Bonjour tout le monde.

Je possède Windows XP pro, sp2 je n'ai pas de firewall (autre que celui de winxp...je vais remédier a cela) et AD-AWARE SE pro.
Depuis quelques jours le blocker AD-watch, affiche toutes les 4 a 5minutes

"Http://www1234.adserver.com/imp - wanadoo a été bloqué
Fenêtre publicitaire bloqué."

le chiffre après le "www" change perpétuellement !

Alors me direz-vous puisque le AD-Watch le bloque il n'y a pas de souci...en fait si, le popup de blocage apparait donc toutes les 5 minutes, obligé donc de réduire la fenêtre.
Cela est tres penalisant quand je regarde un film.
MAIS surtout depuis cela j'ai des message d"erreur internet va être ferme (alors que j'utisie FIREFOX !)
BREF une petite galere plus qu'un GROS probleme.

Pouvez-vous m'aider s'il vous plait?


je joins le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:46 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\SpyBlocker Software\spyblocker.exe
C:\DOCUME~1\TheBoss\LOCALS~1\Temp\5PvRk5ky.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {F4532AD0-AAA2-4B2E-8FEA-21A0F694D197} - C:\WINDOWS\system32\bthcrpu.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.anglaisfacile.com
O15 - Trusted Zone: http://equplnoraprodapp.equitrac.com
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://login.live.com
O16 - DPF: InstallerJava - https://intranet.sc-associes.com/CACHE/ ... stjava.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://access.equitrac.com/CACHE/stc/1 ... vpnweb.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://access.equitrac.com/ICSScanner.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://localhost/tsweb/msrdp.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://equitracuniversity.equitrac.com/ ... loader.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) -
O16 - DPF: {DBFF771D-3F92-4C70-9978-508738536F38} (CSConn Class) - http://siebel.equitrac.com/callcenter/1 ... sagent.cab
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O24 - Desktop Component 0: (no name) - http://www.game-club.com/library/images ... l_main.jpg
O24 - Desktop Component 1: (no name) - http://users.ntua.gr/el01002/WALLPAPERS/Hitman%204.jpg

--
End of file - 9256 bytes


MERCI !

Bonjour, bienvenue sur les forums sécurité.
Il te faudra un antivirus dans cette configuration.
Je te conseillerai Antivir, mais il vaut mieux désinfecter d'abord. Il y a un fichier suspect là dedans, mais il faut d'autres tests pour y voir plus clair.

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

• Décompresse-le, sur ton bureau par exemple.
• Un nouveau dossier chercher va être créé DiagHelp.
• Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
• Une fenêtre va s'ouvrir, choisis l'option 1 et valide avec la touche entrée.
• L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
• Copie/colle le contenu du bloc-note qui s'ouvre et joins-le à ta prochaine réponse.
• Le rapport est sauvegardé dans c:\resultat.txt si jamais tu fermes le bloc notes. Il faudra aller le chercher là sinon, le rapport n'est pas sur le bureau.
  
  NB : si un antivirus détecte Troj/INJECT MF ou non approchant choisis "ignorer" c'est une fausse alerte.
  NB : un outil, sigcheck.exe, peut demander l'accès à internet, si ton firewall te demande l'autorisation, laisse-le accéder à internet.

Bonsoir et merci pour ta reponse.

Je suis entrain de faire exactement ce que tu as demande.
Cependant entre le moment ou j'ai poste ma demande et ta reponse, j'ai effectue kl changement:
-installe un firewall:filsclabe.
-installe Etrust
-installe ad-aware 2007

une analyse avec etrust me donne systematiement:
SILLY DI DJM !
sur 3 cle de la base; mais il ne parvient pas a les defaire...j'ai meme essayer manuellement ...pas d'acces.


je post le rapport des qu il est pret.

MERci encore.

Voila (c'est un beau bebe ce rapport)

DiagHelp version v1.4 - http://www.malekal.com
excute le Mon 03/31/2008 à 20:44:54.76


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->3/31/2008 8:44:40 PM
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->3/31/2008 8:44:37 PM
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->3/31/2008 8:43:55 PM
C:\WINDOWS\prefetch\DFRGNTFS.EXE-38C3807C.pf -->3/31/2008 8:26:42 PM
C:\WINDOWS\prefetch\DEFRAG.EXE-2858C7E2.pf -->3/31/2008 8:26:42 PM
C:\WINDOWS\prefetch\Layout.ini -->3/31/2008 8:20:14 PM
C:\WINDOWS\prefetch\XMC33HS2.EXE-05A85500.pf -->3/31/2008 8:00:11 PM
C:\WINDOWS\prefetch\FIREFOX.EXE-0B573C88.pf -->3/31/2008 7:51:55 PM
C:\WINDOWS\prefetch\WINWORD.EXE-33AEA629.pf -->3/31/2008 7:49:15 PM
C:\WINDOWS\prefetch\OUTLOOK.EXE-0CC1C5E5.pf -->3/31/2008 7:49:02 PM

C:\WINDOWS\System32\drivers\ehfooysy.dat -->1/16/2008 7:50:19 PM
C:\WINDOWS\System32\drivers\AWRTRD.sys -->8/7/2007 12:58:08 PM
C:\WINDOWS\System32\drivers\NSDriver.sys -->8/7/2007 12:56:58 PM
C:\WINDOWS\System32\drivers\AWRTPD.sys -->7/11/2007 1:37:26 PM
C:\WINDOWS\System32\drivers\vpnva.sys -->4/23/2007 5:09:58 AM
C:\WINDOWS\System32\drivers\VMM.sys -->2/18/2007 12:15:34 AM
C:\WINDOWS\System32\drivers\VMNetSrv.sys -->1/29/2007 6:20:34 AM

C:\WINDOWS\System32\PerfStringBackup.INI -->3/31/2008 5:12:22 PM
C:\WINDOWS\System32\perfh009.dat -->3/31/2008 5:12:22 PM
C:\WINDOWS\System32\perfc009.dat -->3/31/2008 5:12:22 PM
C:\WINDOWS\System32\nvModes.001 -->3/31/2008 5:08:13 PM
C:\WINDOWS\System32\nvapps.xml -->3/31/2008 5:07:55 PM
C:\WINDOWS\System32\nvModes.dat -->3/31/2008 9:52:05 AM
C:\WINDOWS\System32\wpa.dbl -->3/30/2008 3:55:22 PM
C:\WINDOWS\System32\rmoc3260.dll -->3/26/2008 12:54:15 PM
C:\WINDOWS\System32\pndx5032.dll -->3/26/2008 12:53:58 PM
C:\WINDOWS\System32\pndx5016.dll -->3/26/2008 12:53:58 PM
C:\WINDOWS\System32\pncrt.dll -->3/26/2008 12:53:55 PM
C:\WINDOWS\System32\msvcr71.dll -->3/26/2008 12:53:55 PM
C:\WINDOWS\System32\ssldivx.dll -->2/21/2008 4:05:34 AM
C:\WINDOWS\System32\libdivx.dll -->2/21/2008 4:05:34 AM
C:\WINDOWS\System32\nscompat.tlb -->2/17/2008 9:29:37 PM
C:\WINDOWS\System32\amcompat.tlb -->2/17/2008 9:29:37 PM
C:\WINDOWS\System32\FNTCACHE.DAT -->2/16/2008 8:37:04 PM
C:\WINDOWS\System32\XMc33hs2.exe -->2/5/2008 3:58:25 PM
C:\WINDOWS\System32\MRT.exe -->2/4/2008 4:09:48 PM
C:\WINDOWS\System32\w95inf16.dll -->10/30/2007 9:50:24 PM
C:\WINDOWS\System32\w95inf32.dll -->10/30/2007 9:50:23 PM
C:\WINDOWS\System32\wuaueng.dll -->7/30/2007 7:19:42 PM
C:\WINDOWS\System32\wuapi.dll -->7/30/2007 7:19:36 PM
C:\WINDOWS\System32\wucltui.dll -->7/30/2007 7:19:32 PM
C:\WINDOWS\System32\wuaucpl.cpl.mui -->7/30/2007 7:19:32 PM

