fenêtres intempestives IE7 intitulées 'advertissement' + problème msn

MSNFix 1.674

L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNFix
Fix exécuté le 08/03/2008 - 13:24:11,50 By Najar
mode normal

************************ Recherche les fichiers présents

... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
... L:\WINDOWS1\mrofinu*.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
/!\ ... L:\WINDOWS1\mrofinu*.exe



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
.. OK ... L:\WINDOWS1\mrofinu*.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[L:\HijackThis.exe] E8269245566BE948F6A219135B434160

[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier L:\DOCUME~1\NAJAR~1.NAJ\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08032008_13271923.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

ComboFix 08-03-07.4 - Najar 2008-03-08 13:41:12.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1057 [GMT 1:00]
Endroit: L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\inst.exe
L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu Démarrer\Programmes\Outerinfo
L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
L:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
L:\Program Files\NetMeeting\xuvemejifs.html
L:\Program Files\outerinfo
L:\Program Files\outerinfo\FF\chrome.manifest
L:\Program Files\outerinfo\FF\components\FF.dll
L:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
L:\Program Files\outerinfo\FF\install.rdf
L:\Program Files\outerinfo\Terms.rtf
L:\WINDOWS1\mrofinu1423.exe
L:\WINDOWS1\sembly~1
L:\WINDOWS1\sembly~1\??sembly\
L:\WINDOWS1\sembly~1\wucrtupd.exe
L:\WINDOWS1\system32\dobe~1
L:\WINDOWS1\system32\dobe~1\w?auclt.exe
L:\WINDOWS1\system32\jybirmq.dll
L:\WINDOWS1\tk58.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_IPRIP
-------\Iprip


((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
.

2008-03-08 13:48 . 0 L:\WINDOWS1\FILELOCK.TMP
2008-03-08 12:34 . 2007-07-30 19:19 271,224 --a------ L:\WINDOWS1\system32\mucltui.dll
2008-03-08 12:34 . 2007-07-30 19:19 207,736 --a------ L:\WINDOWS1\system32\muweb.dll
2008-03-08 12:34 . 2007-07-30 19:18 30,072 --a------ L:\WINDOWS1\system32\mucltui.dll.mui
2008-03-07 21:07 . 2008-03-07 21:07 <REP> d--hsc--- L:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-07 21:07 . 2008-03-07 21:07 <REP> d-------- L:\Documents and Settings\All Users.WINDOWS1\Application Data\WLInstaller
2008-03-07 20:17 . 2008-03-07 20:17 149 --a------ L:\Delme.bat
2008-03-07 20:12 . 2008-03-07 20:19 <REP> d-------- L:\Program Files\Navilog1
2008-03-07 19:56 . 2008-03-07 19:56 <REP> d-------- L:\Program Files\CleanUp!
2008-03-07 18:11 . 2008-03-07 18:11 82 --a------ L:\WINDOWS1\system32\DelReboot
2008-03-07 15:41 . 2008-03-07 15:41 136,627 --a------ L:\WINDOWS1\POTA777444.exe
2008-03-05 23:36 . 2008-03-07 20:33 15,086 --a------ L:\WINDOWS1\system32\FreePokerBonus.ico
2008-03-05 23:36 . 2008-03-07 20:33 9,662 --a------ L:\WINDOWS1\system32\ZoneAlarmIconFR.ico
2008-03-05 23:10 . 2008-03-05 23:10 <REP> d-------- L:\Program Files\nvcoi
2008-03-05 21:21 . 2008-03-05 21:21 <REP> d-------- L:\BackUpMSNCleaner
2008-03-05 15:16 . 2008-03-05 15:16 9,296 --a------ L:\WINDOWS1\system32\pjkrox.exe
2008-03-04 22:43 . 2008-03-07 19:57 37,376 --a------ L:\WINDOWS1\mrofinu1423.MSNFix
2008-03-04 22:43 . 2008-03-06 14:00 37,376 --a------ L:\WINDOWS1\mrofinu1423.exe.MSNFix
2008-03-04 21:36 . 2008-03-06 15:24 <REP> d-------- L:\Program Files\StuffPlug3
2008-03-04 19:47 . 2008-03-04 19:47 2,563 --a------ L:\WINDOWS1\image.jpg
2008-03-01 12:37 . 2008-03-01 12:37 268 --ah----- L:\sqmdata07.sqm
2008-03-01 12:37 . 2008-03-01 12:37 244 --ah----- L:\sqmnoopt07.sqm
2008-02-19 17:01 . 2008-03-08 13:47 <REP> d-------- L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\OpenOffice.org2
2008-02-19 16:57 . 2008-02-19 16:57 <REP> d-------- L:\Program Files\OpenOffice.org 2.3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 12:47 --------- d-----w L:\Program Files\WinTV
2008-03-08 12:30 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\MEGAUPLOADTOOLBAR
2008-03-08 11:47 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\Google Updater
2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam12312
2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam111
2008-03-07 19:02 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\Vso
2008-03-05 22:20 10 ----a-w L:\Program Files\.autoreg
2008-03-04 20:36 --------- d-----w L:\Program Files\MSN Messenger
2008-03-04 14:25 --------- d-----w L:\Program Files\MessengerDiscovery
2008-03-03 13:43 --------- d-----w L:\Program Files\Windows Live Safety Center
2008-02-29 20:35 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\uTorrent
2008-02-17 11:36 --------- d-----w L:\Program Files\Everest Poker
2008-02-09 08:45 --------- d-----w L:\Program Files\Messenger Plus! Live
2008-02-01 14:27 --------- d-----w L:\Program Files\Realtek AC97
2008-02-01 14:27 --------- d-----w L:\Program Files\RAR Password Cracker
2008-01-27 20:10 --------- d-----w L:\Program Files\InterActual
2008-01-27 17:23 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\FLEXnet
2008-01-26 15:44 --------- d-----w L:\Program Files\ElcomSoft
2007-09-08 19:05 37,704 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\GDIPFONTCACHEV1.DAT
2007-08-23 21:38 47,360 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\pcouffin.sys
2007-06-17 07:44 357 ----a-w L:\Documents and Settings\Najar\.cb_layout.bin
1998-10-15 09:04 37,136 ----a-w L:\Documents and Settings\Najar\regsvr32.exe
1998-10-15 09:04 222,976 ----a-w L:\Documents and Settings\Najar\mssce.exe
1998-07-16 12:15 1,215,720 ----a-w L:\Documents and Settings\Najar\immc.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ L:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82}]
2008-02-28 02:54 217088 --a------ L:\Program Files\Outlook Express\nixecolat777444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A}]
2008-03-07 15:41 70144 --a------ L:\Program Files\NetMeeting\temaxipyg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DB3454-0D6D-4552-B6A1-8821025A4C6E}]
2008-02-08 02:07 217088 --a------ L:\Program Files\Outlook Express\nixecolat821058.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]
