Virus party : rapport MSNfix - Page 3

Résolu
Précédent
  • 1
  • 2
  • 3
  1. sophie
     
    salut g!rly, voici le rapport adfix

    Ad-Fix v0.101e
    by gchris

    OPTION 1 (Scan) :

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Démarré à :

    9:35:12,53 10/12/2007

    Executé depuis :

    C:\Documents and Settings\Benjamin\Bureau\Ad-Fix

    Os :

    Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichier manquant

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichiers cachés (pas forcément mauvais)

    Fichiers cachés à la racine du disque système :

    boot.ini
    Bootfont.bin
    IO.SYS
    MSDOS.SYS
    NTDETECT.COM
    ntldr
    pagefile.sys
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    sqmnoopt02.sqm
    sqmnoopt03.sqm

    Fichiers cachés dans le répertoire Windows :

    WindowsShell.Manifest
    winnt.bmp
    winnt256.bmp

    Fichiers cachés dans le répertoire System32 :

    cdplayer.exe.manifest
    E6766994AD.sys
    KGyGaAvL.sys
    logonui.exe.manifest
    mpqss.ini
    mpqss.ini2
    ncpa.cpl.manifest
    nwc.cpl.manifest
    sapi.cpl.manifest
    WindowsLogon.manifest
    wuaucpl.cpl.manifest

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Analyse du registre

    ---------- USER AGENT -- POST PLATFORM

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    ----------

    ---------- AppInit_DLLs
    0
  2. sophie
     
    Salut g!rly,

    je suis désolée de ne pas t'avoir répondu plus tôt mais j'ai du m'absenter quelques jours, bref voici le rapport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:13:18, on 15/12/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\EPSON\ESM2\eEBSVC.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\txttjxav.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\System32\PnkBstrA.exe
    C:\WINDOWS\System32\PnkBstrB.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\Program Files\utorrent\utorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    F:\daemon tools\daemon.exe
    C:\DOCUME~1\Benjamin\APPLIC~1\RACLE~1\dexplore.exe
    C:\Program Files\WinAble\winable.exe
    C:\Documents and Settings\Benjamin\Application Data\?racle\?ti2evxx.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    E:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {093F13EC-B472-44C0-ACD7-94CEC61C9AA3} - C:\Program Files\Internet Explorer\menorus4444.dll
    O2 - BHO: (no name) - {27037ACB-24EE-46B2-8875-38078C2B8338} - C:\Program Files\Internet Explorer\menorus83122.dll
    O2 - BHO: (no name) - {502EECA6-40D9-4F8A-90D9-61343883FE42} - C:\WINDOWS\System32\ssqpm.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: {dbb3ca56-52b0-4ca8-1f34-c55ab8d9e27a} - {a72e9d8b-a55c-43f1-8ac4-0b2565ac3bbd} - C:\WINDOWS\System32\onrygumk.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\augjvpsf.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B5D8DD67-6D88-3A79-8B29-38E6738F5C97} - C:\WINDOWS\System32\ydx.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: 0 - {E04D5A82-8FFA-4BE0-2A94-59F00D78BBDE} - C:\Program Files\WindowsUpdate\quzaletun.dll
    O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\awtqnkh.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\augjvpsf.dll (file missing)
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [3cd8c406] rundll32.exe "C:\WINDOWS\System32\tqijbkqm.dll",b
    O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
    O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "F:\daemon tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Aaaa] "C:\DOCUME~1\Benjamin\APPLIC~1\RACLE~1\dexplore.exe" -vt yazb
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKCU\..\Run: [Fgrkoel] "C:\Documents and Settings\Benjamin\Application Data\?racle\?ti2evxx.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
    O20 - Winlogon Notify: augjvpsf - augjvpsf.dll (file missing)
    O20 - Winlogon Notify: awtqnkh - C:\WINDOWS\SYSTEM32\awtqnkh.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\txttjxav.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
    O23 - Service: Microsoft register shield - Unknown owner - C:\WINDOWS\Mrshield.exe (file missing)
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe (file missing)
    O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rtejezanem.html
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut sophie

    je m excuse aussi pour le delay, je suis en vacances et il m est difficile de me connecter...

    tu est encore pas mal infecte .-(

    refais combofix et post le resultat ici

    a+
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. sophie
     
    salut g!rly, voici le rapport combofix, mon pac rame pas mal....

