Vundofix

Bonsoir

Pour malwarebytes se sont tes points de restauration qu'il faudra supprimer plus tard après ta désinfection.

1/ Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Ensuite clique sur "Fix checked"


2/ Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.



3/ Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+



C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

DiagHelp version v1.4 - http://www.malekal.com
excute le 30/05/2008 à 20:27:59,65


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->30/05/2008 20:27:32
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->30/05/2008 20:27:22
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->30/05/2008 20:26:41
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->30/05/2008 20:26:24
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->30/05/2008 20:26:24
C:\WINDOWS\prefetch\GIGAGET.EXE-308053F3.pf -->30/05/2008 20:26:00
C:\WINDOWS\prefetch\GIGAGETSHELL.EXE-0E6FA342.pf -->30/05/2008 20:25:57
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->30/05/2008 20:24:26
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-143941B9.pf -->30/05/2008 20:24:24
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf -->30/05/2008 20:15:05

C:\WINDOWS\System32\drivers\fidbox.dat -->30/05/2008 20:20:51
C:\WINDOWS\System32\drivers\fidbox.idx -->30/05/2008 14:06:14
C:\WINDOWS\System32\drivers\mbamcatchme.sys -->30/05/2008 01:06:40
C:\WINDOWS\System32\drivers\mbam.sys -->30/05/2008 01:06:36
C:\WINDOWS\System32\drivers\hamachi.sys -->24/05/2008 16:22:08
C:\WINDOWS\System32\drivers\PnkBstrK.sys -->23/05/2008 14:10:35
C:\WINDOWS\System32\drivers\sptd.sys -->19/05/2008 21:47:22

C:\WINDOWS\System32\wpa.dbl -->30/05/2008 18:38:01
C:\WINDOWS\System32\vsconfig.xml -->30/05/2008 17:50:46
C:\WINDOWS\System32\nvapps.xml -->29/05/2008 21:57:52
C:\WINDOWS\System32\perfh00C.dat -->28/05/2008 07:19:29
C:\WINDOWS\System32\perfh009.dat -->28/05/2008 07:19:29
C:\WINDOWS\System32\perfc00C.dat -->28/05/2008 07:19:29
C:\WINDOWS\System32\perfc009.dat -->28/05/2008 07:19:29
C:\WINDOWS\System32\PerfStringBackup.INI -->28/05/2008 07:19:28
C:\WINDOWS\System32\spupdwxp.log -->28/05/2008 07:17:40
C:\WINDOWS\System32\FNTCACHE.DAT -->28/05/2008 07:16:46
C:\WINDOWS\System32\winsock.dll -->23/05/2008 22:45:02
C:\WINDOWS\System32\PnkBstrB.exe -->23/05/2008 14:10:25
C:\WINDOWS\System32\PnkBstrA.exe -->23/05/2008 14:10:18
C:\WINDOWS\System32\CONFIG.NT -->17/05/2008 16:19:46
C:\WINDOWS\System32\aswBoot.exe -->16/05/2008 01:24:43
C:\WINDOWS\System32\AVASTSS.scr -->16/05/2008 01:12:36
C:\WINDOWS\System32\MRT.exe -->09/05/2008 23:35:04
C:\WINDOWS\System32\nvudisp.exe -->03/05/2008 05:46:00
C:\WINDOWS\System32\nvnt4cpl.dll -->03/05/2008 05:46:00
C:\WINDOWS\System32\nvmccsrs.dll -->03/05/2008 05:46:00
C:\WINDOWS\System32\nvmccs.dll -->03/05/2008 05:46:00
C:\WINDOWS\System32\nvexpbar.dll -->03/05/2008 05:46:00
C:\WINDOWS\System32\nvcuda.dll -->03/05/2008 05:46:00
C:\WINDOWS\System32\nvcpluir.dll -->03/05/2008 05:46:00
C:\WINDOWS\System32\nvcplui.exe -->03/05/2008 05:46:00