C:\WINDOWS\NeroDigital.ini -->3/31/2008 7:25:59 PM
C:\WINDOWS\WindowsUpdate.log -->3/31/2008 5:09:00 PM
C:\WINDOWS\bootstat.dat -->3/31/2008 5:07:29 PM
C:\WINDOWS\SchedLgU.Txt -->3/31/2008 5:04:33 PM
C:\WINDOWS\scode8.cfg -->3/31/2008 10:27:23 AM
C:\WINDOWS\pestpatrol5.INI -->3/28/2008 1:49:05 PM
C:\WINDOWS\GPInstall.exe -->3/28/2008 12:49:53 PM
C:\WINDOWS\QTFont.qfn -->3/26/2008 5:28:18 PM
C:\WINDOWS\err.txt -->2/17/2008 9:29:41 PM
C:\WINDOWS\mozver.dat -->2/14/2008 12:26:20 PM
C:\WINDOWS\win.ini -->2/12/2008 7:07:47 PM
C:\WINDOWS\system.ini -->2/12/2008 7:07:47 PM
C:\WINDOWS\unins000.dat -->2/12/2008 4:02:09 PM
C:\WINDOWS\unins000.exe -->2/12/2008 4:01:26 PM
C:\WINDOWS\msettings.ini -->2/9/2008 8:27:19 PM

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1072
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x76fd0000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x746c0000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\msls31.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01b10000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
0x00dd0000 0xf000 C:\Program Files\Dell\Bluetooth Software\btkeyind.dll
0x00f70000 0x12000 C:\Program Files\Dell\QuickSet\dadkeyb.dll
0x02c90000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x03d10000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6bf50000 0x7d000 6.04.0009.1125 C:\WINDOWS\system32\dxmasf.dll
0x03d30000 0x4f000 9.00.0000.3250 C:\WINDOWS\system32\DRMClien.DLL
0x040e0000 0x2ca000 3.15.0009.7000 C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll
0x58390000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm
0x10000000 0x14000 2.02.0009.0001 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x027c0000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c80000 0x6000 C:\Program Files\Unlocker\UnlockerCOM.dll
0x026f0000 0x34000 3.02.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x00f40000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x01af0000 0x15000 493.00.0000.0000 C:\Program Files\Free Download Manager\iefdmcks.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x03d80000 0x1b9000 2.00.0000.0008 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
0x031a0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1456
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x672c0000 0x6000 11.00.0000.0730 C:\WINDOWS\system32\PCANotify.dll
0x7c000000 0x54000 7.00.9466.0000 C:\WINDOWS\system32\MSVCR70.dll
0x22000000 0x32000 7.01.0004.0004 C:\WINDOWS\system32\LgNotify.dll
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76fd0000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll


Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D

Directory of C:\WINDOWS\system

07/17/2002 04:22 PM 4,672 WOWPOST.EXE
1 File(s) 4,672 bytes
0 Dir(s) 6,452,740,096 bytes free
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D

Directory of C:\WINDOWS\system32

08/04/2004 12:56 AM 6,144 csrss.exe
1 File(s) 6,144 bytes
0 Dir(s) 6,452,740,096 bytes free

Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D

Directory of C:\WINDOWS\Downloaded Program Files

02/07/2008 10:52 AM <DIR> .
02/07/2008 10:52 AM <DIR> ..
10/08/2004 07:46 AM 172,032 CentraDownloader.dll
10/08/2004 07:46 AM 250 CentraDownloader.inf
05/21/2006 06:41 AM 53,520 csagent.dll
05/21/2006 03:49 AM 416 csagent.inf
09/26/2005 06:13 PM 65 desktop.ini
10/14/1997 06:52 PM 697 DirectAnimation Java Classes.osd
10/28/2003 08:51 AM 7,424 DjVuLite.inf
07/25/2002 05:13 PM 24,576 dwusplay.dll
07/25/2002 05:13 PM 196,608 dwusplay.exe
03/23/2007 12:17 PM 1,292 erma.inf
10/14/2004 12:13 PM 1,187,840 ICSScanner.dll
07/29/2004 08:10 AM 416 ICSScanner.inf
10/23/2006 12:14 PM 446 InstallerJava.osd
07/25/2002 05:05 PM 172,032 isusweb.dll
03/14/2007 04:02 AM 1,055 jinstall-6u1.inf
01/20/2000 03:25 PM 1,162 Microsoft XML Parser for Java.osd
06/20/2006 04:44 PM 379,704 MsnPUpld.dll
06/19/2006 03:40 PM 393 MsnPUpld.inf
08/04/2004 01:01 AM 1,561 msrdp.inf
08/03/2004 10:59 PM 656,896 msrdp.ocx
06/20/2006 04:44 PM 117,560 PURen-us.dll
01/09/2007 09:30 AM 110,592 PURfr-fr.dll
01/22/2003 01:05 PM 1,400 SysPro.inf
04/23/2007 05:10 AM 230 vpnweb.inf
06/30/2003 10:41 PM 1,689 WMV9VCM.inf
06/01/2004 03:41 PM 853 yinst.inf
06/01/2004 03:36 PM 141,312 yinsthelper.dll
27 File(s) 3,232,021 bytes

