Virus Infecté par Ip6fw dans system32

joisgoood Messages postés 13 Statut Membre -  
moK´s@ Messages postés 4410 Statut Membre -
Voici le log de navilog 1

Search Navipromo version 2.0.5 commencé le 2007-07-21 à 9:23:15.45

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Michel\Application Data ***

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

Processus caché(s) dans C:\WINDOWS\system32 :

*** Recherche fichiers ***

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Recherche Clé Magic Control

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********

3)Recherche Certificats :

*** Analyse Terminé le 2007-07-21 à 9:38:43.32 ***

Et voici un rapport de highjackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:41:53, on 2007-07-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\Content.IE5\86TQNC1L\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thetarotteam.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://joisgood.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://support.lenovo.com/fr/en/
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://support.lenovo.com/fr/en/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\dooep.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9783 bytes

Merci de pouvoir m'aider svp car je peux seulement aller en mode (avec) échec si j'utilise navilog1 en mode sans échec à chaque démarrage de l'ordi
Configuration: Windows XP sp2
Internet Explorer 7.0
Navilog1
Gestionnaire de sécurité antivirus de Bell

11 réponses

  1. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    tu es sur que tes protections sont active?

    pour clean :

    ¤Démarre en mode sans échec :
    Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
    (Si F8 ne marche pas utilise la touche F5)

    Puis ouvre le dossier clean et ouvre clean.cmd et choisis l'option 2.
    Redémarre normalement et poste le log clean.

    pendant que tu es en mode sans echec fais le sdfix en meme temps apres avoir fais l´option 2 de clean...

    et post les rapports..,

    @+
    1
  2. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut joisgoood,

    pas etonnant que tu soie infecté, tu n'as ni par feu ni anti virus!!!

    instal ceci :
    http://www.commentcamarche.net/download/telecharger-151-avast

    puis

    kerio 4.2.
    https://www.commentcamarche.net/telecharger/securite/13291-kerio/

    puis fais ceci :

    ¤ Télécharge Clean
    ----> http://www.malekal.com/download/clean.zip

    Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
    Un rapport va s'ouvrir, copie et colle le contenu ici

    et

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    * Redémarre ton ordinateur
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le processus de nettoyage.
    * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    * Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    @+

    J'veux bien; et toi???
    0
  3. joisgoood
     
    Oui jai un antivirus et firewall et antiespion
    0
  4. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    c´est quoid ton anti virus? par feu?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. joisgoood
     
    Bah mon antiviris s,apelle gestonnaire de sécurité sympatico (payant de bell) Cest antispywere firewall antivirus

    Voici le rapport de clean

    2007-07-21 a 10:30:29.62

    *** Recherche des fichiers dans C:
    C:\StubInstaller.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000??.dll" FOUND
    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000?.dll" FOUND
    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm000??.dll" FOUND
    *** Fin du rapport !
    0
  7. joisgoood
     
    Rapport de SDfix

    SDFix: Version 1.92

    Run by Administrateur on 2007-07-21 at 10:39

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    NtmlSvc
    runtime
    runtime2

    ImagePath:
    %SystemRoot%\System32\svchost.exe -k netsvcs
    \??\C:\WINDOWS\System32\drivers\runtime.sys
    \SystemRoot\system32\drivers\runtime2.sys

