Fenêtres publicitaires Résolu

Question

Bonjour,

J'ai un problème avec les fenêtres publicitaires qui apparaissent dès que je me connecte sur Internet.
Il s'agit de fenetres CID mais il y en a d'autres (casino, loterie, sites de rencontres, 3 suisses, orange,....). J'ai lu que cela provenait de MSN Plus! je l'ai donc supprimé mais les fenêtres sont toujours là!! 

J'ai lu qu'il y avait plusieurs logiciels tel que HijackThis,... est-il bon??

Je dispose de avast!, ccleaner, ad-aware mais rien n'y fait!!

SI quelqu'un pouvait m'aider svp!! Au secours, j'en peut plus de ces fenetres!!

ep44 · Answer

Bonsoir 

Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.exe

Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )

( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

ep44 · Answer

ici ;-)

Relance LOP S&D d'Eric71

Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré (situé aussi ici C:\lopR.txt )

( Si le Bureau ne réapparaît pas , lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

ep44 · Answer

très bien 

un beau nettoyage ;-)

Télécharge sur le Bureau HijackThis  

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

= Double-clic dessus pour l'installer 
= Clic Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

@+

ep44 · Answer

on continu

Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+

ep44 · Answer

Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe
C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe
C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

ep44 · Answer

Bonsoir 

Refais un nouveau HijackThis stp

@+

ep44 · Answer

OK on passe à autre chose 

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu,antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé. 
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt 



@+

ep44 · Answer

Je n'avais pas fait attention à ton message 
continu

docfrancky · Answer

--------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz )
   BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
   USER : Francky ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 080923-0] 4.8.1229 (Activated)
   C:\ (Local Disk) - NTFS - Total : 287 Go Free : 211 Go
   D:\ (Local Disk) - NTFS - Total : 10 Go Free : 1 Go
   E:\ (CD or DVD) - UDF - Total : 0 Go Free : 0 Go
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [1] ( 23/09/2008|20:14 )

   [ UAC => 1 ]
 
   --------------------\  Listing des dossiers dans Local  

   [07/06/2008|12:02] C:\Users\Francky\AppData\Local\{C98C229E-62B4-4551-B6D4-521A7B2D16EC}
   [03/03/2008|17:15] C:\Users\Francky\AppData\Local\{D44E6FA3-EFAC-4D55-9B31-03C5018FDC32}
   [27/02/2008|20:29] C:\Users\Francky\AppData\Local\Adobe
   [27/02/2008|17:54] C:\Users\Francky\AppData\Local\Application Data 
   [27/02/2008|18:03] C:\Users\Francky\AppData\Local\ATI
   [07/06/2008|11:57] C:\Users\Francky\AppData\Local\d3d9caps.dat
   [23/09/2008|08:06] C:\Users\Francky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [11/09/2008|18:02] C:\Users\Francky\AppData\Local\Downloaded Installations
   [03/07/2008|19:45] C:\Users\Francky\AppData\Local\eMule
   [22/09/2008|13:40] C:\Users\Francky\AppData\Local\GDIPFONTCACHEV1.DAT
   [12/03/2008|23:24] C:\Users\Francky\AppData\Local\Google
   [27/02/2008|18:03] C:\Users\Francky\AppData\Local\Hewlett-Packard
   [27/02/2008|17:54] C:\Users\Francky\AppData\Local\Historique 
   [13/09/2008|13:14] C:\Users\Francky\AppData\Local\HP Guide
   [23/09/2008|19:53] C:\Users\Francky\AppData\Local\IconCache.db
   [17/04/2008|09:48] C:\Users\Francky\AppData\Local\jkdlfsdee.dat
   [04/04/2008|19:12] C:\Users\Francky\AppData\Local\jkdlfsdee_nav.dat
   [17/04/2008|09:48] C:\Users\Francky\AppData\Local\jkdlfsdee_navps.dat
   [06/07/2008|19:24] C:\Users\Francky\AppData\Local\Microsoft
   [20/07/2008|00:09] C:\Users\Francky\AppData\Local\Microsoft Games
   [14/03/2008|16:37] C:\Users\Francky\AppData\Local\Microsoft Help
   [23/09/2008|19:40] C:\Users\Francky\AppData\Local\Mozilla
   [01/09/2008|12:21] C:\Users\Francky\AppData\Local\Pando
   [16/04/2008|14:53] C:\Users\Francky\AppData\Local\qkmhqtnq.bat
   [14/03/2008|16:40] C:\Users\Francky\AppData\Local\Seven Zip
   [23/09/2008|20:13] C:\Users\Francky\AppData\Local\Temp
   [27/02/2008|17:54] C:\Users\Francky\AppData\Local\Temporary Internet Files 
   [14/04/2008|15:25] C:\Users\Francky\AppData\Local\VirtualStore
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [23/09/2008 19:55][--a------] C:\Windows	asks\Norton Security Scan.job
   [22/09/2008 13:44][--a------] C:\Windows	asks\Maintenance en 1 clic.job
   [23/09/2008 19:55][--ah-----] C:\Windows	asks\SA.DAT
   [23/09/2008 19:53][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [26/03/2008|10:24] C:\ProgramData\Adobe
   [30/08/2008|12:48] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data 
   [07/12/2007|19:56] C:\ProgramData\ATI
   [15/09/2008|23:42] C:\ProgramData\Barbmathmath.8jbmqlq
   [15/09/2008|23:42] C:\ProgramData\Barbmathmath.zj4ie
   [27/02/2008|17:49] C:\ProgramData\Bureau 
   [15/09/2008|23:42] C:\ProgramData\comp two long internet
   [14/08/2008|11:41] C:\ProgramData\CR2006
   [28/03/2008|14:45] C:\ProgramData\CyberLink
   [15/09/2008|23:42] C:\ProgramData\Date roam 64.cnop5zb
   [02/11/2006|15:02] C:\ProgramData\Desktop 
   [02/11/2006|15:02] C:\ProgramData\Documents 
   [11/09/2008|18:09] C:\ProgramData\Electronic Arts
   [03/07/2008|19:45] C:\ProgramData\eMule
   [27/02/2008|18:32] C:\ProgramData\EPSON
   [27/02/2008|17:49] C:\ProgramData\Favoris 
   [02/11/2006|15:02] C:\ProgramData\Favorites 
   [24/06/2008|18:45] C:\ProgramData\Flood Light Games
   [15/09/2008|23:42] C:\ProgramData\fournewfunk
   [15/04/2008|22:17] C:\ProgramData\GamesBar
   [12/03/2008|23:24] C:\ProgramData\Google
   [27/02/2008|18:04] C:\ProgramData\Hewlett-Packard
   [07/12/2007|19:57] C:\ProgramData\HP
   [07/12/2007|19:57] C:\ProgramData\hpzinstall.log
   [30/08/2008|12:44] C:\ProgramData\Kodak
   [22/09/2008|12:03] C:\ProgramData\Lavasoft
   [27/02/2008|17:49] C:\ProgramData\Menu D‚marrer 
   [22/03/2008|18:04] C:\ProgramData\Microsoft
   [22/03/2008|18:53] C:\ProgramData\Microsoft Help
   [14/04/2008|16:00] C:\ProgramData\MinigolfAdventures
   [27/02/2008|17:49] C:\ProgramData\ModŠles 
   [07/12/2007|20:03] C:\ProgramData\muvee Technologies
   [07/12/2007|20:08] C:\ProgramData\PC-Doctor
   [09/04/2008|09:44] C:\ProgramData\Skype
   [22/09/2008|12:40] C:\ProgramData\Spybot - Search & Destroy
   [02/11/2006|15:02] C:\ProgramData\Start Menu 
   [25/06/2008|19:33] C:\ProgramData\TEMP
   [02/11/2006|15:02] C:\ProgramData\Templates 
   [21/08/2008|11:43] C:\ProgramData\TrackMania
   [22/09/2008|13:06] C:\ProgramData\TuneUp Software
   [27/02/2008|18:36] C:\ProgramData\UDL
   [19/05/2008|16:18] C:\ProgramData\WildTangent
   [27/02/2008|19:19] C:\ProgramData\WLInstaller