    ComboFix 07-12-20.1 - Benjamin 2007-12-20 9:49:11.14 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.115 [GMT 1:00]
    Running from: C:\Documents and Settings\Benjamin\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Benjamin\Application Data\RACLE~1
    C:\Documents and Settings\Benjamin\Application Data\RACLE~1\?racle\
    C:\Documents and Settings\Benjamin\Application Data\RACLE~1\?ti2evxx.exe
    C:\Documents and Settings\Benjamin\Application Data\RACLE~1\dexplore.exe
    C:\Documents and Settings\Benjamin\Application Data\WinTouch\wintouch.cfg
    C:\Documents and Settings\Benjamin\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Benjamin\Application Data\WinTouch\WTUninstaller.exe
    C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Outerinfo
    C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Program Files\Internet Explorer\menorus4444.dll
    C:\Program Files\Internet Explorer\menorus83122.dll
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\FF.dll
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\WindowsUpdate\quzaletun.dll
    C:\Program Files\WindowsUpdate\quzaletun589.dll
    C:\Program Files\WindowsUpdate\quzaletun741.dll
    C:\Program Files\WindowsUpdate\quzaletun746.dll
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files.\xpreload.ocx
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\8_exception.nls
    C:\WINDOWS\system32\alniwfpl.ini
    C:\WINDOWS\system32\ambishjy.dll
    C:\WINDOWS\system32\awtqnkh.dll
    C:\WINDOWS\system32\awtqqol.dll
    C:\WINDOWS\system32\awtqqqo.dll
    C:\WINDOWS\system32\byxvuuu.dll
    C:\WINDOWS\system32\byxwtqn.dll
    C:\WINDOWS\system32\cbxuvtq.dll
    C:\WINDOWS\system32\cdkhnsoy.dll
    C:\WINDOWS\system32\csrs.exe
    C:\WINDOWS\system32\eqsjwdsk.dll
    C:\WINDOWS\system32\fccdecd.dll
    C:\WINDOWS\system32\gayuibdt.dll
    C:\WINDOWS\system32\hggffeb.dll
    C:\WINDOWS\system32\hmlyocym.dll
    C:\WINDOWS\system32\iexplore.exe
    C:\WINDOWS\system32\jkkllmj.dll
    C:\WINDOWS\system32\krngnaue.exe
    C:\WINDOWS\system32\ljjghfe.dll
    C:\WINDOWS\system32\ljjhhgh.dll
    C:\WINDOWS\system32\losfgadc.exe
    C:\WINDOWS\system32\lpfwinla.dll
    C:\WINDOWS\system32\mpqss.ini
    C:\WINDOWS\system32\mpqss.ini2
    C:\WINDOWS\system32\nnnmmjk.dll
    C:\WINDOWS\system32\ntemkwrf.dll
    C:\WINDOWS\system32\onrygumk.dll
    C:\WINDOWS\system32\opnkheb.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\pevfbaip.ini
    C:\WINDOWS\system32\pgsfhyop.exe
    C:\WINDOWS\system32\piabfvep.dll
    C:\WINDOWS\system32\qomjkjg.dll
    C:\WINDOWS\system32\rqrqpnk.dll
    C:\WINDOWS\system32\rqrrrpo.dll
    C:\WINDOWS\System32\ssqpm.dll
    C:\WINDOWS\system32\tuvsqrr.dll
    C:\WINDOWS\system32\uibkebkq.dll
    C:\WINDOWS\system32\urqnlii.dll
    C:\WINDOWS\system32\urqnlmk.dll
    C:\WINDOWS\system32\vtstssr.dll
    C:\WINDOWS\system32\vtubwjoc.dll
    C:\WINDOWS\system32\vturrqn.dll
    C:\WINDOWS\system32\vtuvuuu.dll
    C:\WINDOWS\system32\wcpsvcc.exe
    C:\WINDOWS\system32\xwpadxbd.dll
    C:\WINDOWS\system32\xxyvvut.dll
    C:\WINDOWS\system32\yayawvu.dll
    C:\WINDOWS\system32\yayywxw.dll
    C:\WINDOWS\system32\ydx.dll
    C:\WINDOWS\system32\yjhsibma.ini
    C:\WINDOWS\TEMP\125109.exe
    C:\WINDOWS\TEMP\125296.exe
    C:\WINDOWS\TEMP\125312.exe
    C:\WINDOWS\tk58.exe
    C:\WINDOWS\TTC-4444.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\LEGACY_RUNTIME
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-20 09:34 . 2007-12-20 09:34 32,456 --a------ C:\WINDOWS\system32\sqmvapp.exe
    2007-12-20 09:34 . 2007-12-20 09:34 32,456 --a------ C:\WINDOWS\system32\cbyjlbl.exe
    2007-12-20 01:08 . 2007-12-20 01:08 32,456 --a------ C:\WINDOWS\system32\nxdosv.exe
    2007-12-20 01:07 . 2007-12-20 01:07 32,456 --a------ C:\WINDOWS\system32\ggohnxzg.exe
    2007-12-19 17:45 . 2007-12-19 17:45 32,456 --a------ C:\WINDOWS\system32\beon.exe
    2007-12-19 17:44 . 2007-12-19 17:44 32,456 --a------ C:\WINDOWS\system32\ojnuiof.exe
    2007-12-19 16:49 . 2007-12-19 16:49 32,456 --a------ C:\WINDOWS\system32\mglhxmyr.exe
    2007-12-19 16:48 . 2007-12-19 16:48 32,456 --a------ C:\WINDOWS\system32\ptzoiy.exe
    2007-12-19 16:44 . 2007-12-19 16:44 32,456 --a------ C:\WINDOWS\system32\ypyi.exe
    2007-12-19 16:44 . 2007-12-19 16:44 32,456 --a------ C:\WINDOWS\system32\opvpobwe.exe
    2007-12-19 16:42 . 2007-12-19 16:42 0 --ah----- C:\WINDOWS\system32\giznwa.exe
    2007-12-19 15:08 . 2007-12-19 15:08 32,456 --a------ C:\WINDOWS\system32\aymdg.exe
    2007-12-19 15:07 . 2007-12-19 15:07 76,540 --a------ C:\WINDOWS\system32\xbpe.exe
    2007-12-19 15:07 . 2007-12-19 15:07 32,456 --a------ C:\WINDOWS\system32\tcmauz.exe
    2007-12-19 15:07 . 2007-12-19 15:07 32,456 --a------ C:\WINDOWS\system32\fkwf.exe
    2007-12-19 15:07 . 2007-12-19 15:07 9,296 --a------ C:\i2n4r9g1l2.exe
    2007-12-19 15:07 . 2007-12-19 15:07 114 --a------ C:\WINDOWS\system32\wheb.bat
    2007-12-19 09:56 . 2007-12-20 10:02 21,760 --a------ C:\WINDOWS\Qvb40.sys
    2007-12-19 09:42 . 2007-12-19 09:42 32,456 --a------ C:\WINDOWS\system32\vanmzja.exe
    2007-12-19 09:28 . 2007-12-19 09:28 32,456 --a------ C:\WINDOWS\system32\miear.exe
    2007-12-19 09:28 . 2007-12-19 09:28 32,456 --a------ C:\WINDOWS\system32\heppjcbe.exe
    2007-12-19 09:26 . 2007-12-19 09:26 32,456 --a------ C:\WINDOWS\system32\wtheivsm.exe
    2007-12-19 00:30 . 2007-12-19 00:30 32,456 --a------ C:\WINDOWS\system32\lgzrs.exe
    2007-12-19 00:30 . 2007-12-19 00:30 32,456 --a------ C:\WINDOWS\system32\fwjqa.exe
    2007-12-19 00:25 . 2007-12-19 00:25 32,456 --a------ C:\WINDOWS\system32\lluxki.exe
    2007-12-19 00:25 . 2007-12-19 00:25 32,456 --a------ C:\WINDOWS\system32\gxoumd.exe
    2007-12-19 00:22 . 2007-12-19 16:48 548,510 --a------ C:\WINDOWS\Britney_Spears_jpg.zip
    2007-12-19 00:22 . 2007-12-19 16:51 40,960 --a------ C:\6i2n4r9g1l2.exe
    2007-12-19 00:19 . 2007-12-19 00:19 32,456 --a------ C:\WINDOWS\system32\auzrfnm.exe
    2007-12-19 00:14 . 2007-12-19 00:14 1,460 --ah----- C:\WINDOWS\system32\jrahnth.exe
    2007-12-17 11:41 . 2007-12-17 13:23 0 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-12-17 11:40 . 2007-12-19 00:24 21,760 --a------ C:\WINDOWS\system32\drivers\Qvb40.sys
    2007-12-15 15:48 . 2007-12-15 17:10 <REP> d--hs---- C:\WINDOWS\QmVuamk
    2007-12-15 15:47 . 2007-12-15 15:47 <REP> d-------- C:\WINDOWS\system32\rey2
    2007-12-15 15:47 . 2007-12-17 14:16 <REP> d-------- C:\WINDOWS\system32\ref1
    2007-12-15 15:47 . 2007-12-15 15:47 <REP> d-------- C:\WINDOWS\system32\ineWc01
    2007-12-15 15:47 . 2007-12-15 15:48 <REP> d-------- C:\Temp\tpBe12
    2007-12-15 15:47 . 2007-12-20 10:00 <REP> d-------- C:\Temp
    2007-12-15 10:38 . 2007-12-17 13:22 952,752 ---hs---- C:\WINDOWS\system32\mqkbjiqt.ini
    2007-12-14 14:18 . 2007-12-15 09:22 941,585 ---hs---- C:\WINDOWS\system32\aculifcu.ini
    2007-12-13 11:46 . 2007-12-13 11:46 929,496 ---hs---- C:\WINDOWS\system32\shfimyre.ini
    2007-12-12 11:56 . 2007-12-12 11:56 66,055 --ah----- C:\WINDOWS\system32\swbz.exe
    2007-12-12 11:45 . 2007-12-13 08:37 913,965 ---hs---- C:\WINDOWS\system32\gewofray.ini
    2007-12-12 01:59 . 2007-12-12 01:59 127 --a------ C:\WINDOWS\system32\ftyig.bat
    2007-12-11 21:36 . 2007-12-12 01:59 913,442 ---hs---- C:\WINDOWS\system32\glncpxjj.ini
    2007-12-11 17:35 . 2007-12-11 17:35 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-11 17:35 . 2007-12-11 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-11 17:34 . 2007-12-11 17:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-11 11:01 . 2007-12-11 11:01 148 --a------ C:\WINDOWS\wininit.ini
    2007-12-10 19:32 . 2007-12-11 21:33 897,204 ---hs---- C:\WINDOWS\system32\nakguggi.ini
    2007-12-10 10:11 . 2007-12-10 10:11 66,055 --ah----- C:\WINDOWS\system32\jpxbfwr.exe
    2007-12-10 09:35 . 2007-02-09 10:26 184,320 --a------ C:\WINDOWS\system32\delnext.exe
    2007-12-10 09:35 . 2005-03-11 04:29 82,188 --a------ C:\WINDOWS\system32\zip.exe
    2007-12-09 23:01 . 2007-12-09 23:01 <REP> d-------- C:\Documents and Settings\Benjamin\Application Data\Grisoft
    2007-12-09 23:00 . 2007-12-09 23:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-08 19:22 . 2007-12-08 19:22 <REP> d-------- C:\Program Files\Avira
    2007-12-08 19:06 . 2007-12-08 19:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-08 17:54 . 2007-12-08 17:54 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-12-08 17:46 . 2007-12-08 17:47 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-12-08 16:13 . 2007-12-19 00:22 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
    2007-12-07 21:18 . 2007-12-07 21:18 <REP> d-------- C:\WINDOWS\ERUNT
    2007-12-07 21:16 . 2007-12-20 09:55 12,798 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
    2007-12-06 16:51 . 2007-12-06 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-06 16:51 . 2007-12-06 16:51 7,467,056 --a------ C:\spybotsd15.exe
    2007-12-05 18:32 . 2007-12-05 18:32 <REP> d-------- C:\WINDOWS\system32\daSgo01

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-20 09:04 --------- d-----w C:\Documents and Settings\Benjamin\Application Data\utorrent
    2007-12-19 15:48 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
    2007-12-19 15:48 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2007-12-17 12:22 --------- d-----w C:\Program Files\uTorrent
    2007-12-12 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-12 16:08 --------- d-----w C:\Program Files\EA GAMES
    2007-12-12 16:05 --------- d-----w C:\Program Files\GameSpy Arcade
    2007-12-06 15:30 135,168 ----a-w C:\WINDOWS\system32\sfc_os.dll
    2007-12-05 15:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-05 15:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-23 09:11 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2007-11-23 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-11-23 09:08 --------- d-----w C:\Program Files\CyberLink
    2007-11-19 08:09 --------- d-----w C:\Documents and Settings\Benjamin\Application Data\BSplayer Pro
    2007-11-16 16:08 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-24 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-30 20:01 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-04-12 14:50 44,912 ----a-w C:\Documents and Settings\Benjamin\Application Data\GDIPFONTCACHEV1.DAT
    2007-02-07 20:56 645,670 ----a-w C:\Program Files\uTorrent-1.6-install.exe
    2006-12-17 09:53 16,277,288 ----a-w C:\Program Files\Install_Messenger.exe
    2005-07-29 15:24 472 --sha-r C:\WINDOWS\QmVuamk\kApRuA4.vbs
    2005-05-19 17:25 56 --sh--r C:\WINDOWS\system32\E6766994AD.sys
    2006-08-20 20:17 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
    "µTorrent"="C:\Program Files\utorrent\utorrent.exe" [2006-07-02 17:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 18:47]
    "DAEMON Tools"="F:\daemon tools\daemon.exe" [2007-09-18 15:16]
    "Fgrkoel"="C:\Documents and Settings\Benjamin\Application Data\?racle\?ti2evxx.exe" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18]
    "Aaaa"="C:\DOCUME~1\Benjamin\APPLIC~1\RACLE~1\dexplore.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE]
    "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" []
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-08 23:50]
    "Application Layer Gateway Service"="C:\WINDOWS\System32\algs.exe" []
    "Client Server Runtime Process"="C:\WINDOWS\System32\csrs.exe" []
    "Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" []
    "Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" [2002-08-29 12:45]
    "Advanced DHTML Enable"="C:\WINDOWS\System32\sqmvapp.exe" [2007-12-20 09:34]
    "svchost.exe"="C:\WINDOWS\svchost.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 12:45]

    R0 Qvb40;Qvb40;C:\WINDOWS\System32\Drivers\Qvb40.sys [2007-12-19 00:24]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 00:54]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 15:00]
    R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
    S2 Microsoft register shield;Microsoft register shield;"C:\WINDOWS\Mrshield.exe" []
    S3 Brndis;External USB Cable Modem;C:\WINDOWS\System32\DRIVERS\Brndis.sys [2004-02-06 05:44]
    S3 VX1000;VX-1000;C:\WINDOWS\System32\DRIVERS\VX1000.sys [2006-06-30 00:42]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-19 15:00:05 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
    - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-20 10:04:13
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
    -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
    .
    Completion time: 2007-12-20 10:05:51 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-09 22:07
    C:\ComboFix3.txt ... 2007-12-08 18:23
    0
  6. sophie
     
    salut g!rly, voici le rapport combofix, mon pac rame pas mal....

    ComboFix 07-12-20.1 - Benjamin 2007-12-20 9:49:11.14 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.115 [GMT 1:00]
    Running from: C:\Documents and Settings\Benjamin\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Benjamin\Application Data\RACLE~1
    C:\Documents and Settings\Benjamin\Application Data\RACLE~1\?racle\
    C:\Documents and Settings\Benjamin\Application Data\RACLE~1\?ti2evxx.exe
    C:\Documents and Settings\Benjamin\Application Data\RACLE~1\dexplore.exe
    C:\Documents and Settings\Benjamin\Application Data\WinTouch\wintouch.cfg
    C:\Documents and Settings\Benjamin\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Benjamin\Application Data\WinTouch\WTUninstaller.exe
    C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Outerinfo
    C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Program Files\Internet Explorer\menorus4444.dll
    C:\Program Files\Internet Explorer\menorus83122.dll
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\FF.dll
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\WindowsUpdate\quzaletun.dll
    C:\Program Files\WindowsUpdate\quzaletun589.dll
    C:\Program Files\WindowsUpdate\quzaletun741.dll
    C:\Program Files\WindowsUpdate\quzaletun746.dll
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files.\xpreload.ocx
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\8_exception.nls
    C:\WINDOWS\system32\alniwfpl.ini
    C:\WINDOWS\system32\ambishjy.dll
    C:\WINDOWS\system32\awtqnkh.dll
    C:\WINDOWS\system32\awtqqol.dll
    C:\WINDOWS\system32\awtqqqo.dll
    C:\WINDOWS\system32\byxvuuu.dll
    C:\WINDOWS\system32\byxwtqn.dll
    C:\WINDOWS\system32\cbxuvtq.dll
    C:\WINDOWS\system32\cdkhnsoy.dll
    C:\WINDOWS\system32\csrs.exe
    C:\WINDOWS\system32\eqsjwdsk.dll
    C:\WINDOWS\system32\fccdecd.dll
    C:\WINDOWS\system32\gayuibdt.dll
    C:\WINDOWS\system32\hggffeb.dll
    C:\WINDOWS\system32\hmlyocym.dll
    C:\WINDOWS\system32\iexplore.exe
    C:\WINDOWS\system32\jkkllmj.dll
    C:\WINDOWS\system32\krngnaue.exe
    C:\WINDOWS\system32\ljjghfe.dll
    C:\WINDOWS\system32\ljjhhgh.dll
    C:\WINDOWS\system32\losfgadc.exe
    C:\WINDOWS\system32\lpfwinla.dll
    C:\WINDOWS\system32\mpqss.ini
    C:\WINDOWS\system32\mpqss.ini2
    C:\WINDOWS\system32\nnnmmjk.dll
    C:\WINDOWS\system32\ntemkwrf.dll
    C:\WINDOWS\system32\onrygumk.dll
    C:\WINDOWS\system32\opnkheb.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\pevfbaip.ini
    C:\WINDOWS\system32\pgsfhyop.exe
    C:\WINDOWS\system32\piabfvep.dll
    C:\WINDOWS\system32\qomjkjg.dll
    C:\WINDOWS\system32\rqrqpnk.dll
    C:\WINDOWS\system32\rqrrrpo.dll
    C:\WINDOWS\System32\ssqpm.dll
    C:\WINDOWS\system32\tuvsqrr.dll
    C:\WINDOWS\system32\uibkebkq.dll
    C:\WINDOWS\system32\urqnlii.dll
    C:\WINDOWS\system32\urqnlmk.dll
    C:\WINDOWS\system32\vtstssr.dll
    C:\WINDOWS\system32\vtubwjoc.dll
    C:\WINDOWS\system32\vturrqn.dll
    C:\WINDOWS\system32\vtuvuuu.dll
    C:\WINDOWS\system32\wcpsvcc.exe
    C:\WINDOWS\system32\xwpadxbd.dll
    C:\WINDOWS\system32\xxyvvut.dll
    C:\WINDOWS\system32\yayawvu.dll
    C:\WINDOWS\system32\yayywxw.dll
    C:\WINDOWS\system32\ydx.dll
    C:\WINDOWS\system32\yjhsibma.ini
    C:\WINDOWS\TEMP\125109.exe
    C:\WINDOWS\TEMP\125296.exe
    C:\WINDOWS\TEMP\125312.exe
    C:\WINDOWS\tk58.exe
    C:\WINDOWS\TTC-4444.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\LEGACY_RUNTIME
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-20 09:34 . 2007-12-20 09:34 32,456 --a------ C:\WINDOWS\system32\sqmvapp.exe
    2007-12-20 09:34 . 2007-12-20 09:34 32,456 --a------ C:\WINDOWS\system32\cbyjlbl.exe
    2007-12-20 01:08 . 2007-12-20 01:08 32,456 --a------ C:\WINDOWS\system32\nxdosv.exe
    2007-12-20 01:07 . 2007-12-20 01:07 32,456 --a------ C:\WINDOWS\system32\ggohnxzg.exe
    2007-12-19 17:45 . 2007-12-19 17:45 32,456 --a------ C:\WINDOWS\system32\beon.exe
    2007-12-19 17:44 . 2007-12-19 17:44 32,456 --a------ C:\WINDOWS\system32\ojnuiof.exe
    2007-12-19 16:49 . 2007-12-19 16:49 32,456 --a------ C:\WINDOWS\system32\mglhxmyr.exe
    2007-12-19 16:48 . 2007-12-19 16:48 32,456 --a------ C:\WINDOWS\system32\ptzoiy.exe
    2007-12-19 16:44 . 2007-12-19 16:44 32,456 --a------ C:\WINDOWS\system32\ypyi.exe
    2007-12-19 16:44 . 2007-12-19 16:44 32,456 --a------ C:\WINDOWS\system32\opvpobwe.exe
    2007-12-19 16:42 . 2007-12-19 16:42 0 --ah----- C:\WINDOWS\system32\giznwa.exe
    2007-12-19 15:08 . 2007-12-19 15:08 32,456 --a------ C:\WINDOWS\system32\aymdg.exe
    2007-12-19 15:07 . 2007-12-19 15:07 76,540 --a------ C:\WINDOWS\system32\xbpe.exe
    2007-12-19 15:07 . 2007-12-19 15:07 32,456 --a------ C:\WINDOWS\system32\tcmauz.exe
    2007-12-19 15:07 . 2007-12-19 15:07 32,456 --a------ C:\WINDOWS\system32\fkwf.exe
    2007-12-19 15:07 . 2007-12-19 15:07 9,296 --a------ C:\i2n4r9g1l2.exe
    2007-12-19 15:07 . 2007-12-19 15:07 114 --a------ C:\WINDOWS\system32\wheb.bat
    2007-12-19 09:56 . 2007-12-20 10:02 21,760 --a------ C:\WINDOWS\Qvb40.sys
    2007-12-19 09:42 . 2007-12-19 09:42 32,456 --a------ C:\WINDOWS\system32\vanmzja.exe
    2007-12-19 09:28 . 2007-12-19 09:28 32,456 --a------ C:\WINDOWS\system32\miear.exe
    2007-12-19 09:28 . 2007-12-19 09:28 32,456 --a------ C:\WINDOWS\system32\heppjcbe.exe
    2007-12-19 09:26 . 2007-12-19 09:26 32,456 --a------ C:\WINDOWS\system32\wtheivsm.exe
    2007-12-19 00:30 . 2007-12-19 00:30 32,456 --a------ C:\WINDOWS\system32\lgzrs.exe
    2007-12-19 00:30 . 2007-12-19 00:30 32,456 --a------ C:\WINDOWS\system32\fwjqa.exe
    2007-12-19 00:25 . 2007-12-19 00:25 32,456 --a------ C:\WINDOWS\system32\lluxki.exe
    2007-12-19 00:25 . 2007-12-19 00:25 32,456 --a------ C:\WINDOWS\system32\gxoumd.exe
    2007-12-19 00:22 . 2007-12-19 16:48 548,510 --a------ C:\WINDOWS\Britney_Spears_jpg.zip
    2007-12-19 00:22 . 2007-12-19 16:51 40,960 --a------ C:\6i2n4r9g1l2.exe
    2007-12-19 00:19 . 2007-12-19 00:19 32,456 --a------ C:\WINDOWS\system32\auzrfnm.exe
    2007-12-19 00:14 . 2007-12-19 00:14 1,460 --ah----- C:\WINDOWS\system32\jrahnth.exe
    2007-12-17 11:41 . 2007-12-17 13:23 0 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-12-17 11:40 . 2007-12-19 00:24 21,760 --a------ C:\WINDOWS\system32\drivers\Qvb40.sys
    2007-12-15 15:48 . 2007-12-15 17:10 <REP> d--hs---- C:\WINDOWS\QmVuamk
    2007-12-15 15:47 . 2007-12-15 15:47 <REP> d-------- C:\WINDOWS\system32\rey2
    2007-12-15 15:47 . 2007-12-17 14:16 <REP> d-------- C:\WINDOWS\system32\ref1
    2007-12-15 15:47 . 2007-12-15 15:47 <REP> d-------- C:\WINDOWS\system32\ineWc01
    2007-12-15 15:47 . 2007-12-15 15:48 <REP> d-------- C:\Temp\tpBe12
    2007-12-15 15:47 . 2007-12-20 10:00 <REP> d-------- C:\Temp
    2007-12-15 10:38 . 2007-12-17 13:22 952,752 ---hs---- C:\WINDOWS\system32\mqkbjiqt.ini
    2007-12-14 14:18 . 2007-12-15 09:22 941,585 ---hs---- C:\WINDOWS\system32\aculifcu.ini
    2007-12-13 11:46 . 2007-12-13 11:46 929,496 ---hs---- C:\WINDOWS\system32\shfimyre.ini
    2007-12-12 11:56 . 2007-12-12 11:56 66,055 --ah----- C:\WINDOWS\system32\swbz.exe
    2007-12-12 11:45 . 2007-12-13 08:37 913,965 ---hs---- C:\WINDOWS\system32\gewofray.ini
    2007-12-12 01:59 . 2007-12-12 01:59 127 --a------ C:\WINDOWS\system32\ftyig.bat
    2007-12-11 21:36 . 2007-12-12 01:59 913,442 ---hs---- C:\WINDOWS\system32\glncpxjj.ini
    2007-12-11 17:35 . 2007-12-11 17:35 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-11 17:35 . 2007-12-11 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-11 17:34 . 2007-12-11 17:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-11 11:01 . 2007-12-11 11:01 148 --a------ C:\WINDOWS\wininit.ini
    2007-12-10 19:32 . 2007-12-11 21:33 897,204 ---hs---- C:\WINDOWS\system32\nakguggi.ini
    2007-12-10 10:11 . 2007-12-10 10:11 66,055 --ah----- C:\WINDOWS\system32\jpxbfwr.exe
    2007-12-10 09:35 . 2007-02-09 10:26 184,320 --a------ C:\WINDOWS\system32\delnext.exe
    2007-12-10 09:35 . 2005-03-11 04:29 82,188 --a------ C:\WINDOWS\system32\zip.exe
    2007-12-09 23:01 . 2007-12-09 23:01 <REP> d-------- C:\Documents and Settings\Benjamin\Application Data\Grisoft
    2007-12-09 23:00 . 2007-12-09 23:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-08 19:22 . 2007-12-08 19:22 <REP> d-------- C:\Program Files\Avira
    2007-12-08 19:06 . 2007-12-08 19:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-08 17:54 . 2007-12-08 17:54 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-12-08 17:46 . 2007-12-08 17:47 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-12-08 16:13 . 2007-12-19 00:22 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
    2007-12-07 21:18 . 2007-12-07 21:18 <REP> d-------- C:\WINDOWS\ERUNT
    2007-12-07 21:16 . 2007-12-20 09:55 12,798 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
    2007-12-06 16:51 . 2007-12-06 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-06 16:51 . 2007-12-06 16:51 7,467,056 --a------ C:\spybotsd15.exe
    2007-12-05 18:32 . 2007-12-05 18:32 <REP> d-------- C:\WINDOWS\system32\daSgo01

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-20 09:04 --------- d-----w C:\Documents and Settings\Benjamin\Application Data\utorrent
    2007-12-19 15:48 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
    2007-12-19 15:48 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2007-12-17 12:22 --------- d-----w C:\Program Files\uTorrent
    2007-12-12 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-12 16:08 --------- d-----w C:\Program Files\EA GAMES
    2007-12-12 16:05 --------- d-----w C:\Program Files\GameSpy Arcade
    2007-12-06 15:30 135,168 ----a-w C:\WINDOWS\system32\sfc_os.dll
    2007-12-05 15:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-05 15:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-23 09:11 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2007-11-23 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-11-23 09:08 --------- d-----w C:\Program Files\CyberLink
    2007-11-19 08:09 --------- d-----w C:\Documents and Settings\Benjamin\Application Data\BSplayer Pro
    2007-11-16 16:08 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-24 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-30 20:01 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-04-12 14:50 44,912 ----a-w C:\Documents and Settings\Benjamin\Application Data\GDIPFONTCACHEV1.DAT
    2007-02-07 20:56 645,670 ----a-w C:\Program Files\uTorrent-1.6-install.exe
    2006-12-17 09:53 16,277,288 ----a-w C:\Program Files\Install_Messenger.exe
    2005-07-29 15:24 472 --sha-r C:\WINDOWS\QmVuamk\kApRuA4.vbs
    2005-05-19 17:25 56 --sh--r C:\WINDOWS\system32\E6766994AD.sys
    2006-08-20 20:17 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
    "µTorrent"="C:\Program Files\utorrent\utorrent.exe" [2006-07-02 17:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 18:47]
    "DAEMON Tools"="F:\daemon tools\daemon.exe" [2007-09-18 15:16]
    "Fgrkoel"="C:\Documents and Settings\Benjamin\Application Data\?racle\?ti2evxx.exe" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18]
    "Aaaa"="C:\DOCUME~1\Benjamin\APPLIC~1\RACLE~1\dexplore.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE]
    "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" []
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-08 23:50]
    "Application Layer Gateway Service"="C:\WINDOWS\System32\algs.exe" []
    "Client Server Runtime Process"="C:\WINDOWS\System32\csrs.exe" []
    "Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" []
    "Local Security Authority Service"="C:\WINDOWS\System32\lssas.exe" [2002-08-29 12:45]
    "Advanced DHTML Enable"="C:\WINDOWS\System32\sqmvapp.exe" [2007-12-20 09:34]
    "svchost.exe"="C:\WINDOWS\svchost.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 12:45]

    R0 Qvb40;Qvb40;C:\WINDOWS\System32\Drivers\Qvb40.sys [2007-12-19 00:24]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 00:54]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2001-08-28 15:00]
    R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
    S2 Microsoft register shield;Microsoft register shield;"C:\WINDOWS\Mrshield.exe" []
    S3 Brndis;External USB Cable Modem;C:\WINDOWS\System32\DRIVERS\Brndis.sys [2004-02-06 05:44]
    S3 VX1000;VX-1000;C:\WINDOWS\System32\DRIVERS\VX1000.sys [2006-06-30 00:42]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-19 15:00:05 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
    - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-20 10:04:13
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
    -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
    .
    Completion time: 2007-12-20 10:05:51 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-09 22:07
    C:\ComboFix3.txt ... 2007-12-08 18:23
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonsoir sophie,

    je te souhaite tout d´abord une bonne année 2008 ;-)

    je viens tout juste de rentré de vacances...

    ton pc ne semble pas tenir la grande forme ;-(

    peux tu poster un nouveau hijack this ansi qu´un nouveau combofix stp

    @+
    0
  8. sophie
     
    Salut g!rly,

    Trés bonne année à toi aussi!
    En fait j'ai fini par formater mon pc qui ni ne répondait plus de rien! Maintenant tout va bien alors je te remercie beaucoup pour ton aide et j'espère ne plus en avoir besoin maintenant!
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    merci,

    de rien,

    on touche du bois ;-)

    bye`
    0
  10. cob4ever
     
    Scan saved at 18:59:29, on 10/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Program Files\Hotkey Management\FuncKey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\iobmmqgbc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Documents and Settings\Christophe Midot\Mes documents\cob4ever\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
    O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [iobmmqgbc] C:\WINDOWS\system32\iobmmqgbc.exe
    O4 - HKLM\..\RunServices: [iobmmqgbc] C:\WINDOWS\system32\iobmmqgbc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454093 10
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://cab.contraviruspro.com/install1.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Print Spooler Service (qwgy2uoieyfug) - Unknown owner - C:\WINDOWS\system32\iobmmqgbc.exe
    0
  11. cob4ever
     
    C:\Documents and Settings\Christophe Midot\Mes documents\cob4ever\MSNFix
    Fix exécuté le 10/03/2008 - 19:36:52,53 By Christophe Midot
    mode normal

    ************************ Recherche les fichiers présents

    Aucun Fichier trouvé

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    ************************ Nettoyage du registre

    ************************ Fichiers suspects

    Aucun Fichier trouvé

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10032008_19373298.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    j´arrives pas a dormir ;-(
    0
    1. Utilisateur anonyme
       
      normal!!!tu m'as pas invité a ta party^^
      0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    on a regardé que des photos, tu parles d´une soirée LOL
    0
    1. Utilisateur anonyme
       
      et? le profil alors ?????????^^lol
      0
  14. Flore
     
    msn fix n'a pas marché pour moi, c'est de l'arnaque...=(
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    msnfix est loin d´etre une arnaque!
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    T´es d´accord, a la bonne heure ! LOL
    0
    1. Utilisateur anonyme
       
      ^^
      0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    hi hi
    0
Précédent
  • 1
  • 2
  • 3