 <REP> d-------- C:\Program Files\CCleaner
2007-11-28 14:34 . 2007-11-28 14:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft
2007-11-28 14:34 . 2007-11-28 14:34 <REP> d-------- C:\Documents and Settings\admin\Application Data\Emjysoft
2007-11-21 18:18 . 2007-11-21 18:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-20 23:13 . 2007-10-20 01:56 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-20 23:13 . 2007-10-20 01:56 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-11-20 23:13 . 2007-10-20 01:56 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-11-20 23:12 . 2007-11-20 23:14 <REP> d-------- C:\Program Files\DivX
2007-11-20 23:07 . 2007-11-20 23:12 17,807,632 --a------ C:\Program Files\DivXInstaller.exe
2007-11-20 22:20 . 2007-11-20 22:20 2,725,528 --a------ C:\Program Files\ccsetup202.exe
2007-11-19 21:59 . 2004-09-07 13:47 57,344 --------- C:\WINDOWS\Alcxmntr.exe
2007-11-19 21:50 . 2007-11-19 21:50 <REP> d-------- C:\Program Files\HP
2007-11-19 21:25 . 2007-11-19 21:25 <REP> d-------- C:\WINDOWS\Options
2007-11-19 21:25 . 2007-11-19 21:25 <REP> d-------- C:\Program Files\Philips
2007-11-19 21:25 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe
2007-11-19 21:25 . 2005-02-26 16:25 91,527 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-11-19 21:25 . 2004-04-26 15:48 53,248 --a------ C:\WINDOWS\amcap.exe
2007-11-19 19:29 . 2007-11-19 19:29 1,004,197 --a------ C:\WINDOWS\system32\Tokio Hotel.scr
2007-11-19 18:21 . 2004-06-09 15:37 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2007-11-18 20:37 . 2004-02-25 18:00 40,448 --------- C:\WINDOWS\system32\ChCfg.exe
2007-11-18 20:36 . 2007-11-18 20:36 <REP> d-------- C:\Program Files\Realtek AC97
2007-11-18 20:36 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-11-18 20:35 . 2004-09-20 15:20 16,121,856 --------- C:\WINDOWS\system32\alsndmgr.cpl
2007-11-18 20:35 . 2004-09-21 11:13 9,196,032 --------- C:\WINDOWS\system32\RTLCPL.exe
2007-11-18 20:35 . 2004-09-10 10:12 208,896 --------- C:\WINDOWS\alcupd.exe
2007-11-18 20:35 . 2004-09-07 14:23 156,672 --------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-11-18 20:35 . 2002-02-05 13:54 141,016 --------- C:\WINDOWS\system32\alsndmgr.wav
2007-11-18 20:35 . 2004-09-01 20:04 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-11-18 20:35 . 2004-09-16 20:39 69,632 --a------ C:\WINDOWS\soundman.exe
2007-11-18 13:22 . 2007-11-20 22:58 <REP> d-------- C:\Program Files\Roland Garros 2007
2007-11-18 00:46 . 2007-11-18 01:00 17,788,920 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe
2007-11-15 15:31 . 2007-11-15 15:34 <REP> d-------- C:\Documents and Settings\admin\Application Data\Scribus
2007-11-15 14:20 . 2007-11-15 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-15 14:18 . 2007-11-15 14:18 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-14 22:56 . 2007-11-30 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-14 21:47 . 2007-11-14 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2007-11-14 21:47 . 2007-11-14 21:47 <REP> d-------- C:\Documents and Settings\admin\Application Data\eBay
2007-11-13 20:56 . 2007-11-13 20:56 <REP> d-------- C:\Program Files\Trend Micro
2007-11-13 14:37 . 2007-11-13 14:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-13 14:36 . 2007-02-12 14:07 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-13 14:36 . 2007-02-12 13:05 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-13 14:36 . 2007-02-12 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-13 12:13 . 2007-11-13 12:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-12 01:24 . 2007-11-12 01:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 10:39 --------- d-----w C:\Documents and Settings\admin\Application Data\WholeSecurity
2007-12-09 05:51 --------- d-----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2007-12-07 23:19 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-07 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-06 20:27 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-12-06 19:13 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 23:54 --------- d-----w C:\Program Files\Windows Live
2007-11-19 20:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 20:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-14 20:32 --------- d-----w C:\Program Files\Ahead
2007-11-10 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-10 09:49 --------- d-----w C:\Documents and Settings\admin\Application Data\Zylom
2007-11-10 09:49 --------- d-----w C:\Documents and Settings\admin\Application Data\PlayFirst
2007-11-10 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-08 15:42 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-11-08 15:42 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-08 15:41 --------- d-----w C:\Program Files\Real
2007-11-08 00:43 --------- d-----w C:\Program Files\Design Science
2007-11-02 20:54 --------- d-----w C:\Documents and Settings\admin\Application Data\NeroVision
2007-11-01 10:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Datel
2007-10-31 19:18 --------- d-----w C:\Program Files\Logitech
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-22 12:14 --------- d-----w C:\Documents and Settings\admin\Application Data\Windows Desktop Search
2007-10-22 11:26 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-22 11:25 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-22 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-25 13:34 5,120 --sha-w C:\Program Files\Thumbs.db
2007-02-15 14:36 99,391,568 ----a-w C:\Program Files\openoffice-org_openoffice.org_2.1.0_francais_10677.exe
2006-11-30 15:34 57,115,310 -c--a-w C:\Program Files\openofficeorg3.cab
2006-11-30 15:34 3,293,189 -c--a-w C:\Program Files\openofficeorg4.cab
2006-11-30 15:25 15,519,277 -c--a-w C:\Program Files\openofficeorg2.cab
2006-11-30 15:22 18,447,022 -c--a-w C:\Program Files\openofficeorg1.cab
2006-11-30 15:17 5,298,688 -c--a-w C:\Program Files\openofficeorg21.msi
2006-07-17 09:52 1,351,168 -c--a-w C:\Program Files\Setup.msi
2005-08-06 09:35 2,383,872 -c--a-w C:\Program Files\cursorxp_free.exe
2004-08-10 09:52 5,583,277 ----a-w C:\Program Files\_SETUP.1
2004-08-10 09:52 5 -c--a-w C:\Program Files\DISK1.ID
2004-08-10 09:52 34 -c--a-w C:\Program Files\SETUP.INI
2004-08-10 09:52 207,520 -c--a-w C:\Program Files\_SETUP.LIB
2004-08-10 09:52 1,551 -c--a-w C:\Program Files\SETUP.PKG
2004-03-04 02:28 6,446 ----a-w C:\Program Files\SETUP.LST
2001-09-25 20:05 1,707,856 ----a-w C:\Program Files\InstMsiA.Exe
2001-09-11 23:04 1,821,008 ----a-w C:\Program Files\InstMsiW.Exe
2000-03-14 22:00 142,848 ----a-w C:\Program Files\setup1.exe
1999-04-08 09:26 81,342 ----a-w C:\Program Files\SETUP.INS
1999-03-23 07:12 8,192 ----a-w C:\Program Files\_ISDEL.EXE
1999-03-23 07:12 6,128 ----a-w C:\Program Files\_SETUP.DLL
1999-03-23 07:12 45,312 ----a-w C:\Program Files\SETUP.EXE
1999-03-23 07:12 294,079 -c--a-w C:\Program Files\_INST32I.EX_
.

