Sponcered Link

Bon j'ai fais tout ce que vous m'avez dit ,
je vous renvoit les raport




[b]SDFix: Version 1.187 [/b]
Run by Administrateur on 2008-06-04 at 18:02

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
MsSecurity1.209.4
FSRRECC

[b]Path [/b]:
C:\WINDOWS\winself.exe service
System32\drivers\fsrrecc.sys

MsSecurity1.209.4 - Deleted
FSRRECC - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\vtmp2\ktnv33.log - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\system32\drivers\FSRRECC.sys - Deleted



Folder C:\Temp\1cb - Removed




et voici le rapport de HIJACK


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:31, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\client\Local Settings\Temporary Internet Files\Content.IE5\TQ2UPVDA\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: mysidesearch browser optimizer - {108e65f8-989b-e210-fcec-7b3f5eb2f133} - C:\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll
O2 - BHO: (no name) - {1A931A5E-865E-4C4E-8F46-487B165C711D} - C:\WINDOWS\system32\rqRJYppQ.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3E216111-B74C-45DE-9EF5-C193994AB570} - (no file)
O2 - BHO: (no name) - {4A1BF1A7-4DFD-4AF7-9E04-3B2CA8D578AB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9984A5C6-1C6E-41B7-99BD-9813FAB80221} - C:\WINDOWS\system32\efcdBtQI.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: targetedbanner browser optimizer - {aee9f578-1868-5b06-6726-089db3b0595d} - C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [{dce3f953-40ad-cc43-991c-7e06d1ef23a8}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll" DllStart
O4 - HKLM\..\Run: [f8991b5e] rundll32.exe "C:\WINDOWS\system32\wsifwfbe.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntmkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jlwnw64k.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1211077782_742f3d5ef8b926ac5cb0d3c963373db9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Bonjour G!rly

j'ai fais ce que vous m'avez demander de faire

voici les rapport

Combofix.exe

ComboFix 08-06-04.1 - client 2008-06-05 15:31:44.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.191 [GMT -4:00]
Endroit: C:\Documents and Settings\client\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\client\Bureau\rapport\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll
C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll-unin­st.exe
C:\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll
C:\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll-unin­st.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wsifwfbe.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp
C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll
C:\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll
C:\WINDOWS\system32\4026c
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\evd2
C:\WINDOWS\system32\evd2\cnc1dll.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\Ucom1
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wIE6
C:\WINDOWS\system32\wIE6\fetchdll33.exe
C:\WINDOWS\system32\winpfz33.sys

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 17:56 . 2008-06-04 17:56 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-04 17:51 . 2008-06-04 18:20 <REP> d-------- C:\SDFix
2008-06-04 17:26 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-04 17:26 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-04 17:24 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-04 17:24 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-03 22:11 . 2008-06-03 22:11 <REP> d-------- C:\Program Files\Windows Defender
2008-06-02 21:00 . 2008-06-02 21:00 <REP> d-------- C:\Program Files\Lavasoft
2008-06-02 21:00 . 2008-06-02 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-02 20:59 . 2008-06-02 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-01 15:32 . 2008-06-01 15:32 <REP> d-------- C:\Documents and Settings\client\Application Data\Grisoft
2008-06-01 15:32 . 2008-06-01 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-01 15:32 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-31 17:40 . 2008-06-04 11:55 <REP> d--h----- C:\$AVG8.VAULT$
2008-05-31 17:37 . 2008-05-31 17:37 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-31 17:37 . 2008-05-31 17:37 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-31 17:37 . 2008-05-31 17:37 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-31 17:36 . 2008-06-04 09:51 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-31 17:36 . 2008-05-31 17:36 <REP> d-------- C:\Program Files\AVG
2008-05-31 17:36 . 2008-05-31 17:50 <REP> d-------- C:\Documents and Settings\client\Application Data\AVGTOOLBAR
2008-05-31 17:36 . 2008-05-31 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-31 17:34 . 2008-05-31 17:37 8,192 --a------ C:\Documents and Settings\test
2008-05-31 17:34 . 2008-05-31 17:37 8,192 --a------ C:\Documents and Settings\DIANEL~1
2008-05-31 17:02 . 2008-06-04 15:11 287 --a------ C:\WINDOWS\wininit.ini
2008-05-31 16:02 . 2008-06-04 17:36 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-31 16:02 . 2008-06-04 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 14:01 . 2008-05-31 14:01 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-05-31 14:01 . 2008-05-31 17:29 95,833 --a------ C:\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll-uninst.exe
2008-05-31 14:01 . 2008-05-31 14:01 63,909 --a------ C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll-uninst.exe
2008-05-27 14:53 . 2008-05-27 14:53 <REP> d-------- C:\Documents and Settings\client\Application Data\PlayFirst
2008-05-26 23:04 . 2008-05-26 23:04 <REP> d--h----- C:\WINDOWS\PIF
2008-05-24 10:59 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-24 10:59 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-24 10:59 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-24 10:59 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-24 10:59 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-24 10:59 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-24 10:59 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-24 10:59 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-05-19 00:01 . 2008-05-19 00:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-18 15:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-18 15:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-18 15:40 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-17 22:43 . 2008-05-21 23:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-17 22:29 . 2008-05-17 22:29 <REP> d-------- C:\WINDOWS\Sun
2008-05-17 22:29 . 2008-05-31 16:24 <REP> d-------- C:\Documents and Settings\client\Application Data\LimeWire
2008-05-17 22:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-17 22:28 . 2008-05-17 22:29 <REP> d-------- C:\Program Files\Java
2008-05-17 22:28 . 2008-05-17 22:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-05-17 22:26 . 2008-05-31 16:17 <REP> d-------- C:\Program Files\LimeWire
2008-05-17 22:06 . 2008-05-17 22:06 <REP> d-------- C:\Documents and Settings\client\Contacts
2008-05-17 22:03 . 2008-05-17 22:03 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-17 21:51 . 2008-05-17 22:03 <REP> d-------- C:\Program Files\Windows Live
2008-05-17 21:51 . 2008-05-17 22:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-17 21:51 . 2008-05-17 21:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 17:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_19.31.25.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 23:28:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 19:21:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-31 17:36 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-31 17:36 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-31 17:36 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 17:08 86016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 17:44 126976]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 12:34 69632]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 08:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-31 17:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-31 17:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-31 17:36]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-31 17:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f5c4335-f844-11dc-9e72-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL website\index.html

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-05 19:25:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 15:34:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-05 15:36:05
ComboFix-quarantined-files.txt 2008-06-05 19:36:01
ComboFix2.txt 2008-06-04 23:31:42

Pre-Run: 33,952,681,984 octets libres
Post-Run: 33,944,465,408 octets libres

178 --- E O F --- 2008-05-28 04:00:54




Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:52, on 2008-06-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\client\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1211077782_742f3d5ef8b926ac5cb0d3c963373db9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

voici le rapport


File/Folder C:\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll-unin­st.exe not found.
File/Folder C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll-unin­st.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_161003

voici le rapport de Malaware bite

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 829

16:49:29 2008-06-05
mbam-log-6-5-2008 (16-49-29).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 65048
Temps écoulé: 16 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP27\A0004123.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP34\A0012832.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Je ne parvient pas a faire toute les application que vous me demander
car quand je passe en mode sans echec on dirait que l'écran n'est pas assez grand
donc je ne voit pas tout et il est impossible de déplacer l'ecran vers le haut avec la sourie

bon vois la j'ai fais un scan comme vous me l'avez dit
parcontre j'aimmerait savoir si je doit remetre les parrametre
comme il était ? voici le rapport




Avira AntiVir Personal
Report file date: 5 juin 2008 18:46

Scanning for 1311701 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: INNSETECH133841

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:08:58
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 2008-06-01 21:37:36
ANTIVIR3.VDF : 7.0.4.150 124416 Bytes 2008-06-05 21:37:37
Engineversion : 8.1.0.51
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 15:58:21
AESCRIPT.DLL : 8.1.0.37 270715 Bytes 2008-06-05 21:37:53
AESCN.DLL : 8.1.0.20 119157 Bytes 2008-06-05 21:37:52
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-06-05 21:37:51
AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-06-05 21:37:49
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-06-05 21:37:47
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-06-05 21:37:46
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-06-05 21:37:42
AEGEN.DLL : 8.1.0.25 307573 Bytes 2008-06-05 21:37:41
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-06-05 21:37:39
AECORE.DLL : 8.1.0.30 168311 Bytes 2008-06-05 21:37:38
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 18:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 5 juin 2008 18:46

Starting search for hidden objects.
'39953' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '21' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b76daa.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b76db0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b76db5.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchBootconf.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b76dba.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b76dbf.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b76dd8.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvcinit.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b76ddc.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16dde.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16de2.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16de6.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16dec.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16df0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16df4.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC24.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e0d.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC25.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e12.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC26.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e16.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC28.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e19.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC29.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e1e.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e22.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC30.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e26.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC31.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e2a.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC32.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e2e.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e36.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e3a.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e3e.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e42.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e46.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e4a.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48b16e50.qua'!
C:\QooBox\Quarantine\catchme2008-06-04_192843.17.zip
[0] Archive type: ZIP
--> Documents and Settings/Administrateur/Bureau/catchme.zip
[1] Archive type: ZIP
--> FSRRECC.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\{83c61599-575c-5b31-c005-31d2296dc96c}.dll.vir
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\{8db000ce-e03b-aefa-3ab8-0c85f4353d50}.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.cmd
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\evd2\cnc1dll.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP28\A0004228.dll
[DETECTION] Is the Trojan horse TR/BHO.cmd
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP34\A0012827.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP34\A0012829.dll
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP34\A0012830.dll
[DETECTION] Is the Trojan horse TR/BHO.cmd
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP34\A0012878.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D677C16A-4DE3-4FCB-9172-7BA5DC70BBB1}\RP34\A0012879.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!


End of the scan: 5 juin 2008 19:13
Used time: 27:21 min

The scan has been done completely.

3571 Scanning directories
102384 Files were scanned
10 viruses and/or unwanted programs were found
29 Files were classified as suspicious:
10 files were deleted
0 files were repaired
29 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
102374 Files not concerned
1275 Archives were scanned
1 Warnings
39 Notes
39953 Objects were scanned with rootkit scan
0 Hidden objects were found