L:\WINDOWS1\AutoUpdateWin31.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "L:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= L:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="L:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="L:\WINDOWS1\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"AdobeUpdater"="L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"nvcoi"="L:\Program Files\nvcoi\nvcoi.exe" [2008-03-05 23:10 57344]
"Aspl"="L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" [ ]
"Oqxgfx"="L:\WINDOWS1\system32\?dobe\w?auclt.exe" [ ]
"MSNCleaner"="L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"TkBellExe"="L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-26 18:16 185632]
"Adobe Photo Downloader"="L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]
"QuickTime Task"="L:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="L:\WINDOWS1\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=L:\WINDOWS1\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\AutoStart IR.lnk
backup=L:\WINDOWS1\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=L:\WINDOWS1\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=L:\WINDOWS1\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=L:\WINDOWS1\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=L:\WINDOWS1\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=L:\WINDOWS1\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=L:\WINDOWS1\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 L:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 L:\WINDOWS1\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-06-29 12:26 2806272 L:\WINDOWS1\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antihost]
L:\WINDOWS1\system32\ahr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-09-06 11:06 79224 L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 13:00 15360 L:\WINDOWS1\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
--a------ 2006-11-28 15:07 688128 L:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 13:00 208952 L:\WINDOWS1\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2000-07-12 13:14 311350 L:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-08-04 02:01 28739 L:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
L:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 13:00 59392 L:\WINDOWS1\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-23 01:47 360448 L:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 L:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
--------- 2005-01-07 16:07 61952 L:\WINDOWS1\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
--a------ 2007-08-04 06:50 24576 L:\WINDOWS1\WindowsUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-06-21 14:09 90112 L:\WINDOWS1\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 L:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-26 18:16 185632 L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 L:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2000-07-12 11:59 24576 L:\Program Files\Microsoft Works\wkfud.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"L:\\WINDOWS1\\system32\\ftp.exe"=
"L:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Windows.old\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Windows.old\\Program Files\\BitComet\\BitComet.exe"=
"G:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Windows.old\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"L:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"L:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"L:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"L:\\Program Files\\uTorrent\\uTorrent.exe"=
"L:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"L:\\DOCUME~1\\NAJAR~1.NAJ\\LOCALS~1\\Temp\\services.exe"=
"L:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"L:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11355:TCP"= 11355:TCP:BitComet 11355 TCP
"11355:UDP"= 11355:UDP:BitComet 11355 UDP
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDProtocole PNRP (Peer Name Resolution Protocol)
"9197:TCP"= 9197:TCP:BitComet 9197 TCP
"9197:UDP"= 9197:UDP:BitComet 9197 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 EPGService;EPGService;L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 16:17]
R2 Stuffit Archive Name Service;Service de nom d'archive StuffIt;"L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-10-08 10:07]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;L:\WINDOWS1\system32\drivers\hcw88bda.sys [2006-11-20 23:03]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;L:\WINDOWS1\system32\Drivers\hcw88rc5.sys [2006-11-20 23:03]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;L:\WINDOWS1\system32\drivers\hcw88tse.sys [2006-11-20 23:03]
R3 hcw88vid;Hauppauge WinTV 88x Video;L:\WINDOWS1\system32\drivers\hcw88vid.sys [2006-11-20 23:03]
S3 HauppaugeTVServer;HauppaugeTVServer;L:\PROGRA~1\WinTV\HCWTVS~1.EXE [2006-12-01 13:41]
S3 p2pgasvc;Authentification de groupe réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
S3 p2psvc;Réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-20 07:37:01 L:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- L:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 19:00:00 L:\WINDOWS1\Tasks\HPpromotions journeysoftware.job"
- L:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-03-08 12:47:43 L:\WINDOWS1\Tasks\XoftSpySE 2.job"
- L:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-26 09:23:22 L:\WINDOWS1\Tasks\XoftSpySE.job"
- L:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 13:47:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
L:\WINDOWS1\system32\Ati2evxx.exe
L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
L:\WINDOWS1\system32\Ati2evxx.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
L:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
L:\Program Files\Bonjour\mDNSResponder.exe
L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
L:\WINDOWS1\system32\HPZipm12.exe
L:\WINDOWS1\system32\tcpsvcs.exe
L:\WINDOWS1\System32\snmp.exe
L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-08 13:51:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 12:51:35
.
2008-02-13 11:25:56 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:29, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
L:\WINDOWS1\System32\smss.exe
L:\WINDOWS1\system32\winlogon.exe
L:\WINDOWS1\system32\services.exe
L:\WINDOWS1\system32\lsass.exe
L:\WINDOWS1\system32\Ati2evxx.exe
L:\WINDOWS1\system32\svchost.exe
L:\WINDOWS1\System32\svchost.exe
L:\WINDOWS1\system32\Ati2evxx.exe
L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
L:\WINDOWS1\system32\spoolsv.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
L:\Program Files\Bonjour\mDNSResponder.exe
L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
L:\WINDOWS1\system32\HPZipm12.exe
L:\WINDOWS1\system32\tcpsvcs.exe
L:\WINDOWS1\System32\snmp.exe
L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
L:\WINDOWS1\system32\svchost.exe
L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
L:\WINDOWS1\Explorer.EXE
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
L:\WINDOWS1\system32\ctfmon.exe
L:\WINDOWS1\System32\svchost.exe
L:\Program Files\nvcoi\nvcoi.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
L:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
L:\PROGRA~1\MOZILL~1\FIREFOX.EXE
L:\Program Files\Windows Live\Messenger\usnsvc.exe
L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\Installations\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - L:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82} - L:\Program Files\Outlook Express\nixecolat777444.dll
O2 - BHO: 0 - {6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A} - L:\Program Files\NetMeeting\temaxipyg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96DB3454-0D6D-4552-B6A1-8821025A4C6E} - L:\Program Files\Outlook Express\nixecolat821058.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - L:\WINDOWS1\AutoUpdateWin31.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - L:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - L:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] L:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [nvcoi] L:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [Aspl] "L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [Oqxgfx] L:\WINDOWS1\system32\?dobe\w?auclt.exe
O4 - HKCU\..\Run: [MSNCleaner] L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = L:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - L:\Documents and Settings\All Users.WINDOWS1\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicma [...] Plugin.CAB
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - L:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPGService - Hauppauge Computer Works - L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - L:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - L:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Service de nom d'archive StuffIt (Stuffit Archive Name Service) - Smith Micro Software, Inc. - L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

--
End of file - 9040 bytes

AntiVir PersonalEdition Classic
Report file date: mardi 11 mars 2008 15:31

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Najar
Computer name: NAJAR-A214FC33B

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: L:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 11 mars 2008 15:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ArcNameService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'EPGService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'MessengerDiscovery Live.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'nvcoi.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Start scanning boot sectors:
Boot sector 'L:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).


Starting the file scan:

Begin scan in 'L:\WINDOWS1\system32'
L:\WINDOWS1\system32\pjkrox.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48419889.qua'!
L:\WINDOWS1\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mardi 11 mars 2008 15:34
Used time: 02:37 min

The scan has been done completely.

181 Scanning directories
7138 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
7137 Files not concerned
9 Archives were scanned
1 Warnings
0 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:15, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
L:\WINDOWS1\System32\smss.exe
L:\WINDOWS1\system32\winlogon.exe
L:\WINDOWS1\system32\services.exe
L:\WINDOWS1\system32\lsass.exe
L:\WINDOWS1\system32\Ati2evxx.exe
L:\WINDOWS1\system32\svchost.exe
L:\WINDOWS1\System32\svchost.exe
L:\WINDOWS1\system32\Ati2evxx.exe
L:\WINDOWS1\system32\spoolsv.exe
L:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
L:\WINDOWS1\Explorer.EXE
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
L:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
L:\WINDOWS1\system32\ctfmon.exe
L:\Program Files\nvcoi\nvcoi.exe
L:\Program Files\DAEMON Tools\daemon.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
L:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
L:\Program Files\Bonjour\mDNSResponder.exe
L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
L:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
L:\WINDOWS1\system32\HPZipm12.exe
L:\WINDOWS1\system32\tcpsvcs.exe
L:\WINDOWS1\System32\snmp.exe
L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
L:\WINDOWS1\system32\svchost.exe
L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
L:\WINDOWS1\System32\svchost.exe
L:\Program Files\Windows Live\Messenger\usnsvc.exe
L:\PROGRA~1\MOZILL~1\FIREFOX.EXE
L:\WINDOWS1\system32\wuauclt.exe
L:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\Installations\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - L:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82} - L:\Program Files\Outlook Express\nixecolat777444.dll
O2 - BHO: 0 - {6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A} - L:\Program Files\NetMeeting\temaxipyg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96DB3454-0D6D-4552-B6A1-8821025A4C6E} - L:\Program Files\Outlook Express\nixecolat821058.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - L:\WINDOWS1\AutoUpdateWin31.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - L:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - L:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "L:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] L:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [nvcoi] L:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [Aspl] "L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [Oqxgfx] L:\WINDOWS1\system32\?dobe\w?auclt.exe
O4 - HKCU\..\Run: [MSNCleaner] L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe
O4 - HKCU\..\Run: [DAEMON Tools] "L:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = L:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - L:\Documents and Settings\All Users.WINDOWS1\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicma [...] Plugin.CAB
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - L:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - L:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - L:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPGService - Hauppauge Computer Works - L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - L:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - L:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Service de nom d'archive StuffIt (Stuffit Archive Name Service) - Smith Micro Software, Inc. - L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

--
End of file - 9391 bytes

ComboFix 08-03-07.4 - Najar 2008-03-14 19:47:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.942 [GMT 1:00]
Endroit: L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))))))))
.

2008-03-11 15:31 . 2008-03-11 15:31 <REP> d-------- L:\Program Files\Avira
2008-03-11 15:31 . 2008-03-11 15:31 <REP> d-------- L:\Documents and Settings\All Users.WINDOWS1\Application Data\Avira
2008-03-08 23:36 . 2008-03-08 23:36 <REP> d-------- L:\Program Files\Windows Journal Viewer
2008-03-08 12:34 . 2007-07-30 19:19 271,224 --a------ L:\WINDOWS1\system32\mucltui.dll
2008-03-08 12:34 . 2007-07-30 19:19 207,736 --a------ L:\WINDOWS1\system32\muweb.dll
2008-03-08 12:34 . 2007-07-30 19:18 30,072 --a------ L:\WINDOWS1\system32\mucltui.dll.mui
2008-03-07 21:07 . 2008-03-07 21:07 <REP> d--hsc--- L:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-07 21:07 . 2008-03-07 21:07 <REP> d-------- L:\Documents and Settings\All Users.WINDOWS1\Application Data\WLInstaller
2008-03-07 20:17 . 2008-03-07 20:17 149 --a------ L:\Delme.bat
2008-03-07 20:12 . 2008-03-07 20:19 <REP> d-------- L:\Program Files\Navilog1
2008-03-07 19:56 . 2008-03-07 19:56 <REP> d-------- L:\Program Files\CleanUp!
2008-03-07 18:11 . 2008-03-07 18:11 82 --a------ L:\WINDOWS1\system32\DelReboot
2008-03-07 15:41 . 2008-03-07 15:41 136,627 --a------ L:\WINDOWS1\POTA777444.exe
2008-03-05 23:36 . 2008-03-07 20:33 15,086 --a------ L:\WINDOWS1\system32\FreePokerBonus.ico
2008-03-05 23:36 . 2008-03-07 20:33 9,662 --a------ L:\WINDOWS1\system32\ZoneAlarmIconFR.ico
2008-03-05 23:10 . 2008-03-05 23:10 <REP> d-------- L:\Program Files\nvcoi
2008-03-05 21:21 . 2008-03-05 21:21 <REP> d-------- L:\BackUpMSNCleaner
2008-03-04 22:43 . 2008-03-07 19:57 37,376 --a------ L:\WINDOWS1\mrofinu1423.MSNFix
2008-03-04 22:43 . 2008-03-06 14:00 37,376 --a------ L:\WINDOWS1\mrofinu1423.exe.MSNFix
2008-03-04 21:36 . 2008-03-06 15:24 <REP> d-------- L:\Program Files\StuffPlug3
2008-03-04 19:47 . 2008-03-04 19:47 2,563 --a------ L:\WINDOWS1\image.jpg
2008-03-01 12:37 . 2008-03-01 12:37 268 --ah----- L:\sqmdata07.sqm
2008-03-01 12:37 . 2008-03-01 12:37 244 --ah----- L:\sqmnoopt07.sqm
2008-02-19 17:01 . 2008-03-14 12:20 <REP> d-------- L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\OpenOffice.org2
2008-02-19 16:57 . 2008-02-19 16:57 <REP> d-------- L:\Program Files\OpenOffice.org 2.3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 18:38 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\MEGAUPLOADTOOLBAR
2008-03-14 17:47 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\Google Updater
2008-03-14 11:20 --------- d-----w L:\Program Files\WinTV
2008-03-13 19:43 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\uTorrent
2008-03-12 19:13 --------- d-----w L:\Program Files\Windows Live Safety Center
2008-03-12 07:46 --------- d-----w L:\Program Files\DAEMON Tools
2008-03-12 07:43 682,232 ----a-w L:\WINDOWS1\system32\drivers\sptd.sys
2008-03-12 07:42 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\Vso
2008-03-11 13:46 --------- d-----w L:\Program Files\Alwil Software
2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam12312
2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam111
2008-03-05 22:20 10 ----a-w L:\Program Files\.autoreg
2008-03-04 20:36 --------- d-----w L:\Program Files\MSN Messenger
2008-03-04 14:25 --------- d-----w L:\Program Files\MessengerDiscovery
2008-02-17 11:36 --------- d-----w L:\Program Files\Everest Poker
2008-02-09 08:45 --------- d-----w L:\Program Files\Messenger Plus! Live
2008-02-01 14:27 --------- d-----w L:\Program Files\Realtek AC97
2008-02-01 14:27 --------- d-----w L:\Program Files\RAR Password Cracker
2008-01-27 20:10 --------- d-----w L:\Program Files\InterActual
2008-01-27 17:23 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\FLEXnet
2008-01-26 15:44 --------- d-----w L:\Program Files\ElcomSoft
2007-09-08 19:05 37,704 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\GDIPFONTCACHEV1.DAT
2007-08-23 21:38 47,360 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\pcouffin.sys
2007-06-17 07:44 357 ----a-w L:\Documents and Settings\Najar\.cb_layout.bin
1998-10-15 09:04 37,136 ----a-w L:\Documents and Settings\Najar\regsvr32.exe
1998-10-15 09:04 222,976 ----a-w L:\Documents and Settings\Najar\mssce.exe
1998-07-16 12:15 1,215,720 ----a-w L:\Documents and Settings\Najar\immc.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-08_13.51.22.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-08 22:36:47 65,536 ----a-r L:\WINDOWS1\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}\_C68C351F090F4EF39AFB6B7B54014C9E.exe
+ 2008-03-14 12:14:52 5,208 ----a-w L:\WINDOWS1\SoftwareDistribution\EventCache\{DAC869A7-EFD5-4FC2-8F56-38D3EA336CAB}.bin
+ 2007-08-09 12:04:11 40,768 ----a-w L:\WINDOWS1\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w L:\WINDOWS1\system32\drivers\avgntmgr.sys
+ 2008-03-12 07:49:31 61,632 ----a-w L:\WINDOWS1\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w L:\WINDOWS1\system32\drivers\ssmdrv.sys
+ 2004-08-03 23:56:44 207,360 ----a-w L:\WINDOWS1\system32\inked.dll
+ 2004-08-03 23:56:58 293,376 ----a-w L:\WINDOWS1\system32\wisptis.exe
+ 2008-03-14 11:20:49 16,384 ----atw L:\WINDOWS1\Temp\Perflib_Perfdata_88c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ L:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82}]
2008-02-28 02:54 217088 --a------ L:\Program Files\Outlook Express\nixecolat777444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DB3454-0D6D-4552-B6A1-8821025A4C6E}]
2008-02-08 02:07 217088 --a------ L:\Program Files\Outlook Express\nixecolat821058.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "L:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= L:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="L:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="L:\WINDOWS1\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"AdobeUpdater"="L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"DAEMON Tools"="L:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"TkBellExe"="L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-26 18:16 185632]
"Adobe Photo Downloader"="L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]
"QuickTime Task"="L:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"avgnt"="L:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-12 08:49 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="L:\WINDOWS1\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - L:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=L:\WINDOWS1\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\AutoStart IR.lnk
backup=L:\WINDOWS1\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=L:\WINDOWS1\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=L:\WINDOWS1\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=L:\WINDOWS1\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=L:\WINDOWS1\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=L:\WINDOWS1\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=L:\WINDOWS1\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 L:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 L:\WINDOWS1\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-06-29 12:26 2806272 L:\WINDOWS1\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antihost]
L:\WINDOWS1\system32\ahr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 13:00 15360 L:\WINDOWS1\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
--a------ 2006-11-28 15:07 688128 L:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 13:00 208952 L:\WINDOWS1\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2000-07-12 13:14 311350 L:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-08-04 02:01 28739 L:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
L:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 13:00 59392 L:\WINDOWS1\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-23 01:47 360448 L:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 L:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
--------- 2005-01-07 16:07 61952 L:\WINDOWS1\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
--a------ 2007-08-04 06:50 24576 L:\WINDOWS1\WindowsUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-06-21 14:09 90112 L:\WINDOWS1\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 L:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-26 18:16 185632 L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 L:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2000-07-12 11:59 24576 L:\Program Files\Microsoft Works\wkfud.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"L:\\WINDOWS1\\system32\\ftp.exe"=
"L:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Windows.old\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Windows.old\\Program Files\\BitComet\\BitComet.exe"=
"G:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Windows.old\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"L:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"L:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"L:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"L:\\Program Files\\uTorrent\\uTorrent.exe"=
"L:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"L:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"L:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11355:TCP"= 11355:TCP:BitComet 11355 TCP
"11355:UDP"= 11355:UDP:BitComet 11355 UDP
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDProtocole PNRP (Peer Name Resolution Protocol)
"9197:TCP"= 9197:TCP:BitComet 9197 TCP
"9197:UDP"= 9197:UDP:BitComet 9197 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 EPGService;EPGService;L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 16:17]
R2 Stuffit Archive Name Service;Service de nom d'archive StuffIt;"L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-10-08 10:07]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;L:\WINDOWS1\system32\drivers\hcw88bda.sys [2006-11-20 23:03]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;L:\WINDOWS1\system32\Drivers\hcw88rc5.sys [2006-11-20 23:03]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;L:\WINDOWS1\system32\drivers\hcw88tse.sys [2006-11-20 23:03]
R3 hcw88vid;Hauppauge WinTV 88x Video;L:\WINDOWS1\system32\drivers\hcw88vid.sys [2006-11-20 23:03]
S3 HauppaugeTVServer;HauppaugeTVServer;L:\PROGRA~1\WinTV\HCWTVS~1.EXE [2006-12-01 13:41]
S3 p2pgasvc;Authentification de groupe réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
S3 p2psvc;Réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-20 07:37:01 L:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- L:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 15:00:00 L:\WINDOWS1\Tasks\HPpromotions journeysoftware.job"
- L:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-03-14 16:00:00 L:\WINDOWS1\Tasks\XoftSpySE 2.job"
- L:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-26 09:23:22 L:\WINDOWS1\Tasks\XoftSpySE.job"
- L:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 19:51:21
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-14 19:51:57
ComboFix-quarantined-files.txt 2008-03-14 18:51:54
ComboFix2.txt 2008-03-08 12:51:39
.
2008-02-13 11:25:56 --- E O F ---