C:\WINDOWS\WindowsUpdate.log -->30/05/2008 18:43:02
C:\WINDOWS\setupapi.log -->30/05/2008 18:31:43
C:\WINDOWS\0.log -->30/05/2008 17:51:14
C:\WINDOWS\wiadebug.log -->30/05/2008 17:51:06
C:\WINDOWS\wiaservc.log -->30/05/2008 17:50:58
C:\WINDOWS\bootstat.dat -->30/05/2008 17:50:40
C:\WINDOWS\win.ini -->30/05/2008 14:30:44
C:\WINDOWS\system.ini -->30/05/2008 14:30:44
C:\WINDOWS\SchedLgU.Txt -->30/05/2008 14:06:00
C:\WINDOWS\NeroDigital.ini -->30/05/2008 13:41:44
C:\WINDOWS\setupact.log -->29/05/2008 17:34:41
C:\WINDOWS\DPINST.LOG -->28/05/2008 10:32:30
C:\WINDOWS\wmsetup.log -->28/05/2008 09:54:43
C:\WINDOWS\OEWABLog.txt -->28/05/2008 07:19:04
C:\WINDOWS\spupdsvc.log -->28/05/2008 07:18:15

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1428
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0x3a000 C:\WINDOWS\system32\Hook.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x04570000 0x1b0000 3.00.0000.0005 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x04830000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x03580000 0x19000 2.10.0006.0001 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x05670000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x01650000 0xb000 7.00.0470.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
0x04b20000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x019f0000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1201.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x061b0000 0x836000 6.14.0011.6230 C:\WINDOWS\system32\nvcpl.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x014e0000 0x45000 6.14.0011.6230 C:\WINDOWS\system32\NVRSFR.DLL
0x01530000 0x5a000 6.14.0011.6230 C:\WINDOWS\system32\nvapi.dll
0x033c0000 0x73000 6.14.0010.11116 C:\WINDOWS\system32\nvshell.dll
0x015a0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x03f10000 0x41000 2.03.0000.0011 C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x069f0000 0x1e2000 2.10.0001.0001 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1320
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x753c0000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01360000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C70-802F

Répertoire de C:\WINDOWS\system32

14/04/2008 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 92 922 335 232 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C70-802F

Répertoire de C:\WINDOWS\Downloaded Program Files

30/05/2008 18:31 <REP> .
30/05/2008 18:31 <REP> ..
23/05/2008 22:20 <REP> CONFLICT.1
28/04/2007 11:42 65 desktop.ini
25/07/2002 18:13 24 576 dwusplay.dll
25/07/2002 18:13 196 608 dwusplay.exe
30/05/2008 16:09 1 570 hardwaredetection.inf
11/08/2005 16:30 417 792 isusweb.dll
08/08/2006 11:45 576 kavwebscan.inf
20/06/2006 15:44 117 560 PURen-us.dll
09/01/2007 08:30 110 592 PURfr-fr.dll
27/03/2007 16:00 5 021 swflash.inf
07/01/2008 19:29 23 600 tvichw32.sys
10 fichier(s) 897 960 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

23/05/2008 22:20 <REP> .
23/05/2008 22:20 <REP> ..
02/08/2007 12:31 67 456 PURen-us.dll
06/08/2007 13:10 68 992 PURfr-fr.dll
2 fichier(s) 136 448 octets