Total Files Listed:
27 File(s) 3,232,021 bytes
2 Dir(s) 6,452,736,000 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe:*:Enabled:pcAnywhere Main Executable"
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe:*:Enabled:pcAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LeechFTP\\Leechftp.exe"="C:\\Program Files\\LeechFTP\\Leechftp.exe:*:Enabled:LeechFTP"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Cisco\\Cisco AnyConnect VPN Client\\vpnui.exe"="C:\\Program Files\\Cisco\\Cisco AnyConnect VPN Client\\vpnui.exe:*:Enabled:AnyConnect VPN Client"
"C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"="C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe:*:Enabled:Virtual PC 2007"
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe:*:Disabled:CyberLink PowerCinema NE for Everio"
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe:*:Disabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"="C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe:*:Disabled:CyberLink PowerDirector"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\SpyBlocker Software\\spyblocker.exe"="C:\\Program Files\\SpyBlocker Software\\spyblocker.exe:*:Enabled:SpyBlocker"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Disabled:The powerful and easy-to-use BitTorrent Client"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 counter.kaspersky.com
127.0.0.1 osiris.cj.com
127.0.0.1 ads1.updated.com
127.0.0.1 autoupdate.windowsmedia.com
127.0.0.1 update.downloadaccelerator.com
127.0.0.1 update.imiserver.com
127.0.0.1 update.kazaa.com
127.0.0.1 update.webhancer.com
127.0.0.1 updaterservice.wildtangent.com
127.0.0.1 updates.browseraid.com
127.0.0.1 updates.hotbar.com
127.0.0.1 updates.searchmadesafe.net
127.0.0.1 updateserver.gator.com
127.0.0.1 wdcs.trendmicro.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 20:47:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c61ef443]
"0012475b9181"=hex:a4,d2,0f,37,36,1e,69,74,44,b3,e1,6f,7e,70,9f,1c
"001a8a800137"=hex:35,bf,92,fb,13,64,6d,fd,03,f3,d8,10,84,bd,05,7e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:a06243d2
"s1"=dword:f5e7156d
"s2"=dword:fcb395c2
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,e3,57,cc,d5,a3,35,c4,3c,c9,75,d3,b7,fe,c6,29,48,f9,9d,11,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bc,c8,32,0b,9d,50,5d,00,0c,ce,e0,0d,a0,2c,e7,59,d2,..
"khjeh"=hex:f5,34,eb,e7,99,94,3d,93,af,aa,c3,09,93,31,a7,f2,ba,da,f4,55,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b6,a7,6d,c1,f2,78,c6,0a,4b,91,d8,7c,8f,77,de,b5,39,24,9d,67,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0010c61ef443]
"0012475b9181"=hex:a4,d2,0f,37,36,1e,69,74,44,b3,e1,6f,7e,70,9f,1c
"001a8a800137"=hex:35,bf,92,fb,13,64,6d,fd,03,f3,d8,10,84,bd,05,7e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,e3,57,cc,d5,a3,35,c4,3c,c9,75,d3,b7,fe,c6,29,48,f9,9d,11,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bc,c8,32,0b,9d,50,5d,00,0c,ce,e0,0d,a0,2c,e7,59,d2,..
"khjeh"=hex:f5,34,eb,e7,99,94,3d,93,af,aa,c3,09,93,31,a7,f2,ba,da,f4,55,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b6,a7,6d,c1,f2,78,c6,0a,4b,91,d8,7c,8f,77,de,b5,39,24,9d,67,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,e3,57,cc,d5,a3,35,c4,3c,c9,75,d3,b7,fe,c6,29,48,f9,9d,11,03,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bc,c8,32,0b,9d,50,5d,00,0c,ce,e0,0d,a0,2c,e7,59,d2,..
"khjeh"=hex:f5,34,eb,e7,99,94,3d,93,af,aa,c3,09,93,31,a7,f2,ba,da,f4,55,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6f,65,a2,0b,c4,a8,a8,2e,9e,48,82,3f,98,ab,f1,78,6a,8e,90,a4,7b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
228 - S24EvMon.exe
336 - svchost.exe
344 - svchost.exe
364 - btwdins.exe
396 - slimsvc.exe
440 - vpnagent.exe
548 - Ad-Watch2007.ex
776 - nvsvc32.exe
828 - RegSrvc.exe
896 - aawservice.exe
996 - ZCfgSvc.exe
1072 - explorer.exe
1148 - RichVideo.exe
1316 - spoolsv.exe
1360 - scardsvr.exe
1428 - csrss.exe
1456 - winlogon.exe
1504 - services.exe
1508 - xfilter.exe
1516 - lsass.exe
1684 - svchost.exe
1732 - svchost.exe
1812 - rundll32.exe
1832 - quickset.exe
1876 - carpserv.exe
1884 - qttask.exe
1912 - PPActiveDetecti
2000 - BTTray.exe
2020 - FilMsg.exe
2040 - svchost.exe
2072 - taskmgr.exe
2132 - wmiprvse.exe
2208 - alg.exe
2964 - cmd.exe
3040 - caiss.exe
3404 - PestPatrol5.exe
4192 - firefox.exe