((((((((((((((((((((((((((((( snapshot@2007-12-10_13.19.11.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-12-11 10:46:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-09-03 14:25]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 15:25]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-08 16:42]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 17:35]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 20:39 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-10-14 11:20 1224754 --------- C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rg]
2007-05-23 11:53 1441792 --a------ C:\Program Files\Roland Garros 2007\oneclick.exe

R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\system32\DRIVERS\fhlpppoe.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 Z550bus;Sony Ericsson Z550 driver (WDM);C:\WINDOWS\system32\DRIVERS\Z550bus.sys
S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\Z550mdfl.sys
S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\Z550mdm.sys
S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\Z550mgmt.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 14:04:31 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-11 10:46:05 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-04 15:41:45 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\admin\LOCALS~1\Temp\bgeteorq3B53D6D.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 11:46:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 11:52:31 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-10 13:21
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:17, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lamourgouyette.spaces.live.com//PhotoUpload/MsnP...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lamourgouyette.spaces.live.com/PhotoUpload/MsnPU...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13FD772-BEA9-40A7-B1BC-C5753A207CBF}: NameServer = 130.244.127.161,130.244.127.162
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9039 bytes

12 Décembre 2007 00:21:05

KASPERSKY ON-LINE SCANNER REPORT
Wednesday, December 12, 2007 12:20:52 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 11/12/2007
Enregistrements dans la base antivirus Kaspersky : 449752


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
E:\
F:\
G:\
H:\
I:\

Statistiques de l'analyse
Total d'objets analysés 60265
Nombre de virus trouvés 2
Nombre d'objets infectés 4 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:38:13

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\admin\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\frederique_lamour@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\frederique_lamour@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\frederique_lamour@hotmail.com\SharingMetadata\Working\database_40FC_42A_FC04_1D32\dfsr.db L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\frederique_lamour@hotmail.com\SharingMetadata\Working\database_40FC_42A_FC04_1D32\fsr.log L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\frederique_lamour@hotmail.com\SharingMetadata\Working\database_40FC_42A_FC04_1D32\fsrtmp.log L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\frederique_lamour@hotmail.com\SharingMetadata\Working\database_40FC_42A_FC04_1D32\tmp.edb L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\frederique_lamour@hotmail.com\real\members.stg L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\frederique_lamour@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Historique\History.IE5\MSHist012007121120071212\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Temp\Acr8856.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Temp\~DF16EA.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Temp\~DF6E58.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Temp\~DF6E63.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Temp\~DF8E67.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Temp\~DF8E7F.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\admin\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\admin\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\admin\UserData\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.30.Crwl L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.30.gthr L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wsb L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy69.gthr L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf4.tmp L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_710.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré

C:\qoobox\Quarantine\C\WINDOWS\system32\e404d.dll.vir Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré

C:\qoobox\Quarantine\catchme2007-12-10_131614.23.zip/xpdx.sys Infecté : Trojan.Win32.Pakes.el ignoré

C:\qoobox\Quarantine\catchme2007-12-10_131614.23.zip ZIP: infecté - 1 ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{7530BD80-93B0-4679-8285-6EEBCCBC2463}\RP397\A0175363.dll Infecté : Trojan-Downloader.Win32.Agent.fsi ignoré

C:\System Volume Information\_restore{7530BD80-93B0-4679-8285-6EEBCCBC2463}\RP398\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\EventCache\{EDA61964-A361-478C-AEB6-F0A08F34531F}.bin L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.
12 Décembre 2007 21:57:59

Bonjour


Rien de méchant.

Supprime C:\qoobox.


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


Redémarre le PC


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Décocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


As tu encore des dysfonctionnements ?
13 Décembre 2007 23:38:47

Tout est ok ! merci beaucoup...
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS