Se connecter / S'enregistrer
Votre question

cheval de troie (resolu)

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Octobre 2007 14:13:16

bonjour
apparemment mon ordi est infecté par un cheval de troie. l'ordi est ralenti et parfois se bloque. une analyse avast me dit que c un cheval de troie. comment puis-je m'en débarasser? merci

Autres pages sur : cheval troie resolu

7 Octobre 2007 14:37:20

Logfile of HijackThis v1.99.1
Scan saved at 14:35:31, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\System Soap Pro\soap.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\E2Com.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: (no name) - {C4197A5C-21E1-05C9-66F7-59616FC28868} - (no file)
O2 - BHO: bhoEvents Class - {FC4C5EAE-66EE-11D4-BC67-0000E8E582D2} - C:\WINDOWS\e2bho.dll
O3 - Toolbar: (no name) - {B8672BDE-6767-C26B-4517-C1D12B6DE148} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Configuration Loader] SERVlCES.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\RunServices: [Configuration Loader] SERVlCES.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: EasyClick - {05575EC1-B47D-11d3-8F04-00105A9965CA} - C:\WINDOWS\e2bar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.consoclicker.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} (EasyClick Control) - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://kit.pur-sexe.ch/k59/14/pur-sexe.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthak...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09fa9783d26482265506/netzip...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/house...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D947780-AA98-42AF-8B6E-D1FA7D4786F6} (Installer Control) - http://sofres.ath.cx/installer.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDe...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: drivers - {67C0F64E-7F3C-4EED-B6A7-E4C3F48379D9} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Contenus similaires
7 Octobre 2007 15:26:29

Re

Plusieurs infections visibles.

Télécharge BTFix de Bibi26
http://www.bibi26.power-heberg.com/logiciels/BTFix.zip de Bibi26
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
7 Octobre 2007 15:53:11

BTFix 1.050 (par bibi26) - 07/10/2007 15:50:52 - Analyse

---> Fichiers/Dossiers trouvés

- C:\Program Files\MyWebSearch
- C:\Program Files\FunWebProducts
- C:\Program Files\MSN Messenger\RICHED20.dll
- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
- C:\Documents and Settings\Mikaël le moing\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk

---> Analyse terminée
7 Octobre 2007 18:37:53

Re

$$ Télécharge
SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...

CCleaner.
http://www.pcastuces.com/logitheque/ccleaner.htm
Installe le.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner

Clique sur Options, Avancé et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Ne touche pas aux autres réglages.


$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Lance le nettoyage avec CCleaner.


$$ Ouvre BTFix.
Clique sur Nettoyer
Un rapport va apparaître, sauvegarde le.


$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche


Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis et le rapport de BTFix.
7 Octobre 2007 22:58:19


SDFix: Version 1.107

Run by Mika‰l le moing on 07/10/2007 at 22:21

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\album62.zip - Deleted
C:\WINDOWS\album92.zip - Deleted
C:\WINDOWS\photo96.zip - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\8520111\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\8520111\\Program\\fspex.exe:*:Enabled:Securitoo Antivirus Firewall"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 7 May 2006 10,886 A..H. --- "C:\Program Files\GV Everest Poker.net\udhglstl.tmp"
Mon 13 Dec 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 10 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 31 May 2005 1,509,888 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Application Data\Microsoft\Word\~WRL0473.tmp"
Tue 31 May 2005 1,781,760 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Application Data\Microsoft\Word\~WRL0746.tmp"
Tue 31 May 2005 730,624 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Application Data\Microsoft\Word\~WRL0820.tmp"
Tue 31 May 2005 1,095,680 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Application Data\Microsoft\Word\~WRL0951.tmp"
Tue 31 May 2005 474,624 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Application Data\Microsoft\Word\~WRL1090.tmp"
Tue 31 May 2005 1,329,152 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Application Data\Microsoft\Word\~WRL1684.tmp"
Tue 31 May 2005 339,456 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Application Data\Microsoft\Word\~WRL3118.tmp"
Mon 13 Dec 2004 4,348 ...H. --- "C:\Documents and Settings\Mika‰l le moing\Bureau\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 24 Sep 2006 20 A..H. --- "C:\Documents and Settings\Mika‰l le moing\Bureau\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 13 Dec 2004 400 A.SH. --- "C:\Documents and Settings\Mika‰l le moing\Bureau\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!
Logfile of HijackThis v1.99.1
Scan saved at 22:57:28, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\System Soap Pro\soap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: (no name) - {C4197A5C-21E1-05C9-66F7-59616FC28868} - (no file)
O2 - BHO: bhoEvents Class - {FC4C5EAE-66EE-11D4-BC67-0000E8E582D2} - C:\WINDOWS\e2bho.dll
O3 - Toolbar: (no name) - {B8672BDE-6767-C26B-4517-C1D12B6DE148} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: EasyClick - {05575EC1-B47D-11d3-8F04-00105A9965CA} - C:\WINDOWS\e2bar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.consoclicker.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} (EasyClick Control) - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://kit.pur-sexe.ch/k59/14/pur-sexe.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthak...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09fa9783d26482265506/netzip...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/house...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D947780-AA98-42AF-8B6E-D1FA7D4786F6} (Installer Control) - http://sofres.ath.cx/installer.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDe...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: drivers - {67C0F64E-7F3C-4EED-B6A7-E4C3F48379D9} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