   --------------------\  Listing des dossiers dans C:\Program Files

   [09/07/2008|20:25] C:\Program Files\AcroPDF
   [26/06/2008|08:34] C:\Program Files\Adobe
   [22/03/2008|17:31] C:\Program Files\Alwil Software
   [07/12/2007|19:52] C:\Program Files\ATI
   [07/12/2007|19:53] C:\Program Files\ATI Technologies
   [26/05/2008|10:32] C:\Program Files\BoontyGames
   [06/07/2008|23:29] C:\Program Files\CFWebAdvancedU_BOBTV.FR
   [22/09/2008|13:05] C:\Program Files\Common Files
   [22/04/2008|16:29] C:\Program Files\Conduit
   [07/12/2007|20:02] C:\Program Files\CyberLink
   [08/12/2007|03:51] C:\Program Files\EasyBits
   [28/04/2008|19:39] C:\Program Files\Eidos Interactive
   [03/07/2008|19:45] C:\Program Files\eMule
   [27/02/2008|18:35] C:\Program Files\epson
   [27/02/2008|17:49] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [22/04/2008|16:27] C:\Program Files\FLV Player
   [23/09/2008|19:55] C:\Program Files\Freecorder
   [24/06/2008|18:45] C:\Program Files\GamesBar
   [12/03/2008|23:24] C:\Program Files\Google
   [07/12/2007|20:09] C:\Program Files\Hewlett-Packard
   [10/09/2008|18:18] C:\Program Files\HP
   [07/12/2007|20:12] C:\Program Files\HP Games
   [26/07/2008|12:49] C:\Program Files\InfraRecorder
   [22/09/2008|12:54] C:\Program Files\InstallShield Installation Information
   [07/12/2007|19:51] C:\Program Files\Intel
   [13/09/2008|16:24] C:\Program Files\Internet Explorer
   [10/07/2008|17:07] C:\Program Files\Java
   [01/09/2008|11:57] C:\Program Files\Kodak
   [23/09/2008|15:00] C:\Program Files\Messenger Plus! Live
   [28/05/2008|15:25] C:\Program Files\Microsoft FrontPage
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [27/02/2008|23:35] C:\Program Files\Microsoft LifeCam
   [28/05/2008|15:24] C:\Program Files\Microsoft Office
   [28/05/2008|15:26] C:\Program Files\Microsoft Visual Studio
   [22/03/2008|18:53] C:\Program Files\Microsoft Works
   [31/07/2008|12:32] C:\Program Files\Movie Maker
   [23/09/2008|19:40] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:37] C:\Program Files\MSBuild
   [11/09/2008|09:11] C:\Program Files\MSXML 4.0
   [07/12/2007|20:03] C:\Program Files\muvee Technologies
   [23/09/2008|20:01] C:\Program Files\Navilog1
   [23/09/2008|14:35] C:\Program Files\Norton Security Scan
   [03/07/2008|19:54] C:\Program Files\OpenOffice.org 2.4
   [12/03/2008|20:58] C:\Program Files\orange
   [16/06/2008|14:07] C:\Program Files\PKR
   [07/12/2007|19:54] C:\Program Files\Realtek
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [26/05/2008|10:32] C:\Program Files\Replay Converter
   [22/09/2008|14:40] C:\Program Files\Replay Media Catcher
   [31/03/2008|21:17] C:\Program Files\Samsung
   [07/12/2007|20:13] C:\Program Files\Services en ligne
   [23/09/2008|08:15] C:\Program Files\Sports Interactive
   [22/09/2008|12:17] C:\Program Files\Spybot - Search & Destroy
   [16/05/2008|09:37] C:\Program Files\TmNationsForever
   [22/09/2008|13:08] C:\Program Files\TuneUp Utilities 2008
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [31/03/2008|10:35] C:\Program Files\uTorrent
   [20/05/2008|08:33] C:\Program Files\vghd
   [08/03/2008|13:43] C:\Program Files\VideoLAN
   [08/09/2008|20:31] C:\Program Files\VirtualDJ
   [31/07/2008|12:32] C:\Program Files\Windows Calendar
   [31/07/2008|12:32] C:\Program Files\Windows Collaboration
   [31/07/2008|12:32] C:\Program Files\Windows Defender
   [31/07/2008|12:32] C:\Program Files\Windows Journal
   [27/02/2008|19:22] C:\Program Files\Windows Live
   [11/09/2008|09:16] C:\Program Files\Windows Mail
   [31/07/2008|12:32] C:\Program Files\Windows Media Player
   [27/02/2008|17:49] C:\Program Files\Windows NT
   [31/07/2008|12:32] C:\Program Files\Windows Photo Gallery
   [31/07/2008|12:32] C:\Program Files\Windows Sidebar
   [22/03/2008|15:06] C:\Program Files\WinRAR
   [23/09/2008|08:16] C:\Program Files\Zero G Registry

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [27/02/2008|22:36] C:\Program Files\Common Files\Adobe
   [06/07/2008|01:12] C:\Program Files\Common Files\Adobe AIR
   [28/05/2008|15:26] C:\Program Files\Common Files\Designer
   [07/12/2007|19:57] C:\Program Files\Common Files\HP
   [27/02/2008|18:38] C:\Program Files\Common Files\InstallShield
   [07/12/2007|20:04] C:\Program Files\Common Files\Java
   [07/12/2007|20:02] C:\Program Files\Common Files\LightScribe
   [07/12/2007|20:02] C:\Program Files\Common Files\LS Getting Started
   [28/05/2008|15:26] C:\Program Files\Common Files\microsoft shared
   [30/08/2008|12:45] C:\Program Files\Common Files\MSSoap
   [07/12/2007|20:03] C:\Program Files\Common Files\muvee Technologies
   [15/04/2008|08:45] C:\Program Files\Common Files\Oberon Media
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [27/02/2008|19:10] C:\Program Files\Common Files\Symantec Shared
   [31/07/2008|12:32] C:\Program Files\Common Files\System
   [27/02/2008|19:22] C:\Program Files\Common Files\WindowsLiveInstaller
   [22/09/2008|13:05] C:\Program Files\Common Files\Wise Installation Wizard

   --------------------\  Process

   ( 78 Processes )

   iexplore.exe ~ [PID:2860]
   iexplore.exe ~ [PID:2940]

   --------------------\  Recherche avec S_Lop

   C:\ProgramData\Barbmathmath.zj4ie
   C:\ProgramData\Barbmathmath.8jbmqlq
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\ProgramData\comp two long internet
   C:\ProgramData\comp two long internet\Keep Trust.exe
   C:\Users\Francky\AppData\Roaming\MICROS~1\Windows\Cookies\francky@adopt.euroclick[1].txt
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "Mpeg Lite"="\"C:\ProgramData\Barbmathmath.8jbmqlq\""

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-23 20:15:04
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 26
 
   --------------------\  Recherche d'autres infections

 
   C:\Users\Francky\AppData\Local\jkdlfsdee.dat
   C:\Users\Francky\AppData\Local\jkdlfsdee_nav.dat
   C:\Users\Francky\AppData\Local\jkdlfsdee_navps.dat
   [b]==> EGDACCESS <==/b

   --------------------\  Cracks & Keygens ..

   C:\Users\Francky\AppData\Roaming\Microsoft\Office\R‚cents\Football Manager 2008 (PC) + crack.lnk
   C:\Users\Francky\AppData\Roaming\Microsoft\Windows\Recent\Crysis.Warhead.Crack-TDM.lnk
   C:\Users\Francky\AppData\Roaming\Microsoft\Windows\Recent\Football Manager 2008 (PC) + crack.lnk
   C:\Users\Francky\AppData\Roaming\uTorrent\Football Manager 2008 (PC) + crack.torrent
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\fm.exe
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\FM2008.iso
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\How to get a Nintendo Wii for nothing (United Kingdom Residents only).rtf
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\instructions.txt
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\languages


   [F:129][D:56]-> C:\Users\Francky\AppData\Local\Temp
   [F:558][D:1]-> C:\Users\Francky\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:494][D:5]-> C:\Users\Francky\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:408][D:29]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|20:16 - Option : [1]

   --------------------\  Fin du rapport a 20:16:34
   [ UAC => 1 ]

docfrancky · Answer

--------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz )
   BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
   USER : Francky ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 080923-0] 4.8.1229 (Activated)
   C:\ (Local Disk) - NTFS - Total : 287 Go Free : 211 Go
   D:\ (Local Disk) - NTFS - Total : 10 Go Free : 1 Go
   E:\ (CD or DVD) - UDF - Total : 0 Go Free : 0 Go
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [2] ( 23/09/2008|20:19 )

   [ UAC => 1 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\ProgramData\comp two long internet\Keep Trust.exe
   Supprime! - C:\Users\Francky\AppData\Roaming\MICROS~1\Windows\Cookies\francky@adopt.euroclick[1].txt
   Supprime! - C:\ProgramData\Barbmathmath.zj4ie
   Supprime! - C:\ProgramData\Barbmathmath.8jbmqlq
   Supprime! - C:\ProgramData\comp two long internet
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans Local  

   [07/06/2008|12:02] C:\Users\Francky\AppData\Local\{C98C229E-62B4-4551-B6D4-521A7B2D16EC}
   [03/03/2008|17:15] C:\Users\Francky\AppData\Local\{D44E6FA3-EFAC-4D55-9B31-03C5018FDC32}
   [27/02/2008|20:29] C:\Users\Francky\AppData\Local\Adobe
   [27/02/2008|17:54] C:\Users\Francky\AppData\Local\Application Data 
   [27/02/2008|18:03] C:\Users\Francky\AppData\Local\ATI
   [07/06/2008|11:57] C:\Users\Francky\AppData\Local\d3d9caps.dat
   [23/09/2008|08:06] C:\Users\Francky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [11/09/2008|18:02] C:\Users\Francky\AppData\Local\Downloaded Installations
   [03/07/2008|19:45] C:\Users\Francky\AppData\Local\eMule
   [22/09/2008|13:40] C:\Users\Francky\AppData\Local\GDIPFONTCACHEV1.DAT
   [12/03/2008|23:24] C:\Users\Francky\AppData\Local\Google
   [27/02/2008|18:03] C:\Users\Francky\AppData\Local\Hewlett-Packard
   [27/02/2008|17:54] C:\Users\Francky\AppData\Local\Historique 
   [13/09/2008|13:14] C:\Users\Francky\AppData\Local\HP Guide
   [23/09/2008|19:53] C:\Users\Francky\AppData\Local\IconCache.db
   [17/04/2008|09:48] C:\Users\Francky\AppData\Local\jkdlfsdee.dat
   [04/04/2008|19:12] C:\Users\Francky\AppData\Local\jkdlfsdee_nav.dat
   [17/04/2008|09:48] C:\Users\Francky\AppData\Local\jkdlfsdee_navps.dat
   [06/07/2008|19:24] C:\Users\Francky\AppData\Local\Microsoft
   [20/07/2008|00:09] C:\Users\Francky\AppData\Local\Microsoft Games
   [14/03/2008|16:37] C:\Users\Francky\AppData\Local\Microsoft Help
   [23/09/2008|19:40] C:\Users\Francky\AppData\Local\Mozilla
   [01/09/2008|12:21] C:\Users\Francky\AppData\Local\Pando
   [16/04/2008|14:53] C:\Users\Francky\AppData\Local\qkmhqtnq.bat
   [14/03/2008|16:40] C:\Users\Francky\AppData\Local\Seven Zip
   [23/09/2008|20:19] C:\Users\Francky\AppData\Local\Temp
   [27/02/2008|17:54] C:\Users\Francky\AppData\Local\Temporary Internet Files 
   [14/04/2008|15:25] C:\Users\Francky\AppData\Local\VirtualStore
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [23/09/2008 19:55][--a------] C:\Windows	asks\Norton Security Scan.job
   [22/09/2008 13:44][--a------] C:\Windows	asks\Maintenance en 1 clic.job
   [23/09/2008 19:55][--ah-----] C:\Windows	asks\SA.DAT
   [23/09/2008 19:53][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [26/03/2008|10:24] C:\ProgramData\Adobe
   [30/08/2008|12:48] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data 
   [07/12/2007|19:56] C:\ProgramData\ATI
   [27/02/2008|17:49] C:\ProgramData\Bureau 
   [14/08/2008|11:41] C:\ProgramData\CR2006
   [28/03/2008|14:45] C:\ProgramData\CyberLink
   [15/09/2008|23:42] C:\ProgramData\Date roam 64.cnop5zb
   [02/11/2006|15:02] C:\ProgramData\Desktop 
   [02/11/2006|15:02] C:\ProgramData\Documents 
   [11/09/2008|18:09] C:\ProgramData\Electronic Arts
   [03/07/2008|19:45] C:\ProgramData\eMule
   [27/02/2008|18:32] C:\ProgramData\EPSON
   [27/02/2008|17:49] C:\ProgramData\Favoris 
   [02/11/2006|15:02] C:\ProgramData\Favorites 
   [24/06/2008|18:45] C:\ProgramData\Flood Light Games
   [15/09/2008|23:42] C:\ProgramData\fournewfunk
   [15/04/2008|22:17] C:\ProgramData\GamesBar
   [12/03/2008|23:24] C:\ProgramData\Google
   [27/02/2008|18:04] C:\ProgramData\Hewlett-Packard
   [07/12/2007|19:57] C:\ProgramData\HP
   [07/12/2007|19:57] C:\ProgramData\hpzinstall.log
   [30/08/2008|12:44] C:\ProgramData\Kodak
   [22/09/2008|12:03] C:\ProgramData\Lavasoft
   [27/02/2008|17:49] C:\ProgramData\Menu D‚marrer 
   [22/03/2008|18:04] C:\ProgramData\Microsoft
   [22/03/2008|18:53] C:\ProgramData\Microsoft Help
   [14/04/2008|16:00] C:\ProgramData\MinigolfAdventures
   [27/02/2008|17:49] C:\ProgramData\ModŠles 
   [07/12/2007|20:03] C:\ProgramData\muvee Technologies
   [07/12/2007|20:08] C:\ProgramData\PC-Doctor
   [09/04/2008|09:44] C:\ProgramData\Skype
   [22/09/2008|12:40] C:\ProgramData\Spybot - Search & Destroy
   [02/11/2006|15:02] C:\ProgramData\Start Menu 
   [25/06/2008|19:33] C:\ProgramData\TEMP
   [02/11/2006|15:02] C:\ProgramData\Templates 
   [21/08/2008|11:43] C:\ProgramData\TrackMania
   [22/09/2008|13:06] C:\ProgramData\TuneUp Software
   [27/02/2008|18:36] C:\ProgramData\UDL
   [19/05/2008|16:18] C:\ProgramData\WildTangent
   [27/02/2008|19:19] C:\ProgramData\WLInstaller

   --------------------\  Listing des dossiers dans C:\Program Files

   [09/07/2008|20:25] C:\Program Files\AcroPDF
   [26/06/2008|08:34] C:\Program Files\Adobe
   [22/03/2008|17:31] C:\Program Files\Alwil Software
   [07/12/2007|19:52] C:\Program Files\ATI
   [07/12/2007|19:53] C:\Program Files\ATI Technologies
   [26/05/2008|10:32] C:\Program Files\BoontyGames
   [06/07/2008|23:29] C:\Program Files\CFWebAdvancedU_BOBTV.FR
   [22/09/2008|13:05] C:\Program Files\Common Files
   [22/04/2008|16:29] C:\Program Files\Conduit
   [07/12/2007|20:02] C:\Program Files\CyberLink
   [08/12/2007|03:51] C:\Program Files\EasyBits
   [28/04/2008|19:39] C:\Program Files\Eidos Interactive
   [03/07/2008|19:45] C:\Program Files\eMule
   [27/02/2008|18:35] C:\Program Files\epson
   [27/02/2008|17:49] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [22/04/2008|16:27] C:\Program Files\FLV Player
   [23/09/2008|19:55] C:\Program Files\Freecorder
   [24/06/2008|18:45] C:\Program Files\GamesBar
   [12/03/2008|23:24] C:\Program Files\Google
   [07/12/2007|20:09] C:\Program Files\Hewlett-Packard
   [10/09/2008|18:18] C:\Program Files\HP
   [07/12/2007|20:12] C:\Program Files\HP Games
   [26/07/2008|12:49] C:\Program Files\InfraRecorder
   [22/09/2008|12:54] C:\Program Files\InstallShield Installation Information
   [07/12/2007|19:51] C:\Program Files\Intel
   [13/09/2008|16:24] C:\Program Files\Internet Explorer
   [10/07/2008|17:07] C:\Program Files\Java
   [01/09/2008|11:57] C:\Program Files\Kodak
   [23/09/2008|15:00] C:\Program Files\Messenger Plus! Live
   [28/05/2008|15:25] C:\Program Files\Microsoft FrontPage
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [27/02/2008|23:35] C:\Program Files\Microsoft LifeCam
   [28/05/2008|15:24] C:\Program Files\Microsoft Office
   [28/05/2008|15:26] C:\Program Files\Microsoft Visual Studio
   [22/03/2008|18:53] C:\Program Files\Microsoft Works
   [31/07/2008|12:32] C:\Program Files\Movie Maker
   [23/09/2008|19:40] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:37] C:\Program Files\MSBuild
   [11/09/2008|09:11] C:\Program Files\MSXML 4.0
   [07/12/2007|20:03] C:\Program Files\muvee Technologies
   [23/09/2008|20:01] C:\Program Files\Navilog1
   [23/09/2008|14:35] C:\Program Files\Norton Security Scan
   [03/07/2008|19:54] C:\Program Files\OpenOffice.org 2.4
   [12/03/2008|20:58] C:\Program Files\orange
   [16/06/2008|14:07] C:\Program Files\PKR
   [07/12/2007|19:54] C:\Program Files\Realtek
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [26/05/2008|10:32] C:\Program Files\Replay Converter
   [22/09/2008|14:40] C:\Program Files\Replay Media Catcher
   [31/03/2008|21:17] C:\Program Files\Samsung
   [07/12/2007|20:13] C:\Program Files\Services en ligne
   [23/09/2008|08:15] C:\Program Files\Sports Interactive
   [22/09/2008|12:17] C:\Program Files\Spybot - Search & Destroy
   [16/05/2008|09:37] C:\Program Files\TmNationsForever
   [22/09/2008|13:08] C:\Program Files\TuneUp Utilities 2008
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [31/03/2008|10:35] C:\Program Files\uTorrent
   [20/05/2008|08:33] C:\Program Files\vghd
   [08/03/2008|13:43] C:\Program Files\VideoLAN
   [08/09/2008|20:31] C:\Program Files\VirtualDJ
   [31/07/2008|12:32] C:\Program Files\Windows Calendar
   [31/07/2008|12:32] C:\Program Files\Windows Collaboration
   [31/07/2008|12:32] C:\Program Files\Windows Defender
   [31/07/2008|12:32] C:\Program Files\Windows Journal
   [27/02/2008|19:22] C:\Program Files\Windows Live
   [11/09/2008|09:16] C:\Program Files\Windows Mail
   [31/07/2008|12:32] C:\Program Files\Windows Media Player
   [27/02/2008|17:49] C:\Program Files\Windows NT
   [31/07/2008|12:32] C:\Program Files\Windows Photo Gallery
   [31/07/2008|12:32] C:\Program Files\Windows Sidebar
   [22/03/2008|15:06] C:\Program Files\WinRAR
   [23/09/2008|08:16] C:\Program Files\Zero G Registry

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [27/02/2008|22:36] C:\Program Files\Common Files\Adobe
   [06/07/2008|01:12] C:\Program Files\Common Files\Adobe AIR
   [28/05/2008|15:26] C:\Program Files\Common Files\Designer
   [07/12/2007|19:57] C:\Program Files\Common Files\HP
   [27/02/2008|18:38] C:\Program Files\Common Files\InstallShield
   [07/12/2007|20:04] C:\Program Files\Common Files\Java
   [07/12/2007|20:02] C:\Program Files\Common Files\LightScribe
   [07/12/2007|20:02] C:\Program Files\Common Files\LS Getting Started
   [28/05/2008|15:26] C:\Program Files\Common Files\microsoft shared
   [30/08/2008|12:45] C:\Program Files\Common Files\MSSoap
   [07/12/2007|20:03] C:\Program Files\Common Files\muvee Technologies
   [15/04/2008|08:45] C:\Program Files\Common Files\Oberon Media
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [27/02/2008|19:10] C:\Program Files\Common Files\Symantec Shared
   [31/07/2008|12:32] C:\Program Files\Common Files\System
   [27/02/2008|19:22] C:\Program Files\Common Files\WindowsLiveInstaller
   [22/09/2008|13:05] C:\Program Files\Common Files\Wise Installation Wizard

   --------------------\  Process

   ( 76 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-23 20:19:53
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 26
 
   --------------------\  Recherche d'autres infections

 
   C:\Users\Francky\AppData\Local\jkdlfsdee.dat
   C:\Users\Francky\AppData\Local\jkdlfsdee_nav.dat
   C:\Users\Francky\AppData\Local\jkdlfsdee_navps.dat
   [b]==> EGDACCESS <==/b

   --------------------\  Cracks & Keygens ..

   C:\Users\Francky\AppData\Roaming\Microsoft\Office\R‚cents\Football Manager 2008 (PC) + crack.lnk
   C:\Users\Francky\AppData\Roaming\Microsoft\Windows\Recent\Crysis.Warhead.Crack-TDM.lnk
   C:\Users\Francky\AppData\Roaming\Microsoft\Windows\Recent\Football Manager 2008 (PC) + crack.lnk
   C:\Users\Francky\AppData\Roaming\uTorrent\Football Manager 2008 (PC) + crack.torrent
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\fm.exe
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\FM2008.iso
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\How to get a Nintendo Wii for nothing (United Kingdom Residents only).rtf
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\instructions.txt
   C:\Users\Francky\Documents\Downloads\Football Manager 2008 (PC) + crack\languages


   [F:129][D:56]-> C:\Users\Francky\AppData\Local\Temp
   [F:558][D:1]-> C:\Users\Francky\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:494][D:5]-> C:\Users\Francky\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:408][D:29]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|20:16 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 23/09/2008|20:21 - Option : [2]

   --------------------\  Fin du rapport a 20:21:19
   [ UAC => 1 ]

docfrancky · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:34, on 23/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Windows\vVX1000.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [{D32470A1-B10C-4059-BA53-CF0486F68EBC}] RunDll32.exe C:\Users\Francky\AppData\Local\Temp\6.0.20.16-EasyShrx.Dll,_UninstallPlatform@16 C:\ProgramData\Kodak\EasyShareSetup
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\Users\Francky\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Long Internet Team Stupid] "C:\ProgramData\Date roam 64.cnop5zb"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

docfrancky · Answer

SmitFraudFix v2.353

Scan done at 20:33:12,08, 23/09/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Windows\vVX1000.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Francky