Total number of processes = 38
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7D2D000 - \WINDOWS\system32\KDCOM.DLL
F7C3D000 - \WINDOWS\system32\BOOTVID.dll
F773B000 - sptd.sys
F7D2F000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F7723000 - \WINDOWS\System32\Drivers\SPTD3677.SYS
F76F5000 - ACPI.sys
F76E4000 - pci.sys
F782D000 - isapnp.sys
F783D000 - ohci1394.sys
F784D000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F7AAD000 - ehfooysy.dat
F7C41000 - compbatt.sys
F7C45000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
F7DF5000 - PCIIde.sys
F7AB5000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS
F7D31000 - intelide.sys
F76C6000 - pcmcia.sys
F785D000 - MountMgr.sys
F76A7000 - ftdisk.sys
F7ABD000 - PartMgr.sys
F7AC5000 - sfsync02.sys
F786D000 - VolSnap.sys
F768F000 - atapi.sys
F787D000 - disk.sys
F788D000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F7670000 - fltmgr.sys
F7659000 - KSecDD.sys
F75CC000 - Ntfs.sys
F759F000 - NDIS.sys
F7580000 - xpacket.sys
F7ACD000 - sfhlp02.sys
F756F000 - sfdrv01.sys
F789D000 - sbp2port.sys
F7554000 - Mup.sys
F7C49000 - Gernuwa.sys
F7D33000 - tiumflt.sys
F7428000 - btkrnl.sys
F78AD000 - agp440.sys
F7A1D000 - \SystemRoot\System32\DRIVERS\intelppm.sys
F73EF000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
F685B000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F6847000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7B4D000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F6824000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7B55000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F6803000 - \SystemRoot\system32\DRIVERS\b57xp32.sys
F7A2D000 - \SystemRoot\system32\DRIVERS\gticard.sys
F73EB000 - \SystemRoot\system32\DRIVERS\SMCLIB.SYS
F7A3D000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F7B5D000 - \SystemRoot\system32\drivers\tiumfwl.sys
F7A4D000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7B65000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7B6D000 - \SystemRoot\system32\drivers\aw_host5.sys
F7B75000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7A5D000 - \SystemRoot\System32\DRIVERS\serial.sys
F73E7000 - \SystemRoot\System32\DRIVERS\serenum.sys
F67EF000 - \SystemRoot\System32\DRIVERS\parport.sys
F7A6D000 - \SystemRoot\System32\DRIVERS\imapi.sys
F7A7D000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7A8D000 - \SystemRoot\System32\DRIVERS\redbook.sys
F67CC000 - \SystemRoot\System32\DRIVERS\ks.sys
F679C000 - \SystemRoot\system32\drivers\STAC97.sys
F6778000 - \SystemRoot\system32\drivers\portcls.sys
F7A9D000 - \SystemRoot\system32\drivers\drmk.sys
F6754000 - \SystemRoot\system32\DRIVERS\HSFHWICH.sys
F6649000 - \SystemRoot\system32\DRIVERS\HSF_DP.sys
F65BE000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
F7B7D000 - \SystemRoot\System32\Drivers\Modem.SYS
F6574000 - \SystemRoot\System32\Drivers\dtscsi.sys
F63BC000 - \SystemRoot\System32\Drivers\SCSIPORT.SYS
F6BB0000 - \SystemRoot\system32\DRIVERS\VMNetSrv.sys
F7B85000 - \SystemRoot\system32\drivers\btaudio.sys
F7EEE000 - \SystemRoot\System32\DRIVERS\audstub.sys
F6BA0000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F73DB000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F63A5000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F6B90000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F6B80000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7B8D000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F6394000 - \SystemRoot\System32\DRIVERS\psched.sys
F6B70000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7B95000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7B9D000 - \SystemRoot\System32\DRIVERS\raspti.sys
F6379000 - \SystemRoot\system32\DRIVERS\vna.sys
F7D5B000 - \SystemRoot\system32\DRIVERS\loop.sys
F7BA5000 - \SystemRoot\system32\DRIVERS\btport.sys
F6348000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F6B60000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7D5D000 - \SystemRoot\System32\DRIVERS\swenum.sys
F6314000 - \SystemRoot\System32\DRIVERS\update.sys
F73BB000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F6B50000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F6B40000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7D5F000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7D63000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7E23000 - \SystemRoot\System32\Drivers\Null.SYS
F7D65000 - \SystemRoot\System32\Drivers\Beep.SYS
F7BD5000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7BDD000 - \SystemRoot\System32\drivers\vga.sys
F7CFD000 - \SystemRoot\System32\Drivers\awlegacy.sys
F7D69000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7D6B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7BE5000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7BED000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7D01000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F523E000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F51E6000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F51BE000 - \SystemRoot\System32\DRIVERS\netbt.sys
F519C000 - \SystemRoot\System32\drivers\afd.sys
F6B20000 - \SystemRoot\System32\DRIVERS\netbios.sys
F5161000 - \??\C:\WINDOWS\system32\Drivers\vmm.sys
F7BF5000 - \SystemRoot\System32\Drivers\SCDEmu.SYS
F510D000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F6310000 - \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
F509E000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F78ED000 - \SystemRoot\System32\Drivers\Fips.SYS
F4FDD000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F78FD000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F790D000 - \SystemRoot\System32\DRIVERS\arp1394.sys
F7D6D000 - \SystemRoot\System32\Drivers\FileDisk.SYS
F62EC000 - \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
F7C15000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F5285000 - \SystemRoot\system32\DRIVERS\sfloppy.sys
F7C1D000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F5281000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F798D000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F527D000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F7C2D000 - \SystemRoot\System32\Drivers\BTHUSB.sys
F4DF2000 - \SystemRoot\System32\Drivers\bthport.sys
F79CD000 - \SystemRoot\system32\DRIVERS\rfcomm.sys
F7AE5000 - \SystemRoot\System32\DRIVERS\BthEnum.sys
F4DD9000 - \SystemRoot\system32\DRIVERS\bthpan.sys
F78CD000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F4DC1000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7D81000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F7B05000 - \SystemRoot\System32\watchdog.sys
F4FD9000 - \SystemRoot\System32\drivers\Dxapi.sys
BF9C1000 - \SystemRoot\System32\drivers\dxg.sys
F7EB0000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D3000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F282D000 - \SystemRoot\system32\DRIVERS\AegisP.sys
F2829000 - \SystemRoot\system32\DRIVERS\s24trans.sys
F281D000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F242C000 - \SystemRoot\system32\drivers\wdmaud.sys
F2639000 - \SystemRoot\system32\drivers\sysaudio.sys
F22C2000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7DB5000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F4E5D000 - \SystemRoot\System32\drivers\aspi32.sys
F2791000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
F2157000 - \SystemRoot\system32\DRIVERS\srv.sys
F4E35000 - \SystemRoot\System32\DRIVERS\secdrv.sys
F7C35000 - \SystemRoot\system32\DRIVERS\strmdisp.sys
F7DBD000 - \??\C:\WINDOWS\system32\drivers\AWRTPD.sys
F1E3F000 - \??\C:\WINDOWS\system32\drivers\NSDriver.sys
F1F3B000 - \??\C:\WINDOWS\system32\drivers\AWRTRD.sys
F1A52000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F7EE8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 161

Liste des programmes installes

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Archiveur WinRAR
AutoUpdate
AviSynth 2.5
BitSpirit v3.1.0.077 Stable Release
Broadcom Gigabit Integrated Controller
CA eTrust PestPatrol Anti-Spyware
CardBus
CCleaner (remove only)
CentraOne
Check Point SSL Network Extender
Cisco AnyConnect VPN Client
Conexant D480 MDC V.92 Modem
Convertor 2.0
Dell Bluetooth Software
Dell ResourceCD
Digital Photo Navigator 1.5
DivX Codec
DivX Content Uploader
DivX Converter
DivX Web Player
EasyPHP 1.8
Filseclab Personal Firewall
Free Download Manager 2.1
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Intel(R) PROSet
InterVideo WinDVD
LeechFTP
Livebox
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access 2.0 Converter
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
MSXML 6.0 Parser (KB927977)
Nero 7 Essentials
NVIDIA Drivers
O2Micro Smartcard Driver
O2Micro Smartcard Driver
Oracle JInitiator 1.3.1.21
Outil de connexion Wanadoo
PCI 7510 CardBus Controller with SmartCard and Software
Philips Intelligent Agent
PhotoNow! 1.0
PowerCinema NE for Everio
PowerDirector
PowerDirector
PowerISO
PSP Brew 0.91
PSP Video 9 1.74
QuickSet
QuickTime
QuickTime
RealPlayer
SAMSUNG CDMA Modem Driver Set
Sega Cue Maker
SigmaTel AC97 Audio Drivers
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
SpyBlocker
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Symantec pcAnywhere
TELL ME MORE
UltraSplitter
Unlocker 1.8.5
Update for Windows XP (KB898461)
VCW VicMan's Photo Editor 7.9
VideoLAN VLC media player 0.8.6c
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB891220
Windows XP Service Pack 2
XML Paper Specification Shared Components Pack 1.0
XnView 1.80.3
Yahoo! Anti-Spy



Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D

Directory of C:\Program Files

03/31/2008 03:46 PM <DIR> .
03/31/2008 03:46 PM <DIR> ..
02/06/2008 11:51 AM <DIR> Adobe
06/13/2007 08:17 PM <DIR> Ahead
10/30/2007 09:49 PM <DIR> Auralog
08/10/2007 04:02 PM <DIR> AviSynth 2.5
07/17/2007 04:39 PM <DIR> BitSpirit
01/17/2008 06:30 PM <DIR> Bobdown
01/17/2007 12:15 PM <DIR> Broadcom
03/28/2008 01:45 PM <DIR> CA
08/06/2007 01:40 PM <DIR> CCleaner
01/19/2007 03:40 PM <DIR> CentraOne
08/16/2006 04:24 PM <DIR> CheckPoint
12/13/2007 12:04 PM <DIR> Cisco
01/24/2007 11:44 AM <DIR> Cisco Systems
03/28/2008 04:05 PM <DIR> Citrix
03/31/2008 05:04 PM <DIR> Common Files
09/26/2005 06:11 PM <DIR> ComPlus Applications
09/26/2005 11:32 PM <DIR> CONEXANT
03/06/2006 04:45 PM <DIR> Convertor
09/14/2007 12:29 AM <DIR> CyberLink
08/17/2006 02:18 PM <DIR> DAEMON Tools
01/16/2007 07:52 PM <DIR> Dell
09/12/2007 03:13 PM <DIR> Digital Photo Navigator 1.5
03/30/2008 04:40 PM <DIR> DivX
01/03/2007 01:18 PM <DIR> EasyPHP1-8
03/31/2008 03:46 PM <DIR> Exterminate It!
02/07/2008 11:39 AM <DIR> Free Download Manager
01/18/2008 10:57 PM <DIR> Grisoft
01/31/2008 08:53 PM <DIR> Intel
02/08/2008 11:52 AM <DIR> Internet Explorer
01/17/2006 12:11 AM <DIR> InterVideo
06/25/2007 09:34 PM <DIR> Java
01/02/2006 07:27 PM <DIR> LeechFTP
04/20/2007 08:52 AM <DIR> LizardTech
10/09/2006 04:14 PM <DIR> Maxthon
09/27/2005 11:07 PM <DIR> Messenger
12/03/2007 06:45 PM <DIR> Microsoft ActiveSync
12/03/2007 06:35 PM <DIR> microsoft frontpage
09/28/2005 12:47 PM <DIR> Microsoft Office
12/27/2007 04:39 PM <DIR> Microsoft SQL Server
08/23/2007 04:08 PM <DIR> Microsoft Virtual PC
09/28/2005 12:48 PM <DIR> Microsoft.NET
09/26/2005 06:39 PM <DIR> Movie Maker
03/31/2008 07:27 PM <DIR> Mozilla Firefox
08/07/2007 02:52 PM <DIR> MSBuild
09/26/2005 06:10 PM <DIR> MSN
09/26/2005 06:10 PM <DIR> MSN Gaming Zone
09/16/2007 10:50 AM <DIR> MSN Messenger
06/13/2007 08:21 PM <DIR> Nero
09/26/2005 06:36 PM <DIR> NetMeeting
11/08/2006 05:14 PM <DIR> NovaLogic
07/26/2007 12:15 PM <DIR> Nvu
09/26/2005 06:10 PM <DIR> Online Services
09/14/2006 02:34 PM <DIR> Oracle
05/02/2006 12:01 PM <DIR> Outlook Express
08/06/2007 01:08 PM <DIR> Pando Networks
06/13/2007 08:27 PM <DIR> Philips Intelligent Agent
10/13/2006 10:14 PM <DIR> PowerISO
08/10/2007 06:11 PM <DIR> PSP Brew
09/14/2007 12:19 AM <DIR> QuickTime
12/16/2005 02:14 AM <DIR> Real
08/07/2007 02:46 PM <DIR> Reference Assemblies
01/17/2007 12:31 PM <DIR> SAGEM
11/15/2007 03:03 PM <DIR> SAMSUNG
09/26/2005 07:21 PM <DIR> SigmaTel
09/12/2007 08:00 PM <DIR> SmartSound Software
03/31/2008 12:12 PM <DIR> SpyBlocker Software
02/12/2008 04:05 PM <DIR> Spybot - Search & Destroy
09/26/2005 11:19 PM <DIR> Symantec
01/16/2008 11:39 PM <DIR> Trend Micro
01/21/2007 07:49 PM <DIR> UltraSplitter
02/12/2008 06:41 PM <DIR> Unlocker
08/10/2007 03:57 PM <DIR> VCW VicMan's Photo Editor
08/11/2006 08:26 PM <DIR> VideoLAN
01/17/2007 01:19 PM <DIR> Wanadoo
09/17/2007 09:10 AM <DIR> Windows Live Toolbar
09/09/2007 11:11 PM <DIR> Windows Media Components
11/14/2006 12:43 PM <DIR> Windows Media Connect 2
02/17/2008 09:29 PM <DIR> Windows Media Player
09/26/2005 06:36 PM <DIR> Windows NT
03/28/2006 10:26 AM <DIR> WinRAR
09/26/2005 06:15 PM <DIR> xerox
12/20/2005 06:20 PM <DIR> XnView
01/31/2008 08:56 PM <DIR> Yahoo!
0 File(s) 0 bytes
85 Dir(s) 6,435,139,584 bytes free
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D

Directory of C:\Program Files\common files

03/31/2008 05:04 PM <DIR> .
03/31/2008 05:04 PM <DIR> ..
10/14/2006 09:46 PM <DIR> Adaptec Shared
02/06/2008 11:52 AM <DIR> Adobe
06/13/2007 08:26 PM <DIR> Ahead
01/03/2008 06:36 PM <DIR> AVSMedia
02/27/2006 06:40 PM <DIR> Borland Shared
09/28/2005 12:47 PM <DIR> DESIGNER
03/31/2008 05:04 PM <DIR> Filseclab
09/09/2007 11:09 PM <DIR> InstallShield
07/26/2007 12:31 PM <DIR> Macromedia
01/03/2008 05:54 PM <DIR> Microsoft Shared
09/26/2005 06:12 PM <DIR> MSSoap
09/26/2005 08:02 PM <DIR> ODBC
03/26/2008 12:54 PM <DIR> Real
03/28/2008 01:46 PM <DIR> Scanner
09/26/2005 06:12 PM <DIR> Services
09/26/2005 08:02 PM <DIR> SpeechEngines
09/26/2005 11:20 PM <DIR> Symantec Shared
09/28/2005 12:47 PM <DIR> System
03/31/2008 04:01 PM <DIR> Wise Installation Wizard
03/26/2008 12:54 PM <DIR> xing shared
0 File(s) 0 bytes
22 Dir(s) 6,435,139,584 bytes free
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D

Directory of C:\

02/20/2008 04:54 PM 6,222,376 DivXWebPlayerInstaller.exe
1 File(s) 6,222,376 bytes
0 Dir(s) 6,435,139,584 bytes free




c:\Documents and Settings\All Users\Desktop\spybotsd152.exe
c:\Documents and Settings\TheBoss\ScanReg.exe
c:\Documents and Settings\TheBoss\Application Data\Real\RealPlayer\setup\AU_setup.exe
c:\Documents and Settings\TheBoss\Application Data\Real\RealPlayer\Update\RealPlayer11GOLD.exe
c:\Documents and Settings\TheBoss\Desktop\694-System4v3.1G.exe
c:\Documents and Settings\TheBoss\Desktop\ALPHA.EXE
c:\Documents and Settings\TheBoss\Desktop\LLGMICA.EXE
c:\Documents and Settings\TheBoss\Desktop\PDP2325_35_45FWUpgrade_v142.exe
c:\Documents and Settings\TheBoss\Desktop\R105328.EXE
c:\Documents and Settings\TheBoss\Desktop\R115320.EXE
c:\Documents and Settings\TheBoss\Desktop\R97343.EXE
c:\Documents and Settings\TheBoss\Desktop\vlc-0.8.5-win32.exe
c:\Documents and Settings\TheBoss\My Documents\HJTInstall.exe
c:\Documents and Settings\TheBoss\My Documents\MIO\InstallTomTomHOME.exe
c:\Documents and Settings\TheBoss\My Documents\philips graveur\Philips_Intelligent_Agent_2.0_Setup.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\TheBoss\Application Data\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\_setup.dll
c:\Documents and Settings\TheBoss\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\TheBoss\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\TheBoss\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_EQUITRAC-LAPTOP.tar.gz a l'adresse http://upload.malekal.com

Arf, j'avais conseillé de faire tout ça après, parce que cela va peut-être virer une partie (mais pas tout) d'infections en cours, ce qui rend l'identification a posteriori plus difficile.