Total des fichiers listés :
12 fichier(s) 1 034 408 octets
5 Rép(s) 92 922 335 232 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Disabled:LaunchPad"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\TmNationsForever\\TmForeverLauncher.exe"="C:\\Program Files\\TmNationsForever\\TmForeverLauncher.exe:*:Enabled:Jouer à TmNationsForever"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe:*:Enabled:etqwded.exe"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\Program Files\\Winsos\\winsos.exe"="C:\\Program Files\\Winsos\\winsos.exe:*:Enabled:Winsos"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 www.antispywareupdates.net
127.0.0.1 antispywareupdates.net
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 eupdatepage.com
127.0.0.1 www.exeupdate.com
127.0.0.1 exeupdate.com
127.0.0.1 www.hotwinupdates.com
127.0.0.1 hotwinupdates.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 www.msupdate.net
127.0.0.1 msupdate.net
127.0.0.1 www.msupdater.net
127.0.0.1 msupdater.net
127.0.0.1 www.necessaryupdates.com
127.0.0.1 necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.systemupdates.net
127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1 update.shareaza.com
127.0.0.1 www.updatemysettings.com
127.0.0.1 updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 www.pandaantivirus-2007.com
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 www.pandadownload-now.com
127.0.0.1 pandadownload-now.com
127.0.0.1 www.panda-hq.com
127.0.0.1 panda-hq.com
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 20:28:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
"khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
"khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:4d,f6,c4,65,52,b1,d9,18,86,96,71,89,e6,16,a2,1e,56,e8,58,6e,4d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7a,e3,89,e4,63,d4,77,a1,0e,9a,37,27,ca,c4,66,d1,bc,..
"khjeh"=hex:05,6c,b9,c3,1e,73,11,23,7e,38,68,da,2f,2e,f6,52,5c,96,e1,16,d0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,30,67,50,38,65,bc,87,3f,ba,f1,63,cd,06,59,fa,33,fc,2c,79,59,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
144 - svchost.exe
488 - svchost.exe
568 - svchost.exe
580 - vsmon.exe
728 - X10nets.exe
1084 - nvsvc32.exe
1296 - csrss.exe
1320 - winlogon.exe
1364 - services.exe
1376 - lsass.exe
1400 - svchost.exe
1428 - explorer.exe
1496 - WiFiStation.exe
1536 - svchost.exe
1596 - svchost.exe
1748 - ashServ.exe
1832 - HPZIPM12.EXE
1872 - PnkBstrA.exe
1888 - PnkBstrB.exe
2728 - 9wifi.exe
2844 - ashMaiSv.exe
2884 - ashWebSv.exe
2900 - zlclient.exe
3044 - GoogleToolbarNo
3152 - iexplore.exe
3532 - svchost.exe
3716 - cmd.exe

Total number of processes = 28
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E4000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6A7000 - spae.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA68F000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA660000 - ACPI.sys
BA64F000 - pci.sys
BA8A8000 - isapnp.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BADAC000 - viaide.sys
BA8B8000 - MountMgr.sys
BA630000 - ftdisk.sys
BAB30000 - PartMgr.sys
BAB38000 - videX32.sys
BA8C8000 - ViBus.sys
BA8D8000 - VolSnap.sys
BA618000 - atapi.sys
BA8E8000 - ViPrt.sys
BA8F8000 - disk.sys
BA908000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA5F8000 - fltmgr.sys
BA5E6000 - sr.sys
BAB40000 - xfilt.sys
BA918000 - PxHelp20.sys
BA5CF000 - KSecDD.sys
BA542000 - Ntfs.sys
BA515000 - NDIS.sys
BA928000 - uagp35.sys
BAB48000 - viaagp1.sys
BA501000 - srescan.sys
BA4EE000 - sfvfs02.sys
BAB50000 - sfhlp02.sys
BA4DC000 - sfdrv01.sys
BA4C2000 - Mup.sys
BAD70000 - \SystemRoot\system32\DRIVERS\tunmp.sys
BAA78000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9AF4000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9AE0000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BAA88000 - \SystemRoot\system32\DRIVERS\imapi.sys
BAA98000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BAAA8000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9ABD000 - \SystemRoot\system32\DRIVERS\ks.sys
BABD8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9A99000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BADBE000 - \SystemRoot\System32\Drivers\vulfnth.sys
BABE0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
BABE8000 - \SystemRoot\system32\DRIVERS\fetnd5.sys
B9A71000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
B9A0C000 - \SystemRoot\System32\Drivers\a761ob9n.SYS
B99BB000 - \SystemRoot\system32\DRIVERS\serial.sys
BA496000 - \SystemRoot\system32\DRIVERS\serenum.sys
B99A7000 - \SystemRoot\system32\DRIVERS\parport.sys
BADCA000 - \SystemRoot\System32\Drivers\x10hid.sys
BAAB8000 - \SystemRoot\System32\Drivers\HIDCLASS.SYS
BAC38000 - \SystemRoot\System32\Drivers\HIDPARSE.SYS
BAFE9000 - \SystemRoot\system32\DRIVERS\audstub.sys
BA968000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA492000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9421000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BA978000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BA988000 - \SystemRoot\system32\DRIVERS\raspptp.sys
BAC50000 - \SystemRoot\system32\DRIVERS\TDI.SYS
B9410000 - \SystemRoot\system32\DRIVERS\psched.sys
BA998000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC60000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC68000 - \SystemRoot\system32\DRIVERS\raspti.sys
BAC70000 - \SystemRoot\system32\DRIVERS\hamachi.sys
BA9A8000 - \SystemRoot\system32\DRIVERS\termdd.sys
BAC78000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
BAC80000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BA9B8000 - \SystemRoot\system32\drivers\SaiBus.sys
BADE0000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9312000 - \SystemRoot\system32\DRIVERS\update.sys
BA486000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BA482000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
BA9C8000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BA187000 - \SystemRoot\system32\DRIVERS\SaiMini.sys
BAC90000 - \SystemRoot\System32\Drivers\GMFilter.sys
BA183000 - \SystemRoot\system32\DRIVERS\mouhid.sys
BA17F000 - \SystemRoot\System32\Drivers\vulfntr.sys
BA9E8000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADE4000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B618F000 - \SystemRoot\system32\drivers\viahduaa.sys
B616B000 - \SystemRoot\system32\drivers\portcls.sys
BAA08000 - \SystemRoot\system32\drivers\drmk.sys
B6148000 - \SystemRoot\system32\DRIVERS\klif.sys
BADEE000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAF65000 - \SystemRoot\System32\Drivers\Null.SYS
BADF0000 - \SystemRoot\System32\Drivers\Beep.SYS
BACB0000 - \SystemRoot\System32\drivers\vga.sys
BADF2000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADF4000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BAB60000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAB68000 - \SystemRoot\System32\Drivers\Npfs.SYS
BAD78000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B6115000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B60BC000 - \SystemRoot\system32\DRIVERS\tcpip.sys
BAA58000 - \SystemRoot\System32\Drivers\aswTdi.SYS
B6096000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B606E000 - \SystemRoot\system32\DRIVERS\netbt.sys
BAA68000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B6036000 - \SystemRoot\system32\DRIVERS\tcpip6.sys
B5FD6000 - \SystemRoot\System32\vsdatant.sys
BAAC8000 - \SystemRoot\system32\drivers\ip6fw.sys
B5FB4000 - \SystemRoot\System32\drivers\afd.sys
BAAD8000 - \SystemRoot\system32\DRIVERS\netbios.sys
B5F89000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B5F19000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BAAF8000 - \SystemRoot\System32\Drivers\Fips.SYS
BAB18000 - \SystemRoot\system32\drivers\lvusbsta.sys
B5E62000 - \SystemRoot\System32\Drivers\aswSP.SYS
B5DD1000 - \SystemRoot\system32\DRIVERS\LV532AV.SYS
BA958000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
BAB88000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
B5D85000 - \SystemRoot\System32\Drivers\Fastfat.SYS
BAB98000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B9302000 - \SystemRoot\system32\DRIVERS\hidusb.sys
B5D47000 - \SystemRoot\system32\DRIVERS\rt73.sys
BABA0000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
B93C0000 - \SystemRoot\System32\Drivers\dump_ViPrt.sys
BF800000 - \SystemRoot\System32\win32k.sys
B61D2000 - \SystemRoot\System32\drivers\Dxapi.sys
BABB0000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAF58000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
BAC00000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
BAC28000 - \SystemRoot\system32\DRIVERS\AegisP.sys
B5B31000 - \SystemRoot\system32\DRIVERS\nwlnkipx.sys
BAA38000 - \SystemRoot\system32\DRIVERS\nwlnknb.sys
B5BFB000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B5E89000 - \SystemRoot\system32\DRIVERS\nwlnkspx.sys
B58C3000 - \SystemRoot\System32\Drivers\aswMon2.SYS
B5616000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BAE1C000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B559C000 - \SystemRoot\system32\DRIVERS\srv.sys
B5793000 - \SystemRoot\system32\DRIVERS\secdrv.sys
B52B7000 - \SystemRoot\system32\drivers\wdmaud.sys
B569B000 - \SystemRoot\system32\drivers\sysaudio.sys
B506F000 - \SystemRoot\System32\Drivers\aswRdr.SYS
B4EDF000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B4D86000 - \SystemRoot\System32\Drivers\HTTP.sys
BAC08000 - \SystemRoot\System32\Drivers\PCASp50.sys
BABB8000 - \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
BACA0000 - \SystemRoot\system32\DRIVERS\SaiUFF0D.sys
AEB8E000 - \SystemRoot\system32\DRIVERS\SaiHFF0D.sys
AE1BE000 - \SystemRoot\system32\drivers\kmixer.sys
BAFBF000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 152