    NtmlSvc - Deleted

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\dt\2007-06-29_21-36-33-36407734 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-36-49-36424156 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-38-41-36536031 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-38-42-36536765 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-38-47-36542078 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-38-51-36545953 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-39-08-36563171 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-39-08-36563421 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-39-11-36566531 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-39-25-36579796 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-40-09-36623750 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-40-10-36624593 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-40-20-36635875 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-11-36686265 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-12-36686625 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-22-36697312 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-24-36699062 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-34-36708765 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-39-36713750 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-40-36714968 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-42-36716968 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-44-36718906 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-41-46-36721218 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-02-36736828 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-02-36737000 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-02-36737046 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-10-36745031 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-13-36748250 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-19-36754250 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-24-36758578 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-25-36759656 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-28-36763218 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-42-59-36794343 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-00-36795390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-07-36802203 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-09-36803640 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-13-36808343 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-21-36816140 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-22-36817296 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-23-36818546 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-24-36819531 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-28-36822687 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-29-36824046 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-31-36825828 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-32-36826921 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-33-36828171 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-34-36829500 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-36-36830937 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-38-36836203 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-42-36836812 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-43-36838546 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-45-36839593 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-48-36843109 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-43-56-36851437 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-06-36861328 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-09-36863859 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-10-36865046 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-12-36867390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-13-36867828 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-14-36869218 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-20-36874656 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-24-36878609 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-27-36882515 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-29-36884218 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-32-36886656 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-34-36888937 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-37-36892125 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-41-36895859 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-44-36899359 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-44-51-36905921 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-45-04-36918671 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-45-08-36922890 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-45-16-36930937 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-45-22-36936875 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-04-36978609 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-07-36981968 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-32-37007390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-32-37007500 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-34-37008671 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-36-37010968 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-37-37011796 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-38-37013390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-40-37015015 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-42-37016578 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-43-37018203 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-45-37019781 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-46-37021390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-48-37022984 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-50-37024578 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-51-37026171 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-53-37027750 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-54-37029359 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-56-37030953 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-58-37032578 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-58-37032890 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-59-37034140 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-46-59-37034265 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-06-37040609 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-41-37075921 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-41-37076062 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-43-37077671 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-43-37077812 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-44-37079406 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-44-37079531 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-46-37081125 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-46-37081281 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-48-37082859 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-48-37083000 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-50-37084593 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-50-37084734 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-51-37086312 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-51-37086468 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-53-37088046 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-53-37088203 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-56-37091250 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-56-37091359 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-58-37092968 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-47-58-37093125 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-01-37095687 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-01-37095843 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-19-37114031 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-21-37116078 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-24-37118718 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-24-37119015 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-25-37119609 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-25-37120015 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-25-37120421 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-26-37121421 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-27-37121703 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-28-37122578 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-28-37123312 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-32-37126937 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-37-37132328 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-40-37134765 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-48-49-37144125 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-49-25-37180328 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-49-48-37203171 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-49-58-37213031 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-50-01-37215625 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-50-02-37216625 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-06-37281265 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-07-37281828 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-10-37284812 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-12-37287015 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-13-37287828 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-15-37290343 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-16-37291125 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-19-37293890 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-23-37298218 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-28-37303343 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-29-37303593 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-30-37304968 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-32-37307296 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-34-37308937 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-38-37312750 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-38-37313187 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-39-37313593 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-39-37314078 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-41-37315625 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-46-37320921 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-51-49-37324078 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-01-37336406 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-04-37339375 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-07-37342375 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-07-37342468 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-10-37345390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-13-37348390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-16-37351390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-19-37354375 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-22-37357468 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-25-37360375 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-28-37363406 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-34-37369437 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-37-37372375 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-40-37375375 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-43-37378390 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-52-46-37381406 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-53-04-37399015 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-53-45-37440234 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-53-54-37449328 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-53-58-37453250 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-54-02-37457015 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-54-05-37460437 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-54-25-37479656 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-54-26-37481515 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-55-14-37529171 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-55-37-37551890 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-55-39-37553984 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-56-21-37596046 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-56-22-37596906 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-56-26-37601078 - Deleted
    C:\WINDOWS\system32\dt\2007-06-29_21-56-29-37604156 - Deleted
    C:\WINDOWS\system32\dt\2007-06-30_08-28-22-186046 - Deleted
    C:\WINDOWS\system32\dt\2007-06-30_08-28-22-186437 - Deleted
    C:\WINDOWS\system32\dt\2007-06-30_08-28-24-187656 - Deleted
    C:\WINDOWS\system32\dt\2007-06-30_08-28-29-192765 - Deleted
    C:\WINDOWS\system32\dt\2007-06-30_08-28-48-211750 - Deleted
    C:\WINDOWS\system32\dt\2007-06-30_08-30-02-286375 - Deleted
    C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll - Deleted
    C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll - Deleted
    C:\WINDOWS\system32\7_exception.nls - Deleted
    C:\WINDOWS\Temp\startdrv.exe - Deleted
    C:\WINDOWS\system32\drivers\runtime2.sys - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
    "C:\\Program Files\\Ares MP3\\AresMP3.exe"="C:\\Program Files\\Ares MP3\\AresMP3.exe:*:Enabled:AresMP3"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\TrackMania Sunrise Extreme Demo\\TmSunriseExtremeDemo.exe"="C:\\Program Files\\TrackMania Sunrise Extreme Demo\\TmSunriseExtremeDemo.exe:*:Enabled:TmSunriseExtremeDemo"
    "C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:Piolet"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
    "C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX"
    "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
    "C:\\Program Files\\PlayLinc\\PlayLincV.exe"="C:\\Program Files\\PlayLinc\\PlayLincV.exe:*:Enabled:PlayLinc.dll"
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\\Program Files\\Robot Arena\\robot arena.exe"="C:\\Program Files\\Robot Arena\\robot arena.exe:*:Enabled:Robot Arena"
    "C:\\Program Files\\FarStone\\Vdn\\VDNClient.exe"="C:\\Program Files\\FarStone\\Vdn\\VDNClient.exe:*:Enabled:VirtualDrive Network Client"
    "C:\\Program Files\\NFS\\Speed.exe"="C:\\Program Files\\NFS\\Speed.exe:*:Enabled:Speed"
    "C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Enabled:Speed"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\Michel\Application Data\Microsoft\Word\~WRL0387.tmp
    C:\Documents and Settings\Michel\Application Data\Microsoft\Word\~WRL2298.tmp
    C:\Documents and Settings\Administrateur\Application Data\Bell\Sympatico Security Advisor\downloads\Bell_Welcome_v2.41.zip.dir\en\images\Thumbs.db
    C:\Documents and Settings\Administrateur\Application Data\Bell\Sympatico Security Advisor\downloads\Bell_Welcome_v2.41.zip.dir\fr\images\Thumbs.db
    C:\Documents and Settings\Michel\Application Data\Bell\Sympatico Security Advisor\downloads\Bell_Welcome_v2.41.zip.dir\en\images\Thumbs.db
    C:\Documents and Settings\Michel\Application Data\Bell\Sympatico Security Advisor\downloads\Bell_Welcome_v2.41.zip.dir\fr\images\Thumbs.db

    Finished

    Et rapport de hijackthis

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:49:21, on 2007-07-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
    C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Michel\Mes documents\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thetarotteam.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe
    O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
    O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://joisgood.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://support.lenovo.com/fr/en/
    O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://support.lenovo.com/fr/en/
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\dooep.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  8. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    ah bah quand meme!!!! bien infecté...

    tu as fais clean ?

    avec hiajack this coche ceci :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/
    O22 - SharedTaskScheduler: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\dooep.dll (file missing)

    quitte tes applications et navigateur et fix les lignes ci dessus.

    comment fixer :

    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    par le panneau de configuration / ajout et suppression de programme supprime ceci :

    PowerReg Scheduler V3

    puis telecharge ceci :

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\Video ActiveX Access\iesmn.exe
    c:\PowerReg Scheduler V3.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

    c´est quoi ce programme ?

    C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"

    c´est tes protections?

    puis fais ceci :

    * Télécharge combofix.exe (par sUBs) sur ton Bureau.

    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    * Double clique combofix.exe.
    * Tape sur la touche 1 (Yes) pour démarrer le scan.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    @+

    0
  9. joisgoood
     
    Merci maintenant tout marche nikel grace a toi. Merci beaucoup pour ton aide et ton conseil :)
    0
  10. moK´s@ Messages postés 4410 Statut Membre 89
     
    c´est pas fini ou sont les rapports???

    0
  11. joisgoood
     
    Bah tout marche bien mais bon si tu veux

    [code]
    2006-03-02 08:00 29056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir
    2007-07-21 11:22 774 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_FOPF.reg.cf

    Structure du dossier
    Le num‚ro de s‚rie du volume est 50E6-0415
    C:\QOOBOX
    \---Quarantine
    +---C
    | \---WINDOWS
    | \---system32
    | \---drivers
    | ip6fw.sys.vir
    |
    \---Registry_backups
    LEGACY_FOPF.reg.cf

    [/code]

    "Michel" - 2007-07-21 11:20:30 - ComboFix 07-07-21.5 - Service Pack 2 NTFS

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\drivers\ip6fw.sys

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_FOPF

    ((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))