Tu peux virer Yahoo! Anti-Spy.
Ajoute ensuite un nouveau log HijackThis stp, il reflètera les changements.

desole.

voici le rapport apres suppression de yahoo spy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:35 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
E:\Programs\Lavasoft\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
E:\Programs\Lavasoft\Ad-Watch2007.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Programs\firewall\xfilter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\Common\unypsr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {F4532AD0-AAA2-4B2E-8FEA-21A0F694D197} - C:\WINDOWS\system32\bthcrpu.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Ad-Watch] E:\Programs\Lavasoft\Ad-Watch2007.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [XFILTER] "E:\Programs\firewall\xfilter.exe" -a
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.anglaisfacile.com
O15 - Trusted Zone: http://equplnoraprodapp.equitrac.com
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://login.live.com
O16 - DPF: InstallerJava - https://intranet.sc-associes.com/CACHE/ ... stjava.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/conte ... ite_EN.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://access.equitrac.com/CACHE/stc/1 ... vpnweb.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://access.equitrac.com/ICSScanner.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://localhost/tsweb/msrdp.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://equitracuniversity.equitrac.com/ ... loader.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) -
O16 - DPF: {DBFF771D-3F92-4C70-9978-508738536F38} (CSConn Class) - http://siebel.equitrac.com/callcenter/1 ... sagent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programs\Lavasoft\aawservice.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O24 - Desktop Component 0: (no name) - http://www.game-club.com/library/images ... l_main.jpg
O24 - Desktop Component 1: (no name) - http://users.ntua.gr/el01002/WALLPAPERS/Hitman%204.jpg

--
End of file - 9726 bytes

* Clique sur ce lien de navilog1 de IL-MAFIOSO :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Enregistre le fichier sur ton bureau.
* Ensuite double clique sur navilog1.exe pour lancer l'installation.
* Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
* Laisse-toi guider. Au menu principal, choisis 1 et valide.
(ne fais pas le choix 2,3 ou 4 sans accord)
* Cela dure un moment, attends le message :

*** Analyse Termine le ..... ***

* Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
* Copie-colle l'intégralité du rapport dans ton prochain post. Referme le bloc note.

Note :
Le rapport est aussi sauvegardé à la racine du disque (fixnavi.txt)
Si ton antivirus se plaint de fichiers de Navilog1, dis lui d'ignorer les fichiers.

analyse en cours...

Search Navipromo version 3.5.2 commencé le Mon 03/31/2008 à 22:20:55.88

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "TheBoss"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\TheBoss\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\TheBoss\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\TheBoss\startm~1\programs" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\TheBoss\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Farida\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\TheBoss\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Farida\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le Mon 03/31/2008 à 22:26:35.25 ***

Ok, merci.
Je ne trouve pas exactement ce que je cherche, mais ceci va régler une partie des choses identifiées.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
• Lorsque l'analyse sera complétée, un rapport apparaîtra.
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Voila.
le pc a redemarre et affiche ce rapport; mais IE a ete restaure comme navigateur alors que j 'avait "desinstaller" le composant !


ComboFix 08-03-30.4 - TheBoss 2008-03-31 22:35:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT 2:00]
Running from: E:\Perso\antiviruss\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\xhelper.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-31 22:19 . 2008-03-31 22:26 <DIR> d-------- C:\Program Files\Navilog1
2008-03-31 20:48 . 2008-03-31 20:48 17,593,424 --a------ C:\upload_moi_EQUITRAC-LAPTOP.tar.gz
2008-03-31 17:04 . 2008-03-31 17:04 <DIR> d-------- C:\Program Files\Common Files\Filseclab
2008-03-31 17:04 . 2005-07-05 12:55 124,752 --a------ C:\WINDOWS\system32\xpacket.sys
2008-03-31 16:01 . 2008-03-31 16:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 16:01 . 2008-03-31 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:40 . 2000-06-07 11:59 61,440 --a------ C:\Documents and Settings\TheBoss\ScanReg.exe
2008-03-31 15:39 . 2000-06-07 11:59 61,440 --a------ C:\WINDOWS\system32\ScanReg.exe
2008-03-31 14:59 . 2008-03-31 15:46 <DIR> d-------- C:\Program Files\Exterminate It!
2008-03-31 11:26 . 2008-03-31 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-03-31 10:27 . 2008-03-31 10:27 13 --a------ C:\WINDOWS\scode8.cfg
2008-03-28 13:49 . 2008-03-28 13:49 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-03-28 13:45 . 2008-03-28 13:45 <DIR> d-------- C:\Program Files\CA
2008-03-28 13:43 . 2004-08-04 01:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-03-28 13:43 . 2001-08-17 23:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-03-28 13:43 . 2001-08-17 23:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-03-28 13:43 . 2001-08-17 23:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-03-28 13:43 . 2001-08-17 23:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-03-28 13:41 . 2001-08-17 23:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-03-28 13:40 . 2001-08-17 14:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-03-28 13:39 . 2004-08-03 23:59 2,015,232 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-03-28 13:38 . 2002-09-17 22:51 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-28 13:37 . 2002-09-17 22:51 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-03-28 13:36 . 2001-08-17 15:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-03-28 13:35 . 2001-08-17 13:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-03-28 13:34 . 2001-08-17 13:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-03-28 13:33 . 2001-08-17 14:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-03-28 13:32 . 2004-08-04 00:18 2,148,352 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-03-28 12:50 . 2008-03-31 12:12 <DIR> d-------- C:\Program Files\SpyBlocker Software
2008-03-28 12:50 . 2004-03-09 01:00 212,240 --------- C:\WINDOWS\system32\Richtx32.ocx
2008-03-28 12:50 . 2004-03-09 01:00 124,688 --------- C:\WINDOWS\system32\mswinsck.ocx
2008-03-28 12:50 . 2001-04-07 13:43 65,536 --a------ C:\WINDOWS\system32\foxcbmp3.dll
2008-03-28 12:50 . 2001-04-26 23:12 57,399 --------- C:\WINDOWS\system32\Registry.ocx
2008-03-28 12:50 . 2003-08-25 13:04 20,480 --a------ C:\WINDOWS\sbuninst.exe
2008-03-28 12:49 . 2008-03-28 12:49 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-03-28 12:49 . 2000-09-29 19:00 8,784 --a------ C:\WINDOWS\F_France.gpl
2008-03-26 12:54 . 2008-03-26 12:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-20 16:54 . 2008-02-20 16:54 6,222,376 --a------ C:\DivXWebPlayerInstaller.exe
2008-02-13 16:18 . 2008-02-13 16:18 <DIR> d-------- C:\Documents and Settings\TheBoss\Application Data\Cisco
2008-02-12 16:02 . 2008-02-12 16:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-12 16:02 . 2008-02-12 16:02 3,454 --a------ C:\WINDOWS\unins000.dat
2008-02-12 15:58 . 2008-02-12 16:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-12 15:58 . 2008-02-12 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 15:30 . 2008-03-26 17:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 15:30 . 2008-02-08 15:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 12:39 . 2008-02-08 12:39 <DIR> d-------- C:\WINDOWS\Web
2008-02-06 11:38 . 2008-02-06 11:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-05 15:58 . 2008-02-05 15:58 28,224 --a------ C:\WINDOWS\system32\XMc33hs2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 19:50 --------- d-----w C:\Program Files\Yahoo!
2008-03-31 15:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 14:40 --------- d-----w C:\Program Files\DivX
2008-03-28 17:49 --------- d-----w C:\Documents and Settings\TheBoss\Application Data\Free Download Manager
2008-03-28 14:05 --------- d-----w C:\Program Files\Citrix
2008-03-28 11:46 --------- d-----w C:\Program Files\Common Files\Scanner
2008-03-26 10:54 --------- d-----w C:\Program Files\Common Files\Real
2008-02-29 13:40 --------- d-----w C:\Documents and Settings\TheBoss\Application Data\dvdcss
2008-02-12 16:41 --------- d-----w C:\Program Files\Unlocker
2008-02-07 09:39 --------- d-----w C:\Program Files\Free Download Manager
2008-01-31 18:53 --------- d-----w C:\Program Files\Intel
2008-01-28 08:59 --------- d-----w C:\Documents and Settings\TheBoss\Application Data\Yahoo!
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4532AD0-AAA2-4B2E-8FEA-21A0F694D197}]
C:\WINDOWS\system32\bthcrpu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 13:01 598920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2004-10-26 13:01 921600 C:\WINDOWS\system32\nwiz.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 614400]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2005-07-05 01:32 647232]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 08:31 143360]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [ ]
"CARPService"="carpserv.exe" [2002-10-17 11:54 4608 C:\WINDOWS\system32\carpserv.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-14 00:18 282624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01 4632576]
"Ad-Aware"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" [ ]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [ ]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [ ]
"Ad-Watch"="E:\Programs\Lavasoft\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-03-31 11:27 258048]
"XFILTER"="E:\Programs\firewall\xfilter.exe" [2005-07-27 19:05 897284]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 18:13:54 561213]
Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe [2008-03-31 17:04:05 315652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoExpandedNewMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2005-07-05 01:33 188482 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LeechFTP\\Leechftp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Cisco\\Cisco AnyConnect VPN Client\\vpnui.exe"=
"C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SpyBlocker Software\\spyblocker.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4940:UDP"= 4940:UDP:Equitrac Messaging Service
"23599:UDP"= 23599:UDP:BitSpirit
"23599:TCP"= 23599:TCP:BitSpirit