Liste des programmes installes

Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
AIDA32 v3.93
America's Army
Archlord
Audacity 1.2.6
avast! Antivirus
Cartoonist 1.3
CCleaner (remove only)
Correctif pour Windows Internet Explorer 7 (KB947864)
Counter-Strike: Source
eMule
Enemy Territory - Quake Wars(TM)
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
Enemy Territory - QUAKE Wars(TM) 1.1 Patch
EVEREST Home Edition v2.20
Far Cry
Far Cry
Far Cry (Patch 1)
Far Cry (Patch 1.3)
FlatOut2
foobar2000 v0.9.5.2
Fraps
Galerie de photos Windows Live
Gigaget
GIMP 2.4.5
GM-4200 Gamer Mouse Optical
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Half-Life Dedicated Server Update Tool
Hamachi 1.0.2.5
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Kaspersky On-line Scanner
Kaspersky Online Scanner
Lecteur Windows Media 11
LightScribe 1.4.124.1
Logiciel QuickCam de Logitech
Ma-Config.com
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
MSI 8624 BDA Driver
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Neuf - Kit de connexion
NVIDIA Drivers
OpenAL
PhotoFiltre
PlanetSide
Platform
Programme de gestion Camera de Logitech®
PunkBuster(TM) - Enemy Territory - QUAKE Wars(TM)
PunkBuster(TM) pour Enemy Territory - QUAKE Wars(TM)
Quake 4(TM)
Quake 4(TM)
QUAKE 4(TM) Quakemas Map Pack
REALTEK GbE & FE Ethernet PCI NIC Driver
Saitek SST Programming Software
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SpeechRedist
Spybot - Search & Destroy
SUPER © Version 2008.bld.30 (Mar 22, 2008)
System Requirements Lab
TeamSpeak 2 RC2
TmNationsForever
Unreal Tournament 2004
Unreal Tournament 3
VCRedistSetup
VIA Gestionnaire de périphériques de plate-forme
VIA Rhine Family Fast Ethernet Adapter CE6 Driver
Vista Dual Scan
WebFldrs XP
WiFi Station
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Presentation Foundation
WinRAR archiver
Winsos
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.2 final uninstall
ZoneAlarm
ZoneAlarm Spy Blocker