le rapport btfix suit
8 Octobre 2007 08:14:25

le nettoyage avec bt fix ne se fait pas malgré une nuit entiere
8 Octobre 2007 10:50:38

Bonjour

Ce que je ne comprend pas, c'est qu'il aurait du être fait avant SDFix en mode sans échec.

Est ce que tu as lancé le nettoyage en mode sans échec ou en mode normal ?

On change.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
.



$$ Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)


$$ FAIS UN CLIC-DROIT sur le lien suivant
http://perso.orange.fr/Chercheur-perso/scripts/toolbar....
et choisis "Enregistrer la cible sous..." afin de télécharger Toolbar.bfu de Chercheur
Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Toolbar.bfu et BFU.exe (très important).


$$ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Toolbar.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Toolbar.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.

Clique Exit pour fermer le programme BFU.


$$ Redémarre normalement

Poste un nouveau hijackthis
8 Octobre 2007 18:35:21

je vais faire ca mais j'avaiqs bien fait btfix en modfe sans echec avant sdfix
8 Octobre 2007 18:48:23

ca y est j'ai fait la manip voici le rapport
Logfile of HijackThis v1.99.1
Scan saved at 18:46:39, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\System Soap Pro\soap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: (no name) - {C4197A5C-21E1-05C9-66F7-59616FC28868} - (no file)
O2 - BHO: bhoEvents Class - {FC4C5EAE-66EE-11D4-BC67-0000E8E582D2} - C:\WINDOWS\e2bho.dll
O3 - Toolbar: (no name) - {B8672BDE-6767-C26B-4517-C1D12B6DE148} - (no file)
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: EasyClick - {05575EC1-B47D-11d3-8F04-00105A9965CA} - C:\WINDOWS\e2bar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.consoclicker.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} (EasyClick Control) - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://kit.pur-sexe.ch/k59/14/pur-sexe.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthak...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09fa9783d26482265506/netzip...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/house...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D947780-AA98-42AF-8B6E-D1FA7D4786F6} (Installer Control) - http://sofres.ath.cx/installer.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDe...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: drivers - {67C0F64E-7F3C-4EED-B6A7-E4C3F48379D9} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

8 Octobre 2007 23:13:30

Bien, c'est plus propre, mais il en reste encore.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
9 Octobre 2007 21:07:38

ComboFix 07-10-09.3 - Mika‰l le moing 2007-10-09 20:35:57.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.142 [GMT 2:00]
Running from: C:\Documents and Settings\Mika‰l le moing\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\images03.zip
C:\WINDOWS\images03.zip
C:\WINDOWS\images030.zip
C:\WINDOWS\images030.zip
C:\WINDOWS\images066.zip
C:\WINDOWS\images066.zip
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((((((( Fichiers créés 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))))))
.