    2007-07-21 11:20 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-21 10:39 <REP> d-------- C:\WINDOWS\ERUNT
    2007-07-21 10:34 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-07-21 10:34 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-07-21 10:34 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-07-21 10:34 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-07-21 10:34 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-07-21 10:34 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-07-21 10:34 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-07-21 10:34 <REP> d-------- C:\Program Files\Alwil Software
    2007-07-21 09:22 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-07-21 09:13 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2007-07-16 06:10 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
    2007-07-15 21:41 <REP> d-------- C:\Program Files\Navilog1
    2007-07-15 21:08 <REP> d-------- C:\VundoFix Backups
    2007-07-15 18:56 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-15 17:32 <REP> d-------- C:\DOCUME~1\ADMINI~1\Contacts
    2007-07-14 18:09 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-07-14 18:00 <REP> d-------- C:\Program Files\Agnitum
    2007-07-14 17:38 <REP> d-------- C:\DOCUME~1\Michel\APPLIC~1\Simply Super Software
    2007-07-14 17:38 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
    2007-07-14 17:27 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
    2007-07-14 17:27 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
    2007-07-14 17:27 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
    2007-07-14 17:27 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
    2007-07-14 17:27 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2007-07-14 17:27 <REP> d-------- C:\Program Files\Trojan Remover
    2007-07-14 17:27 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Simply Super Software
    2007-07-06 17:10 1,054,242 --a------ C:\WINDOWS\system32\ygwtfvtu.ini.ren
    2007-07-06 17:07 <REP> d-------- C:\Program Files\a-squared Free
    2007-07-06 17:04 1,328,168 --a------ C:\WINDOWS\system32\jmllm.bak2.ren
    2007-07-06 16:28 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-07-06 16:18 266,336 --a------ C:\WINDOWS\system32\mllmj.dll.ren
    2007-07-06 16:18 1,328,327 --ahs---- C:\WINDOWS\system32\jmllm.ini.ren
    2007-07-06 16:18 1,328,168 --a------ C:\WINDOWS\system32\jmllm.bak1.ren
    2007-07-06 16:16 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Bell
    2007-07-06 14:36 <REP> d-------- C:\GTR
    2007-07-04 14:51 <REP> d-------- C:\Program Files\Codemasters
    2007-07-01 10:33 <REP> d-------- C:\Program Files\Copie (2) de Diablo II
    2007-06-29 21:36 <REP> d-------- C:\WINDOWS\system32\dt
    2007-06-29 20:45 <REP> d-------- C:\WINDOWS\.jagex_cache_32
    2007-06-29 20:40 <REP> d-------- C:\WINDOWS\.jagex_cache_34
    2007-06-28 15:03 <REP> d-------- C:\Program Files\Rockstar Games
    2007-06-27 13:46 <REP> d--hs---- C:\UGA6PV
    2007-06-27 13:46 <REP> d-------- C:\DOCUME~1\Michel\APPLIC~1\ProtectionAssuree
    2007-06-27 13:45 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-06-27 13:45 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-06-27 13:45 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
    2007-06-26 13:03 40,547 --a------ C:\WINDOWS\DIIUnin.dat
    2007-06-26 13:02 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2007-06-26 13:02 102,400 --a------ C:\WINDOWS\DIIUnin.exe
    2007-06-26 12:01 <REP> d-------- C:\Program Files\Diablo II

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2063-09-19 05:50:50 5,501 ----a-w C:\WINDOWS\system32\rtclmg32.dll
    2007-07-21 15:16:10 -------- d-----w C:\Program Files\QuickTime
    2007-07-21 01:14:53 -------- d-----w C:\Program Files\TrackMania Nations ESWC
    2007-07-21 00:51:26 83,476 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-07-21 00:51:26 504,040 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-07-21 00:49:18 -------- d-----w C:\Program Files\Fichiers communs\Command Software
    2007-07-06 21:58:13 -------- d-----w C:\Program Files\mm.BOT
    2007-07-06 18:04:21 -------- d-----w C:\DOCUME~1\Michel\APPLIC~1\uTorrent
    2007-07-05 12:57:21 -------- d-----w C:\Program Files\LimeWire
    2007-07-04 20:34:48 -------- d-----w C:\Program Files\Fichiers communs\PestPatrol
    2007-07-03 21:29:55 -------- d-----w C:\Program Files\StealthBot
    2007-07-02 21:50:52 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-07-02 21:49:52 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-26 19:41:55 -------- d-----w C:\DOCUME~1\Michel\APPLIC~1\teamspeak2
    2007-06-26 17:14:01 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2007-06-26 17:14:01 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2007-06-26 17:14:01 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2007-06-24 01:48:45 -------- d-----w C:\DOCUME~1\Michel\APPLIC~1\Skype
    2007-06-17 22:05:56 -------- d-----w C:\Program Files\DivX
    2007-06-17 18:20:05 -------- d-----w C:\Program Files\WarRock
    2007-06-17 18:09:07 -------- d-----w C:\DOCUME~1\Michel\APPLIC~1\InstallShield
    2007-06-14 21:58:15 -------- d-----w C:\Program Files\Microsoft FrontPage Express
    2007-06-09 23:08:05 -------- d-----w C:\Program Files\Windows Live
    2007-06-09 23:08:05 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-09 23:08:05 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-07 22:52:18 -------- d-----w C:\Program Files\PowerPoint to Video
    2007-06-04 20:46:12 -------- d-----w C:\Program Files\Winamp
    2007-06-03 21:25:24 -------- d-----w C:\Program Files\StealthBott
    2007-06-02 19:30:49 0 ----a-w C:\WINDOWS\PowerReg.dat
    2007-06-02 19:29:30 -------- d-----w C:\Program Files\Infogrames Interactive
    2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-05-25 20:43:26 -------- d-----w C:\Program Files\FastCapPro
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-27 23:07:48 79,384 ----a-r C:\WINDOWS\system32\avmontr.dll
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe]
    "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 20:36]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-05 17:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Tau Monitor"="C:\PROGRA~1\Agnitum\TAUSCA~1.7\taumon.exe" [2004-04-07 15:03]
    "SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2006-05-15 11:41]
    "Gestionnaire de sécurité"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2006-06-20 15:36]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 08:00]

    C:\Documents and Settings\Michel\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 17:05:56]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RUNDLL32]
    C:\WINDOWS\system32\RUNDLL32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "dvpapi"=2 (0x2)

    aspi - \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys - Advanced SCSI Programming Interface Driver
    css dvp - system32\DRIVERS\css-dvp.sys - CSS DVP
    egathdrv - \??\C:\WINDOWS\system32\EGATHDRV.SYS - IBM Access Support
    fetndis - system32\DRIVERS\fetnd5.sys - Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet
    fontcache3.0.0.0 - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0
    freedom - system32\DRIVERS\FREEDOM.SYS - Freedom Miniport
    freetdi - System32\Drivers\FreeTdi.sys - Radialpoint Filter (RPS-12798)
    gagp30kx - system32\DRIVERS\gagp30kx.sys - Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8
    hamachi_oem - system32\DRIVERS\gan_adapter.sys - PlayLinc Adapter
    idsvc - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - Windows CardSpace
    nettcpportsharing - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" - Net.Tcp Port Sharing Service
    papycpu2 - \SystemRoot\system32\drivers\papycpu2.sys
    prodrv06 - \SystemRoot\System32\drivers\prodrv06.sys - StarForce Protection Environment Driver v6
    prohlp02 - System32\drivers\prohlp02.sys - StarForce Protection Helper Driver v2
    psadd - system32\DRIVERS\psadd.sys - Lenovo Parties Service Access Device Driver
    sfdrv01 - System32\drivers\sfdrv01.sys - StarForce Protection Environment Driver (version 1.x)
    sfhlp01 - System32\drivers\sfhlp01.sys - StarForce Protection Helper Driver
    sfhlp02 - System32\drivers\sfhlp02.sys - StarForce Protection Helper Driver (version 2.x)
    sfsync02 - System32\drivers\sfsync02.sys - StarForce Protection Synchronization Driver (version 2.x)
    sfvfs02 - System32\drivers\sfvfs02.sys - StarForce Protection VFS Driver (version 2.x)
    viagfx - system32\DRIVERS\vtmini.sys - viagfx
    videx32 - system32\DRIVERS\videX32.sys
    xfilt - system32\DRIVERS\xfilt.sys - VIA SATA IDE Hot-plug Driver

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

    Contents of the 'Scheduled Tasks' folder
    2007-07-06 14:35:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-21 11:24:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-21 11:26:01 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-21 11:25

    --- E O F ---
    0
  12. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut joisgoood,

    comme tu etais pas mal infecté j´aimerais que tu passe ce scan en ligne, pour verifier...

    https://www.bitdefender.com/toolbox/

    Clique sur "I agree" et suis la manip.

    @+
    0