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C70-802F

Répertoire de C:\Program Files

30/05/2008 18:31 <REP> .
30/05/2008 18:31 <REP> ..
15/02/2008 14:42 <REP> Adobe
30/05/2008 14:33 <REP> Age of Empires II
28/06/2007 20:19 <REP> AIDA32 - Personal System Information
31/05/2007 20:47 <REP> Alwil Software
02/05/2008 22:19 <REP> America's Army
22/03/2008 17:43 <REP> America's Army Server Manager
31/10/2007 14:04 <REP> Audacity
03/07/2007 15:25 <REP> AviSynth 2.5
23/05/2008 22:27 <REP> AxBx
01/12/2007 19:09 <REP> Cartoonist
09/02/2008 21:50 <REP> CCleaner
16/05/2008 19:33 <REP> CE6
16/02/2008 23:17 <REP> Codemasters
28/04/2007 18:22 <REP> Common Files
30/05/2008 14:33 <REP> Counter-Strike Source
19/05/2008 22:03 <REP> DAEMON Tools
05/02/2008 16:36 <REP> Empire Interactive
25/05/2008 20:15 <REP> eMule
10/05/2007 19:16 <REP> eRightSoft
24/05/2008 14:16 <REP> Fichiers communs
12/05/2008 09:56 <REP> foobar2000
29/10/2007 09:28 <REP> Giganology
17/04/2008 13:44 <REP> GIMP-2.0
24/05/2008 14:02 <REP> Google
24/05/2008 16:20 <REP> Hamachi
31/05/2007 18:43 <REP> Hercules
19/08/2007 12:39 <REP> HP
23/05/2008 13:39 <REP> id Software
08/04/2008 21:06 <REP> Internet Explorer
01/05/2008 09:35 <REP> Java
10/02/2008 11:18 <REP> Lavalys
09/07/2007 16:35 <REP> Logitech
30/05/2008 18:31 <REP> ma-config.com
30/05/2008 12:37 <REP> Malwarebytes' Anti-Malware
30/05/2008 14:33 <REP> Messenger
14/11/2007 22:11 <REP> Microsoft CAPICOM 2.1.0.2
28/04/2007 11:45 <REP> microsoft frontpage
02/06/2007 08:17 <REP> Microsoft Office
20/05/2008 17:59 <REP> Microsoft Silverlight
13/11/2007 21:18 <REP> Microsoft SQL Server Compact Edition
02/06/2007 08:17 <REP> Microsoft.NET
27/05/2008 23:36 <REP> Movie Maker
15/02/2008 19:24 <REP> MSBuild
28/04/2007 11:39 <REP> MSN
28/04/2007 11:40 <REP> MSN Gaming Zone
28/04/2007 12:00 <REP> Nero
27/05/2008 23:34 <REP> NetMeeting
15/06/2007 13:59 <REP> Neuf
28/04/2007 11:40 <REP> Online Services
13/03/2008 19:46 <REP> OpenAL
27/05/2008 23:34 <REP> Outlook Express
29/04/2008 18:51 <REP> PhotoFiltre
22/05/2008 18:48 <REP> PunkBuster
15/02/2008 19:22 <REP> Reference Assemblies
05/02/2008 17:01 <REP> Saitek
28/04/2007 11:42 <REP> Services en ligne
31/05/2007 23:08 <REP> Sony
12/04/2008 21:28 <REP> Spybot - Search & Destroy
06/01/2008 21:10 <REP> SystemRequirementsLab
31/05/2007 21:41 <REP> Teamspeak2_RC2
30/05/2008 14:33 <REP> TmNationsForever
24/05/2008 15:08 <REP> Trust
17/11/2007 17:05 <REP> Ubisoft
24/01/2008 17:41 <REP> Unreal Tournament 3
24/03/2008 14:17 <REP> utorrent
10/02/2008 13:07 <REP> VIA
12/05/2008 13:20 <REP> Winamp
27/02/2008 15:28 <REP> Windows Live
29/04/2008 18:35 <REP> Windows Live Safety Center
02/06/2007 11:18 <REP> Windows Media Connect 2
27/05/2008 23:34 <REP> Windows Media Player
27/05/2008 23:34 <REP> Windows NT
15/02/2008 19:34 <REP> WinRAR
30/05/2008 14:34 <REP> Winsos
28/04/2007 11:45 <REP> xerox
30/05/2008 14:33 <REP> Xvid
26/05/2007 10:45 <REP> Zone Labs
07/01/2008 20:32 <REP> ZoneAlarmSB
0 fichier(s) 0 octets
80 Rép(s) 92 910 084 096 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C70-802F

Répertoire de C:\Program Files\fichiers communs

24/05/2008 14:16 <REP> .
24/05/2008 14:16 <REP> ..
15/02/2008 14:42 <REP> Adobe
19/05/2008 21:34 <REP> Ahead
04/06/2007 11:57 <REP> Blizzard Entertainment
02/06/2007 08:17 <REP> DESIGNER
13/03/2008 22:09 <REP> InstallShield
28/04/2007 11:45 <REP> Java
15/02/2008 23:37 <REP> LightScribe
09/07/2007 16:35 <REP> Logitech
15/02/2008 23:18 <REP> Microsoft Shared
28/04/2007 11:41 <REP> MSSoap
28/04/2007 13:30 <REP> ODBC
28/04/2007 11:41 <REP> Services
28/04/2007 13:30 <REP> SpeechEngines
27/05/2008 23:34 <REP> System
0 fichier(s) 0 octets
16 Rép(s) 92 910 084 096 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C70-802F