2007-10-09 20:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 18:24 <REP> d-------- C:\BFU
2007-10-07 22:19 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-07 14:34 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-10-02 18:22 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-10-02 18:22 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-02 18:22 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-02 18:18 <REP> d-------- C:\Program Files\DK
2007-09-30 21:06 <REP> d-------- C:\Program Files\Macrogaming
2007-09-26 17:18 8,751,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-26 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 18:54 --------- d-----w C:\Program Files\Wanadoo
2007-10-09 18:46 11,534,336 ----a-w C:\Documents and Settings\Mikaël le moing\ntuser.dat
2007-10-09 18:46 105,692 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-08 16:46 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-10-02 16:23 --------- d-----w C:\Program Files\DivX
2007-10-02 16:15 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-29 19:54 --------- d-----w C:\Program Files\Everest Poker
2007-09-06 14:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-28 17:20 --------- d-----w C:\Program Files\eMule
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-18 10:59 4,100 ---ha-w C:\hpothb07.dat
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-06 20:04 25,900 ----a-w C:\WINDOWS\system32\libhelps.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-12-12 18:07 836,090 ----a-w C:\Program Files\audio.exe
2006-07-08 10:01 850 -c-ha-w C:\Documents and Settings\Mikaël le moing\hpothb07.dat
2006-02-25 20:55 4,677,596 ----a-w C:\Program Files\eMule0.47a-Installer.exe
2005-08-30 10:57 164 -c-ha-w C:\Documents and Settings\All Users\hpothb07.dat
2004-12-18 14:21 449 -c-ha-w C:\Program Files\hpothb07.dat
2004-12-18 14:21 1,267 -c-ha-w C:\Program Files\hpothb07.tif
2004-09-26 15:24 5,248,968 ----a-w C:\Program Files\SetupDl.exe
2004-06-03 07:35 32 -c--a-w C:\Program Files\SPAM FIND.dat
2003-09-24 15:56 1,042,416 ----a-w C:\Program Files\Powerpoint_2000_.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4197A5C-21E1-05C9-66F7-59616FC28868}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
"Cmaudio"="cmicnfg.cpl" [2003-03-25 16:34 C:\WINDOWS\CMICNFG.CPL]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [2003-01-08 15:55]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-05 09:55]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 16:19]
"nwiz"="nwiz.exe" [2003-05-02 16:19 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-05-14 12:30]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-10-18 09:36]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-09 16:37]
"FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [2004-11-04 12:03]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 11:45]
"orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 11:40]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Soap Pro"="C:\Program Files\System Soap Pro\soap.exe" [2003-09-09 16:13]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [1724-12-25 21:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" []
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 08:22]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys
S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-09 14:38:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1062081469.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-10-09 14:41:00 C:\WINDOWS\Tasks\WebReg 20030828164106.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 20:47:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 20:59:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 20:59
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 21:06:48, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\System Soap Pro\soap.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: (no name) - {C4197A5C-21E1-05C9-66F7-59616FC28868} - (no file)
O2 - BHO: bhoEvents Class - {FC4C5EAE-66EE-11D4-BC67-0000E8E582D2} - C:\WINDOWS\e2bho.dll
O3 - Toolbar: (no name) - {B8672BDE-6767-C26B-4517-C1D12B6DE148} - (no file)
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\Program Files\System Soap Pro\soap.exe min
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: EasyClick - {05575EC1-B47D-11d3-8F04-00105A9965CA} - C:\WINDOWS\e2bar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.consoclicker.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} (EasyClick Control) - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://kit.pur-sexe.ch/k59/14/pur-sexe.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthak...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09fa9783d26482265506/netzip...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/house...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D947780-AA98-42AF-8B6E-D1FA7D4786F6} (Installer Control) - http://sofres.ath.cx/installer.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDe...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

voila les rapports
9 Octobre 2007 23:49:07

Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\e2bho.dll
C:\WINDOWS\e2bar.dll
C:\WINDOWS\Downloaded Program files\pur-sexe.exe
C:\WINDOWS\Downloaded Program files\systemsoappro.cab
C:\WINDOWS\Downloaded Program files\RdxIE601_fr.cab
C:\WINDOWS\Downloaded Program files\AccesMembre.cab
C:\WINDOWS\Downloaded Program files\systemsoappro.dll
C:\WINDOWS\Downloaded Program files\RdxIE601_fr.dll
C:\WINDOWS\Downloaded Program files\AccesMembre.dll

Folder::
C:\Program Files\System Soap Pro
C:\Program Files\MyWebSearch

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4197A5C-21E1-05C9-66F7-59616FC28868}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC4C5EAE-66EE-11D4-BC67-0000E8E582D2}]
[-HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{05575EC1-B47D-11d3-8F04-00105A9965CA}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Soap Pro"=-
[-HKCR\CLSID\{27DA08CF-FCDB-C812-102C-35416A233100}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{27DA08CF-FCDB-C812-102C-35416A233100}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27DA08CF-FCDB-C812-102C-35416A233100}]
[-HKCR\CLSID\{421A63BA-4632-43E0-A942-3B4AB645BE51}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{421A63BA-4632-43E0-A942-3B4AB645BE51}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{421A63BA-4632-43E0-A942-3B4AB645BE51}]
[-HKCR\CLSID\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
[-HKCR\CLSID\{D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E}]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
10 Octobre 2007 14:23:16

ComboFix 07-10-09.3 - Mika‰l le moing 2007-10-10 14:00:52.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.36 [GMT 2:00]
Running from: C:\Documents and Settings\Mika‰l le moing\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mika‰l le moing\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\Downloaded Program files\AccesMembre.cab
C:\WINDOWS\Downloaded Program files\AccesMembre.dll
C:\WINDOWS\Downloaded Program files\pur-sexe.exe
C:\WINDOWS\Downloaded Program files\RdxIE601_fr.cab
C:\WINDOWS\Downloaded Program files\RdxIE601_fr.dll
C:\WINDOWS\Downloaded Program files\systemsoappro.cab
C:\WINDOWS\Downloaded Program files\systemsoappro.dll
C:\WINDOWS\e2bar.dll
C:\WINDOWS\e2bho.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\System Soap Pro
C:\Program Files\System Soap Pro\soap.exe
C:\Program Files\System Soap Pro\syslog.txt
C:\WINDOWS\e2bar.dll
C:\WINDOWS\e2bho.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))))))))
.