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Francky\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Francky\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DA2F19BA-A457-4067-B98F-3CDF2E205FA1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DA2F19BA-A457-4067-B98F-3CDF2E205FA1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DA2F19BA-A457-4067-B98F-3CDF2E205FA1}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

docfrancky · Answer

ComboFix 08-09-22.04 - Francky 2008-09-23 20:47:43.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1252 [GMT 2:00]
Lancé depuis: C:\Users\Francky\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Francky\AppData\Local\jkdlfsdee.dat
C:\Users\Francky\AppData\Local\jkdlfsdee_nav.dat
C:\Users\Francky\AppData\Local\jkdlfsdee_navps.dat
C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-23 20:35 . 2008-09-23 20:35 <REP> d-------- C:\_OTMoveIt
2008-09-23 20:33 . 2008-09-23 20:33 3,382 --a------ C:\Windows\System32\tmp.reg
2008-09-23 20:29 . 2008-09-23 20:29 <REP> d-------- C:\Program Files\Trend Micro
2008-09-23 20:13 . 2008-09-23 20:21 <REP> d-------- C:\Lop SD
2008-09-23 19:53 . 2008-09-23 19:53 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-23 19:47 . 2008-09-23 20:01 <REP> d-------- C:\Program Files\Navilog1
2008-09-23 12:40 . 2008-09-23 14:35 <REP> d-------- C:\Program Files\Norton Security Scan
2008-09-23 08:15 . 2008-09-23 08:16 <REP> d--h----- C:\Program Files\Zero G Registry
2008-09-23 08:15 . 2008-09-23 08:15 <REP> d-------- C:\Program Files\Sports Interactive
2008-09-23 08:14 . 2008-09-23 08:14 <REP> d--h----- C:\Users\Francky\InstallAnywhere
2008-09-23 08:10 . 2008-09-23 08:10 <REP> d-------- C:\Users\Francky\AppData\Roaming\Sports Interactive
2008-09-22 13:08 . 2008-09-22 13:08 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-09-22 13:07 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-09-22 13:07 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-09-22 13:06 . 2008-09-22 13:06 <REP> d-------- C:\Users\Francky\AppData\Roaming\TuneUp Software
2008-09-22 13:06 . 2008-09-22 13:06 <REP> d-------- C:\Users\All Users\TuneUp Software
2008-09-22 13:06 . 2008-09-22 13:06 <REP> d-------- C:\ProgramData\TuneUp Software
2008-09-22 13:06 . 2008-09-22 13:08 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-22 13:05 . 2008-09-22 13:05 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 12:48 . 2008-09-22 12:48 59 --a------ C:\Windows\wininit.ini
2008-09-22 12:17 . 2008-09-22 12:40 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-22 12:17 . 2008-09-22 12:40 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-22 12:17 . 2008-09-22 12:17 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-22 11:59 . 2008-09-22 12:03 <REP> d-------- C:\Users\All Users\Lavasoft
2008-09-22 11:59 . 2008-09-22 12:03 <REP> d-------- C:\ProgramData\Lavasoft
2008-09-16 18:17 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-16 18:17 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-16 18:17 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-16 18:17 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-16 18:16 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-16 18:16 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-16 18:16 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-16 18:16 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-16 18:16 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-15 23:42 . 2008-09-15 23:42 <REP> d-------- C:\Users\All Users\fournewfunk
2008-09-15 23:42 . 2008-09-15 23:42 <REP> d-------- C:\ProgramData\fournewfunk
2008-09-13 16:24 . 2008-09-13 16:24 <REP> d-------- C:\Users\Francky\AppData\Roaming\Icone
2008-09-11 18:09 . 2008-09-11 18:09 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-09-11 18:09 . 2008-09-11 18:09 <REP> d-------- C:\ProgramData\Electronic Arts
2008-09-11 17:58 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-09-11 17:58 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-09-11 17:58 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-09-11 17:58 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-09-11 17:58 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-09-11 17:58 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-09-11 09:13 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-11 09:11 . 2008-09-11 09:11 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-10 17:41 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 17:41 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-09-10 17:41 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 17:41 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-09-10 17:41 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-08 20:31 . 2008-09-08 20:31 <REP> d-------- C:\Program Files\VirtualDJ
2008-09-08 19:26 . 2008-09-08 19:26 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-30 12:48 . 2008-08-30 12:48 <REP> d-------- C:\Users\All Users\Apple Computer
2008-08-30 12:48 . 2008-08-30 12:48 <REP> d-------- C:\ProgramData\Apple Computer
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-30 12:47 . 2008-08-30 12:47 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-30 12:47 . 2008-08-30 12:47 <REP> d-------- C:\Windows\System32\BWKDLogs
2008-08-30 12:47 . 2008-08-30 12:47 <REP> d-------- C:\Windows\Downloaded Installations
2008-08-30 12:46 . 2008-09-01 11:56 <REP> d-------- C:\Windows\System32\color
2008-08-30 12:45 . 2008-09-01 11:57 <REP> d-------- C:\Program Files\Kodak
2008-08-30 12:44 . 2008-08-30 12:44 <REP> d-------- C:\Users\All Users\Kodak
2008-08-30 12:44 . 2008-08-30 12:44 <REP> d-------- C:\ProgramData\Kodak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 18:40 --------- d-----w C:\Users\Francky\AppData\Roaming\OpenOffice.org2
2008-09-23 17:55 --------- d-----w C:\Program Files\Freecorder
2008-09-23 17:55 --------- d-----w C:\Program Files\Conduit
2008-09-23 13:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-23 06:09 --------- d-----w C:\Users\Francky\AppData\Roaming\CyberLink
2008-09-23 06:06 --------- d-----w C:\Users\Francky\AppData\Roaming\uTorrent
2008-09-22 12:40 --------- d-----w C:\Program Files\Replay Media Catcher
2008-09-22 10:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\o4Patch.exe
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-11 07:16 --------- d-----w C:\Program Files\Windows Mail
2008-09-10 16:18 --------- d-----w C:\Program Files\HP
2008-09-08 21:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-21 09:43 --------- d-----w C:\ProgramData\TrackMania
2008-08-18 10:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-14 09:41 --------- d-----w C:\ProgramData\CR2006
2008-08-12 16:32 --------- d-----w C:\Users\Francky\AppData\Roaming\PeerNetworking
2008-08-02 12:33 --------- d-----w C:\Users\Francky\AppData\Roaming\eMule
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 10:38 174 --sha-w C:\Program Files\desktop.ini
2008-07-31 10:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 10:32 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-31 10:32 --------- d-----w C:\Program Files\Windows Journal
2008-07-31 10:32 --------- d-----w C:\Program Files\Windows Defender
2008-07-31 10:32 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-31 10:32 --------- d-----w C:\Program Files\Windows Calendar
2008-07-31 07:45 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-31 07:45 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-26 11:23 --------- d-----w C:\Users\Francky\AppData\Roaming\InfraRecorder
2008-07-26 10:49 --------- d-----w C:\Program Files\InfraRecorder
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-05-28 17:04 102 ----a-w C:\Users\Francky\AppData\Roaming\wklnhst.dat
2008-04-22 14:29 4,265,560 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-04-22 14:29 2,725,048 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-04-22 14:28 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2008-03-26 08:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032620080327\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Long Internet Team Stupid"="C:\ProgramData\Date roam 64.cnop5zb" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 1783136]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2008-06-10 54672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX1000"="C:\Windows\vVX1000.exe" [2006-12-06 707360]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