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

06/01/2008 22:15 <REP> .
06/01/2008 22:15 <REP> ..
02/06/2007 08:17 <REP> 1033
06/01/2008 22:15 <REP> 1036
20/09/2005 13:33 1 293 008 MSONSEXT.DLL
22/03/2007 20:29 39 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 92 910 080 000 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C70-802F

Répertoire de C:\Program Files\common files

28/04/2007 18:22 <REP> .
28/04/2007 18:22 <REP> ..
28/04/2007 18:22 <REP> X10
0 fichier(s) 0 octets
3 Rép(s) 92 910 080 000 octets libres




c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\Gautier\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
c:\Documents and Settings\Gautier\Application Data\Macromedia\Flash Player\#SharedObjects\GJ7RA2RK\localhost\Program Files\FLVPlayer\flvplayer.exe
c:\Documents and Settings\Gautier\Application Data\Macromedia\Flash Player\#SharedObjects\GJ7RA2RK\localhost\Program Files\YouTUBE (TM) movie downloader\FLVPlayer\flvplayer.exe
c:\Documents and Settings\Gautier\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\ARPPRODUCTICON.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut1_EF434C52D88243DB8777EC7B10D8943C.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut13_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut15_EF434C52D88243DB8777EC7B10D8943C.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut16_EF434C52D88243DB8777EC7B10D8943C.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut17_EF434C52D88243DB8777EC7B10D8943C.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut2_EF434C52D88243DB8777EC7B10D8943C.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut8_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\Gautier\Application Data\Microsoft\Installer\{EF434C52-D882-43DB-8777-EC7B10D8943C}\NewShortcut9_6778954C13C24333AF77F5C885EB280F.exe
c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\LP_Diagnostics.exe
c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\planetside.exe
c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\PlanetSideBeta.exe
c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\PlanetSideTest.exe
c:\Documents and Settings\Gautier\Bureau\Sony\PlanetSide\wiredred\pscs.exe
c:\Documents and Settings\Gautier\Bureau\Sony\Station\LaunchPad\LaunchPad.exe
c:\Documents and Settings\Gautier\Bureau\Sony\Station\LaunchPad\lp_plugin.exe
c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\Blackk_1.2\blackkpub1.2.exe
c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\HOH_3\hack.exe
c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\P7_1.8\hack.exe
c:\Documents and Settings\Gautier\Local Settings\Temp\pft12~tmp\_ISDel.exe
c:\Documents and Settings\Gautier\Local Settings\Temp\pft12~tmp\Setup.exe
c:\Documents and Settings\Gautier\Local Settings\Temp\pft12~tmp\Via4in1.exe
c:\Documents and Settings\Gautier\Local Settings\Temporary Internet Files\Content.IE5\7HFZN0BZ\SDFix[1].exe
c:\Documents and Settings\Gautier\Local Settings\Temporary Internet Files\Content.IE5\LEWNM834\mbam-setup[1].exe
c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-client-1.0-1.4-update.exe
c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-client-1.0-1.5-update.exe
c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-client-1.4-1.5-update.exe
c:\Documents and Settings\Gautier\Mes documents\id Software\Enemy Territory - QUAKE Wars\ETQW-server-1.5-full-setup.exe
c:\Documents and Settings\Gautier\Mes documents\planetside\PlanetSide.exe
c:\Documents and Settings\Gautier\Mes documents\Roms DS\Carte\scshell\SFTPMSI.exe
c:\Documents and Settings\Gautier\Mes documents\Roms DS\Carte\scshell orginal\SFTPMSI.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\aa_patch_280to281_generic.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\aa_patch_281to282_generic.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\aa_patch_282to283_generic.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\AA28FullInstaller_Generic.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CabalSetup_SG_080222.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\crysis_demo_jouable_1_anglais_77292.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\fear_combat_jeu_complet_francais.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\Rappelz_BetaFR.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\TmNationsESWC_Setup.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\trackmania_nations_forever_jeu_complet_multi-langues_240580.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\unreal_tournament_iii_bonus_map_pack_1_multi-langues_227588.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\WolfET.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\03.CSS_V17.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\CSS_Patch_v1_TO_v16_18-12-2006-DZ.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\CSS_Patch_v17_04-04-2007-DZ.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\CS-Source_Full_07_07_2005-DZ.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\TexturePack_COC.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\a ne pas toucher\Decompression.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\CS-Source_Full_07_07_2005-DZ\a ne pas toucher\VirtualExpander.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\Doom 3\Doom3.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\Unreal T 2004\Pulverisateur.exe
c:\Documents and Settings\Gautier\Mes documents\setup jeux\Unreal T 2004\UT2004.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\audacity-win-1.2.6.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\avast_avast_4.7.942_francais_anglais_11113.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\CamStudio20.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\cartinst.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\ccsetup204.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\ccsetup205.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\daemon-tools_daemon_tools_4.12.3_anglais_10729.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\dap86.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\DriverDetective.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\everesthome220.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\eyeinst.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\FHSetup.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\FixVundo.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\foobar2000_0.9.5.2.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GameCamSetup14.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GCLiteSetup14.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\gimp-2.4.2-i686-setup.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GIMPshop_0.1beta_Setup.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\Google_Earth_BZXE.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\GoogleSketchUpWEN.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\HamachiSetup-1.0.2.2-fr.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\HC2SetFR.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\Install_Messenger.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\joost_joost_1.0.2_beta_anglais_45160.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\mbam-setup.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\pack-vista-inspirat-2-1.0.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\pf-setup.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\pidgin-2.4.0.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\qc848fra.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SDFix.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\setup.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\setupfraps.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\spybotsd152.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SUPERAntiSpyware.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SUPERsetup.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\SUPERsetup2.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\udc.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\VirtumundoBeGone.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\VundoFix.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\winamp5531_full_emusic-7plus_fr-fr.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\winsos.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\wmp11-windowsxp-x86-FR-FR.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\wrar300fr.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\zlsSetup_65_737_000_fr.exe
c:\Documents and Settings\Gautier\Mes documents\setup logiciel\Avast clean\aswclnr.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\Gautier\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll
c:\Documents and Settings\Gautier\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\HOH_3\Hack.dll
c:\Documents and Settings\Gautier\Local Settings\Application Data\Microsoft\Messenger\gautiermartin@hotmail.fr\Sharing Folders\bryceofnice@hotmail.fr\P7_1.8\Hack.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_ORDI-DE-GAUTIER.tar.gz a l'adresse http://upload.malekal.com


Ça fait un sacrée rapport :-o
Je te remercie pour ton aide ^^

ok pour commencer il faut suivre les étapes :-)

1/ Fixer les lignes avec HijacThis
Est-ce que la fait ?

2/ tu n'as pas fait OTMoveIt ou tu n'as pas posté le rapport

3/ le rapport de DiagHelp que tu viens de poster ;-)
très bien mais j'aurais aimé que tu poste dans l'ordre.


Pour la suite poste le rapport de OTMoveIt

Ensuite Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+ C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

C’est ok pour hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:46, on 31/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ipconfig.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Gautier\Mes documents\setup logiciel\HiJackThis.exe
C:\WINDOWS\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: show/hide IEB Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
O9 - Extra 'Tools' menuitem: IE Booster Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://cid-15241e75edeecf4f.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
End of file - 9485 bytes


Le rapport d’OTMoveIt :

File/Folder C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\fla1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DF3E3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DFF489.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gautier\LOCALS~1\Temp\~DFF4BE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT016ce.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT058e1.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05312008_101453



Rapport SmitFraudFix v2.323 :

Rapport fait à 10:08:25,84, 31/05/2008
Executé à partir de C:\Documents and Settings\Gautier\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ipconfig.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gautier


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gautier\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gautier\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hercules Wireless G USB2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8263DDCC-D78D-47BE-A9E0-17495DD6478A}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Voila je pense que c’est bon :-)