2007-10-10 00:35 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 20:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 18:24 <REP> d-------- C:\BFU
2007-10-07 22:19 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-07 14:34 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-10-02 18:22 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-10-02 18:22 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-02 18:22 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-02 18:18 <REP> d-------- C:\Program Files\DK
2007-09-30 21:06 <REP> d-------- C:\Program Files\Macrogaming
2007-09-26 17:18 9,256,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-26 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 12:19 --------- d-----w C:\Program Files\Wanadoo
2007-10-10 12:14 111,620 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-10 12:14 11,534,336 ----a-w C:\Documents and Settings\Mikaël le moing\ntuser.dat
2007-10-09 19:06 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-10-02 16:23 --------- d-----w C:\Program Files\DivX
2007-10-02 16:15 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-29 19:54 --------- d-----w C:\Program Files\Everest Poker
2007-09-06 14:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-28 17:20 --------- d-----w C:\Program Files\eMule
2007-08-18 10:59 4,100 ---ha-w C:\hpothb07.dat
2007-08-15 22:33 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-12-12 18:07 836,090 ----a-w C:\Program Files\audio.exe
2006-07-08 10:01 850 -c-ha-w C:\Documents and Settings\Mikaël le moing\hpothb07.dat
2006-02-25 20:55 4,677,596 ----a-w C:\Program Files\eMule0.47a-Installer.exe
2005-08-30 10:57 164 -c-ha-w C:\Documents and Settings\All Users\hpothb07.dat
2004-12-18 14:21 449 -c-ha-w C:\Program Files\hpothb07.dat
2004-12-18 14:21 1,267 -c-ha-w C:\Program Files\hpothb07.tif
2004-09-26 15:24 5,248,968 ----a-w C:\Program Files\SetupDl.exe
2004-06-03 07:35 32 -c--a-w C:\Program Files\SPAM FIND.dat
2003-09-24 15:56 1,042,416 ----a-w C:\Program Files\Powerpoint_2000_.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_20.58.50.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 09:49:19 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 09:49:19 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 09:49:19 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:13:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 09:49:20 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:13:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:13:39 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 09:49:23 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 09:49:24 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 09:49:24 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 09:49:26 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 09:49:26 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 09:49:26 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 09:49:27 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 09:49:27 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 09:49:27 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 09:49:28 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:34 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-19 23:09:39 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 265,216 2007-03-09 11:51:20 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 216,800 2005-10-12 23:15:24 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 394,976 2005-10-12 23:15:43 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:13:53 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 216,800 2007-03-06 01:34:38 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 394,976 2007-03-06 01:35:48 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
-c----w 124,928 2007-06-27 13:22:39 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 10:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 13:22:40 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 10:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 13:22:40 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 13:22:42 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 13:22:45 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 13:22:48 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 13:23:23 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 13:23:23 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 13:23:25 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:28:24 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 13:23:31 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 13:23:32 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 13:23:32 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:58:09 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 13:24:06 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 13:24:07 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 13:24:09 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 13:24:09 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 13:24:10 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 13:24:14 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 13:24:15 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 13:24:19 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 216,800 2007-03-06 01:34:38 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 394,976 2007-03-06 01:35:48 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\spuninst.exe
----a-w 683,520 2007-08-21 06:17:23 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:34 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\SoftwareDistribution\Download\597d86b79933edac6fa897d33c53f918\update\updspapi.dll
----a-w 15,072 2007-03-06 01:34:33 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\spmsg.dll
----a-w 216,800 2007-03-06 01:34:38 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\spuninst.exe
----a-w 124,928 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:22:11 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 09:59:29 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:22:11 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:22:32 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 09:59:30 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 09:59:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 09:49:19 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 09:49:19 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 09:49:19 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:13:10 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 09:49:20 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:13:10 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:13:39 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 09:49:23 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 09:49:24 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 09:49:24 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 09:49:26 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 09:49:26 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 09:49:26 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 09:49:27 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 09:49:27 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 09:49:27 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 09:49:28 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:34:31 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\update\spcustom.dll
----a-w 727,776 2007-03-06 01:34:56 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\update\update.exe
----a-w 394,976 2007-03-06 01:35:48 C:\WINDOWS\SoftwareDistribution\Download\cf14a1fec6e784e2f656a71bf1839c21\update\updspapi.dll
----a-w 15,072 2005-10-12 23:15:23 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\spmsg.dll
----a-w 216,800 2005-10-12 23:15:24 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\spuninst.exe
----a-w 584,192 2007-07-09 13:11:46 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2GDR\rpcrt4.dll
----a-w 121,856 2007-06-12 21:53:14 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2GDR\spru040c.dll
----a-w 582,656 2007-07-09 13:19:28 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2QFE\rpcrt4.dll
----a-w 369,152 2007-06-18 22:24:36 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\SP2QFE\spru040c.dll
----a-w 22,752 2005-10-12 23:15:23 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\update\spcustom.dll
----a-w 727,776 2005-10-12 23:15:26 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\update\update.exe