R0 lnaqeurv;lnaqeurv;C:\WINDOWS\system32\drivers\ehfooysy.dat []
R0 XPacket;Filseclab Packet Filter;C:\WINDOWS\system32\xpacket.sys [2005-07-05 12:55]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [2004-09-05 11:44]
R2 vpnagent;Cisco AnyConnect VPN Agent;"C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe" [2007-04-23 05:12]
R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-14 15:03]
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 14:53]
R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2004-09-05 11:44]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 20:01]
S3 USB28xxBGA;USB28xxBGA;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 18:04]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 18:04]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;C:\WINDOWS\system32\DRIVERS\vpnva.sys [2007-04-23 05:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\R2Auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 00:00:02 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2007-09-25 00:00:30 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2007-09-25 01:00:30 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2007-08-22 02:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2007-08-22 03:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2007-08-22 04:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-01-01 06:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-25 07:00:02 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-28 08:00:02 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 08:00:02 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 09:00:01 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 10:00:02 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 11:00:01 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 12:00:02 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 13:00:01 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 14:00:02 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 15:00:02 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 16:00:02 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 17:00:01 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 18:00:01 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 19:00:01 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-31 20:00:01 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-30 21:00:01 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\XMc33hs2.exe
"2008-03-30 22:00:00 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-11 00:00:00 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-01-28 09:48:59 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-01-28 09:48:59 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-01-28 09:48:59 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-01-28 09:48:59 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-01-28 09:48:59 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-01-28 09:48:59 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-25 07:00:00 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-28 08:00:00 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 08:00:00 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 09:00:00 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 10:00:00 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 11:00:00 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 12:00:00 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 13:00:00 C:\WINDOWS\Tasks\At64.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 14:00:00 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 15:00:00 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 16:00:00 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 17:00:00 C:\WINDOWS\Tasks\At68.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 18:00:00 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 19:00:00 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-31 20:00:00 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\jkW28DRA.exe
"2008-03-30 21:00:00 C:\WINDOWS\Tasks\At72.job"
- C:\WINDOWS\system32\jkW28DRA.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 22:42:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lnaqeurv]
"ImagePath"="system32\drivers\ehfooysy.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
E:\Programs\Lavasoft\aawservice.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-31 22:47:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-31 20:46:51
Pre-Run: 6,334,345,216 bytes free
Post-Run: 6,272,815,104 bytes free
.
2007-09-16 09:02:41 --- E O F ---

Crée un fichier texte nommé CFScript.txt
Double clique pour l'ouvrir, et copie colle ceci dedans :

File::
C:\WINDOWS\system32\drivers\ehfooysy.dat
C:\WINDOWS\system32\XMc33hs2.exe
C:\WINDOWS\system32\jkW28DRA.exe
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job

Driver::
lnaqeurv

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

voila.

ComboFix 08-03-30.4 - TheBoss 2008-03-31 23:10:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.599 [GMT 2:00]
Running from: E:\Perso\antiviruss\ComboFix.exe
Command switches used :: E:\Perso\antiviruss\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\ehfooysy.dat
C:\WINDOWS\system32\jkW28DRA.exe
C:\WINDOWS\system32\XMc33hs2.exe
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\ehfooysy.dat
C:\WINDOWS\system32\XMc33hs2.exe
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LNAQEURV
-------\Service_lnaqeurv


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-31 22:19 . 2008-03-31 22:26 <DIR> d-------- C:\Program Files\Navilog1
2008-03-31 20:48 . 2008-03-31 20:48 17,593,424 --a------ C:\upload_moi_EQUITRAC-LAPTOP.tar.gz
2008-03-31 17:04 . 2008-03-31 17:04 <DIR> d-------- C:\Program Files\Common Files\Filseclab
2008-03-31 17:04 . 2005-07-05 12:55 124,752 --a------ C:\WINDOWS\system32\xpacket.sys
2008-03-31 16:01 . 2008-03-31 16:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 16:01 . 2008-03-31 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:40 . 2000-06-07 11:59 61,440 --a------ C:\Documents and Settings\TheBoss\ScanReg.exe
2008-03-31 15:39 . 2000-06-07 11:59 61,440 --a------ C:\WINDOWS\system32\ScanReg.exe
2008-03-31 14:59 . 2008-03-31 15:46 <DIR> d-------- C:\Program Files\Exterminate It!
2008-03-31 11:26 . 2008-03-31 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-03-31 10:27 . 2008-03-31 10:27 13 --a------ C:\WINDOWS\scode8.cfg
2008-03-28 13:49 . 2008-03-28 13:49 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-03-28 13:45 . 2008-03-28 13:45 <DIR> d-------- C:\Program Files\CA
2008-03-28 13:43 . 2004-08-04 01:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-03-28 13:43 . 2001-08-17 23:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-03-28 13:43 . 2001-08-17 23:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-03-28 13:43 . 2001-08-17 23:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-03-28 13:43 . 2001-08-17 23:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-03-28 13:41 . 2001-08-17 23:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-03-28 13:40 . 2001-08-17 14:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-03-28 13:39 . 2004-08-03 23:59 2,015,232 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-03-28 13:38 . 2002-09-17 22:51 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-28 13:37 . 2002-09-17 22:51 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-03-28 13:36 . 2001-08-17 15:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-03-28 13:35 . 2001-08-17 13:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-03-28 13:34 . 2001-08-17 13:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-03-28 13:33 . 2001-08-17 14:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-03-28 13:32 . 2004-08-04 00:18 2,148,352 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-03-28 12:50 . 2008-03-31 12:12 <DIR> d-------- C:\Program Files\SpyBlocker Software
2008-03-28 12:50 . 2004-03-09 01:00 212,240 --------- C:\WINDOWS\system32\Richtx32.ocx
2008-03-28 12:50 . 2004-03-09 01:00 124,688 --------- C:\WINDOWS\system32\mswinsck.ocx
2008-03-28 12:50 . 2001-04-07 13:43 65,536 --a------ C:\WINDOWS\system32\foxcbmp3.dll
2008-03-28 12:50 . 2001-04-26 23:12 57,399 --------- C:\WINDOWS\system32\Registry.ocx
2008-03-28 12:50 . 2003-08-25 13:04 20,480 --a------ C:\WINDOWS\sbuninst.exe
2008-03-28 12:49 . 2008-03-28 12:49 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-03-28 12:49 . 2000-09-29 19:00 8,784 --a------ C:\WINDOWS\F_France.gpl
2008-03-26 12:54 . 2008-03-26 12:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-20 16:54 . 2008-02-20 16:54 6,222,376 --a------ C:\DivXWebPlayerInstaller.exe
2008-02-13 16:18 . 2008-02-13 16:18 <DIR> d-------- C:\Documents and Settings\TheBoss\Application Data\Cisco
2008-02-12 16:02 . 2008-02-12 16:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-12 16:02 . 2008-02-12 16:02 3,454 --a------ C:\WINDOWS\unins000.dat
2008-02-12 15:58 . 2008-02-12 16:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-12 15:58 . 2008-02-12 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 15:30 . 2008-03-26 17:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 15:30 . 2008-02-08 15:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 12:39 . 2008-02-08 12:39 <DIR> d-------- C:\WINDOWS\Web
2008-02-06 11:38 . 2008-02-06 11:52 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 19:50 --------- d-----w C:\Program Files\Yahoo!
2008-03-31 15:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 14:40 --------- d-----w C:\Program Files\DivX
2008-03-28 17:49 --------- d-----w C:\Documents and Settings\TheBoss\Application Data\Free Download Manager
2008-03-28 14:05 --------- d-----w C:\Program Files\Citrix
2008-03-28 11:46 --------- d-----w C:\Program Files\Common Files\Scanner
2008-03-26 10:54 --------- d-----w C:\Program Files\Common Files\Real
2008-02-29 13:40 --------- d-----w C:\Documents and Settings\TheBoss\Application Data\dvdcss
2008-02-12 16:41 --------- d-----w C:\Program Files\Unlocker
2008-02-07 09:39 --------- d-----w C:\Program Files\Free Download Manager
2008-01-31 18:53 --------- d-----w C:\Program Files\Intel
2008-01-28 08:59 --------- d-----w C:\Documents and Settings\TheBoss\Application Data\Yahoo!
.

((((((((((((((((((((((((((((( snapshot@2008-03-31_22.46.26.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-31 15:12:22 74,844 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-31 20:46:43 74,844 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-31 15:12:22 449,204 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-31 20:46:43 449,204 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4532AD0-AAA2-4B2E-8FEA-21A0F694D197}]
C:\WINDOWS\system32\bthcrpu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 13:01 598920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2004-10-26 13:01 921600 C:\WINDOWS\system32\nwiz.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 614400]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2005-07-05 01:32 647232]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 08:31 143360]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [ ]
"CARPService"="carpserv.exe" [2002-10-17 11:54 4608 C:\WINDOWS\system32\carpserv.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-14 00:18 282624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01 4632576]
"Ad-Aware"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" [ ]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [ ]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [ ]
"Ad-Watch"="E:\Programs\Lavasoft\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-03-31 11:27 258048]
"XFILTER"="E:\Programs\firewall\xfilter.exe" [2005-07-27 19:05 897284]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 18:13:54 561213]
Filseclab Messenger.lnk - C:\Program Files\Common Files\Filseclab\FilMsg.exe [2008-03-31 17:04:05 315652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoExpandedNewMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2005-07-05 01:33 188482 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LeechFTP\\Leechftp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Cisco\\Cisco AnyConnect VPN Client\\vpnui.exe"=
"C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SpyBlocker Software\\spyblocker.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4940:UDP"= 4940:UDP:Equitrac Messaging Service
"23599:UDP"= 23599:UDP:BitSpirit
"23599:TCP"= 23599:TCP:BitSpirit

R0 XPacket;Filseclab Packet Filter;C:\WINDOWS\system32\xpacket.sys [2005-07-05 12:55]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [2004-09-05 11:44]
R2 vpnagent;Cisco AnyConnect VPN Agent;"C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe" [2007-04-23 05:12]
R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-14 15:03]
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 14:53]
R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2004-09-05 11:44]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 20:01]
S3 USB28xxBGA;USB28xxBGA;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 18:04]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 18:04]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;C:\WINDOWS\system32\DRIVERS\vpnva.sys [2007-04-23 05:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\R2Auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 23:17:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
E:\Programs\Lavasoft\aawservice.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-03-31 23:21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-31 21:21:18
ComboFix2.txt 2008-03-31 20:47:02
Pre-Run: 6,244,364,288 bytes free
Post-Run: 6,233,645,056 bytes free
.
2007-09-16 09:02:41 --- E O F ---

Ok, as-tu encore le problème en question ?

NooooN
quand je scan tout est clean, c'est cool.

GRAND merci pour ton aide grand chef c vraiment sympa!

Cool.

Je ne sais pas exactement ce que c'était, donc garde les outils spéciaux sur ton disque un moment.
si après des redémarrages (demain) tu as d'autres symptômes, fais signe surtout.

Je t'indiquerai la suite des opérations demain (désinstaller les outils spéciaux, sécuriser davantage,etc).

All right Sir, recu 5 sur 5.
merci encore, tres bonne nuit et a demain.