C:\Users\Francky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-05-20 11773248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{500AC7CA-38E6-48FF-B8B8-ED21A680AF43}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{0241E27F-28EA-4B98-B44E-12F3927675BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9F077087-1DAF-40B0-B6AD-FC5F25A64635}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2AA6EDF9-AB73-4FE0-AF3B-232C3DD34BDE}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{6F920586-6A41-4E61-BBF4-DBAC03659D81}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{EB5F66E1-8354-4853-BE2A-1C2AFF421B62}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8D69ECD1-68EC-4043-8062-A05B682431B7}"= UDP:57305:Pando P2P TCP Listening Port
"{959E5CDD-6C4F-452A-8A76-4A16BACDB2E0}"= TCP:57305:Pando P2P UDP Listening Port
"TCP Query User{113E3107-40BA-4A99-899F-53DB669D7463}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{8706E650-A7D9-4B46-9F24-CF66468F5C0D}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{6A772A0F-9F0F-4EA1-9040-35B5C047DD3B}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{A734032A-FDFF-4037-964B-7B6C5BEAC0EB}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{5D8DCF60-54EA-48D5-B874-A427676FF728}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{875D4605-ECC2-447A-AC83-A69E120ABA1C}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{104E95A9-BE73-454D-A68D-8AF32B611AF0}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5B68F4A6-1602-4763-86AE-2DB0C938A864}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{25140EF8-76C6-47FC-B436-01C03CEEDA30}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8E7DDF75-A57D-4B04-B30C-EE39AEDA63E2}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{B804111A-D916-46EF-9968-CDB0E9F7D39A}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DE38F4DD-8F84-41DB-AACA-9B448FB03D96}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7D05F967-506C-45D6-BA5E-FE99AB9F6CF5}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{7AD9A682-0839-43E3-852C-A88B5EB3A365}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"TCP Query User{E56F5957-0EF2-4E9B-93E2-741F26378CC9}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{4A1AECFB-E785-4BDD-BB6C-50E5D459DA53}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{794DDC0A-4AE6-4AC2-9C93-4865605EE974}C:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= UDP:C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"UDP Query User{382A49C5-1C9E-4FDD-913D-E6C8F1238E2C}C:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= TCP:C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"{5D0C5798-DE91-4D17-9221-47A524126AAB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{ECE81146-2CC8-4423-A70E-D45CA83D0006}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{2550B0EB-3CC6-465B-BD10-82D08A14EAE0}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{151A8463-E662-4CCC-9731-E4DF28237300}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{93ED26F8-C212-4F65-B32F-DCEE088E2B3A}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{D80C82C8-171B-4C09-BAFC-93ADCB38FB93}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 240408]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-15 3151872]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-06 165416]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-22 354560]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a965b42-f4bb-11dc-bb48-001e8c5b0e45}]
\shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e169f694-eb9f-11dc-b487-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Francky\AppData\Roaming\Mozilla\Firefox\Profiles\6j4o2w74.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 20:50:24
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-23 20:51:47
ComboFix-quarantined-files.txt 2008-09-23 18:51:44

Avant-CF: 226ÿ338ÿ910ÿ208 octets libres
Après-CF: 226,359,242,752 octets libres

250 --- E O F --- 2008-09-19 07:07:12

ep44 · Answer

Bonjour 

Il faut créer ton propre sujet stp

merci

Fenêtres publicitaires

14 réponses

Votre réponse

Discussions similaires

Newsletters