----a-w 394,976 2005-10-12 23:15:43 C:\WINDOWS\SoftwareDistribution\Download\f481ea94a34c702b77bda577798d89f0\update\updspapi.dll
----a-w 124,928 2007-08-20 09:59:29 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 09:59:29 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 09:59:29 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 09:59:29 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:22:11 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 09:59:29 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 09:59:29 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 09:59:29 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 09:59:29 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 09:59:29 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 09:59:29 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 09:59:30 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:22:11 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-08-21 06:17:23 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-08-20 09:59:30 C:\WINDOWS\system32\jsproxy.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 09:59:30 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 09:59:30 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 09:59:30 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 09:59:30 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 09:59:30 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 09:59:30 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 09:59:31 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:19:28 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-08-20 09:59:31 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 09:59:31 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 09:59:31 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 09:59:31 C:\WINDOWS\system32\wininet.dll
----a-w 369,152 2007-06-18 22:24:36 C:\WINDOWS\system32\xpsp3res.dll
-c----w 124,928 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\icardie.dll
-c----w 63,488 2007-08-17 10:22:11 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-08-20 09:59:29 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:22:11 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c----w 625,152 2007-08-17 10:22:32 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:17:23 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,584,512 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 09:59:30 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 102,400 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 824,832 2007-08-20 09:59:31 C:\WINDOWS\system32\dllcache\wininet.dll
----atw 16,384 2007-10-10 12:15:54 C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat
.
----a-w 124,928 2007-06-27 13:22:39 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 10:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 13:22:40 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 10:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 13:22:40 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 13:22:42 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 13:22:45 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 13:22:48 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 13:23:23 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 13:23:23 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 13:23:25 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-05-16 15:13:53 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-06-27 13:23:31 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 13:23:32 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 13:23:32 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:58:09 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 13:24:06 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 13:24:07 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 13:24:09 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 13:24:09 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-19 23:09:39 C:\WINDOWS\system32\rpcrt4.dll
----a-w 105,984 2007-06-27 13:24:10 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 13:24:14 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 13:24:15 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 13:24:19 C:\WINDOWS\system32\wininet.dll
----a-w 265,216 2007-03-09 11:51:20 C:\WINDOWS\system32\xpsp3res.dll
-c----w 124,928 2007-06-27 13:22:39 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-17 10:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 13:22:40 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-06-27 13:22:40 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-06-27 13:22:42 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 13:22:45 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c----w 384,512 2007-06-27 13:22:48 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 13:23:23 C:\WINDOWS\system32\dllcache\ieframe.dll
-c----w 44,544 2007-06-27 13:23:23 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 13:23:25 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c----w 625,152 2007-06-27 08:28:24 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-05-16 15:13:53 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-06-27 13:23:31 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 13:23:32 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 13:23:32 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,583,488 2007-07-19 06:58:09 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 13:24:06 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-06-27 13:24:07 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 13:24:09 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 102,400 2007-06-27 13:24:09 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 13:24:10 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-06-27 13:24:14 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 13:24:15 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 823,808 2007-06-27 13:24:19 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
"Cmaudio"="cmicnfg.cpl" [2003-03-25 16:34 C:\WINDOWS\CMICNFG.CPL]
"VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [2003-01-08 15:55]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-05 09:55]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 16:19]
"nwiz"="nwiz.exe" [2003-05-02 16:19 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-05-14 12:30]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-10-18 09:36]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-09 16:37]
"FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [2004-11-04 12:03]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 11:45]
"orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 11:40]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [1724-12-25 21:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" []
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 08:22]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys
S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-09 14:38:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1062081469.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-10-09 14:41:00 C:\WINDOWS\Tasks\WebReg 20030828164106.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 14:16:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 14:21:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 14:21
C:\ComboFix2.txt ... 2007-10-09 20:59
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 14:22:53, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: (no name) - {B8672BDE-6767-C26B-4517-C1D12B6DE148} - (no file)
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: EasyClick - {05575EC1-B47D-11d3-8F04-00105A9965CA} - C:\WINDOWS\e2bar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.consoclicker.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} (EasyClick Control) - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://kit.pur-sexe.ch/k59/14/pur-sexe.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthak...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09fa9783d26482265506/netzip...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/house...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D947780-AA98-42AF-8B6E-D1FA7D4786F6} (Installer Control) - http://sofres.ath.cx/installer.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0,3,8/fr/AccesMembre....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDe...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

10 Octobre 2007 15:00:11

Re


Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {B8672BDE-6767-C26B-4517-C1D12B6DE148} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O9 - Extra button: EasyClick - {05575EC1-B47D-11d3-8F04-00105A9965CA} - C:\WINDOWS\e2bar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} (EasyClick Control) - http://www.canalfree.com/ie/pc/sc.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233100} - http://kit.pur-sexe.ch/k59/14/pur-sexe.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ [...] oappro.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09fa97 [...] 601_fr.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {9D947780-AA98-42AF-8B6E-D1FA7D4786F6} (Installer Control) - http://sofres.ath.cx/installer.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1, [...] Membre.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesui [...] tector.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Aide toi de ce lien.
http://www.infos-du-net.com/forum/267224-11-scan-ligne-...
10 Octobre 2007 21:58:19

KASPERSKY ON-LINE SCANNER REPORT
Wednesday, October 10, 2007 9:56:21 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 10/10/2007
Enregistrements dans la base antivirus Kaspersky : 404155
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
Statistiques de l'analyse
Total d'objets analysés 111045
Nombre de virus trouvés 3
Nombre d'objets infectés 12 / 0
Nombre d'objets suspects 0
Durée de l'analyse 02:30:13

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\.jpi_cache\jar\1.0\archive.jar-1bb10264-6d965d77.0ip/A.class Infecté : Exploit.Java.ByteVerify ignoré
C:\Documents and Settings\Mikaël le moing\.jpi_cache\jar\1.0\archive.jar-1bb10264-6d965d77.0ip/BlackBox.class Infecté : Exploit.Java.ByteVerify ignoré
C:\Documents and Settings\Mikaël le moing\.jpi_cache\jar\1.0\archive.jar-1bb10264-6d965d77.0ip ZIP: infecté - 2 ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Camfrog\immessagesu.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\ybookmarks@yahoo.log L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Messenger\mike.le-moing@wanadoo.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Messenger\mike.le-moing@wanadoo.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Messenger\mike.le-moing@wanadoo.fr\SharingMetadata\Working\database_2E74_D283_74D2_4CE9\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Messenger\mike.le-moing@wanadoo.fr\SharingMetadata\Working\database_2E74_D283_74D2_4CE9\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Messenger\mike.le-moing@wanadoo.fr\SharingMetadata\Working\database_2E74_D283_74D2_4CE9\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Messenger\mike.le-moing@wanadoo.fr\SharingMetadata\Working\database_2E74_D283_74D2_4CE9\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Outlook\outlook.pst L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Windows Live Contacts\mike.le-moing@wanadoo.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Microsoft\Windows Live Contacts\mike.le-moing@wanadoo.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k83n6am.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Documents.dfd L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Documents.did L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Documents.dsd L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Keywords.kdb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Keywords.kdl L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Keywords.kib L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Keywords.kpf L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Application Data\Orange\Desktop Search\Index\MainChunk\Keywords.ksb L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Historique\History.IE5\MSHist012007101020071011\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temp\Perflib_Perfdata_9c8.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temp\~DF5416.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temp\~DF55CD.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temp\~DF7C41.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temp\~DF7E83.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temp\~DFE04B.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mikaël le moing\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\SDFix\backups\backups.zip/backups/album62.zip/album62.scr Infecté : Backdoor.Win32.IRCBot.acd ignoré
C:\SDFix\backups\backups.zip/backups/album62.zip Infecté : Backdoor.Win32.IRCBot.acd ignoré
C:\SDFix\backups\backups.zip/backups/album92.zip/album92.scr Infecté : Backdoor.Win32.IRCBot.acd ignoré
C:\SDFix\backups\backups.zip/backups/album92.zip Infecté : Backdoor.Win32.IRCBot.acd ignoré
C:\SDFix\backups\backups.zip/backups/photo96.zip/photo96.scr Infecté : Backdoor.Win32.IRCBot.acd ignoré
C:\SDFix\backups\backups.zip/backups/photo96.zip Infecté : Backdoor.Win32.IRCBot.acd ignoré
C:\SDFix\backups\backups.zip ZIP: infecté - 6 ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP1462\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwdbglog.txt L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwpktlog.txt L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\MIKAËL.ldb L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\cmd.ftp Infecté : Trojan-Downloader.BAT.Ftp.cq ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\libhelps.dll Infecté : Backdoor.Win32.IRCBot.acd ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT055f9.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT055fc.TMP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP1462\change.log L'objet est verrouillé ignoré
E:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP1462\change.log L'objet est verrouillé ignoré
Analyse terminée.
10 Octobre 2007 22:35:32

Re

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\Documents and Settings\Mikaël le moing\.jpi_cache\jar\1.0\archive.jar-1bb10264-6d965d77.0ip
C:\SDFix
C:\WINDOWS\system32\cmd.ftp
C:\WINDOWS\system32\libhelps.dll


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.


As tu encore des dysfonctionnements ?
11 Octobre 2007 22:40:21

C:\Documents and Settings\Mikaël le moing\.jpi_cache\jar\1.0\archive.jar-1bb10264-6d965d77.0ip moved successfully.
Folder move failed. C:\SDFix\backups\HOSTS scheduled to be moved on reboot.
C:\SDFix\backups moved successfully.
C:\SDFix moved successfully.
C:\WINDOWS\system32\cmd.ftp moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\libhelps.dll
C:\WINDOWS\system32\libhelps.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\libhelps.dll scheduled to be moved on reboot.

Created on 10/11/2007 22:27:00
apparemment il n'y a plus de dysfonctionnements.
merci
11 Octobre 2007 22:42:36

Est ce que le PC a redémarré ?
12 Octobre 2007 18:50:51

oui le pc a redémarré
12 Octobre 2007 18:54:24

Bien, on fini le ménage.

Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


Lance OTmoveIT.
  • Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
    NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
  • Une liste apparait dans la partie gauche d'OTmoveIT.
  • Un message apparait pour confirmer le nettoyage. Confirme


    Redémarre le PC


    Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Décocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


    Encore deux choses.

    Va sur ce lien pour mieux sécuriser ton PC
    http://www.infos-du-net.com/forum/267223-11-securiser-o...

    Edite ton premier message et ajoute Résolu à côté de ton titre.
    12 Octobre 2007 19:17:51

    ok je te remercie je fais ca
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS