Problème trojan

blackgothdoll Messages postés 13 Statut Membre -  
blackgothdoll Messages postés 13 Statut Membre -
Bonjour,
j'ai pas mal d'alerte trojan qui s'affichent, j'avais réussi à en enlever certain et débloquer le fond d'écran qui affichait warning
apparemment ils sont bloqués par le pare feu windows maintenant et un message s'affiche quand j'ouvre certains sites etc

j'ai déjà fait un scan avec malewarebyte's, Smitfraudfix et Hijackthis
ça s'affiche toujours, avec des liens commerciaux pour des antivirus payant qui me détecte 3567 éléments nuisibles
enfin bref

je sais plus trop quoi faire j'ai essayé pas mal de trucs et ça s'affiche quand même
j'ai lu d'autres réponses sur le forum enfin j'ai essayé le maximum et voilà
alors si quelqu'un pourrait me sauver...
merci...
Configuration: Windows Vista
Internet Explorer 7.0

23 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut

    j'ai déjà fait un scan avec malewarebyte's, Smitfraudfix

    t as les rapports ??

    Télécharge HijackThis ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
  2. blackgothdoll
     
    merci de m'avoir répondu
    alors voici celui de hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:41:49, on 17/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\ProgramData\qlmdgxuv\yputqbat.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\System32\oodtray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Windows\System32\khyzenot.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Microsoft Encarta\Collection Encarta 2004\EDICT.EXE
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Users\Julie\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: vwsrfton - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - C:\Windows\vwsrfton.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
    O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\MediaCenter\LaunchList.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WebInfo] C:\Windows\system32\khyzenot.exe
    O4 - HKCU\..\Run: [strinfomon] C:\ProgramData\strinfomon\kvspobur.exe
    O4 - HKCU\..\Run: [ProcGenWeb] C:\ProgramData\ProcGenWeb\xqtkvwjm.exe
    O4 - HKLM\..\Policies\Explorer\Run: [c1P8qJdhiG] C:\ProgramData\qlmdgxuv\yputqbat.exe
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    0
  3. Utilisateur anonyme
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  4. blackgothdoll Messages postés 13 Statut Membre
     
    voilà
    ComboFix 08-08-16.01 - Julie 2008-08-17 12:38:53.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1179 [GMT 2:00]
    Endroit: C:\Users\Julie\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@ads.pointroll[2].txt
    C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@edt02[2].txt
    C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@rad.msn[1].txt
    C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@serving-sys[2].txt

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier cr‚‚ dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-17 10:21 --------- d-----w C:\Users\Julie\AppData\Roaming\Skype
    2008-08-17 09:36 --------- d-----w C:\ProgramData\ProcGenWeb
    2008-08-17 08:38 --------- d-----w C:\Users\Julie\AppData\Roaming\skypePM
    2008-08-15 16:34 --------- d-----w C:\Program Files\PC Clean Pro
    2008-08-15 09:09 --------- d-----w C:\Program Files\EA GAMES
    2008-08-15 08:16 --------- d-----w C:\ProgramData\strinfomon
    2008-08-15 07:04 --------- d-----w C:\ProgramData\eMule
    2008-08-15 06:58 --------- d-----w C:\Users\Julie\AppData\Roaming\Malwarebytes
    2008-08-15 06:58 --------- d-----w C:\ProgramData\Malwarebytes
    2008-08-15 06:58 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-15 06:35 --------- d-----w C:\ProgramData\avg8
    2008-08-15 06:27 --------- d-----w C:\Program Files\AVG
    2008-08-15 06:22 691 ----a-w C:\Users\Julie\AppData\Roaming\GetValue.vbs
    2008-08-15 06:22 35 ----a-w C:\Users\Julie\AppData\Roaming\SetValue.bat
    2008-08-15 05:46 --------- d-----w C:\Users\Julie\AppData\Roaming\BitTorrent
    2008-08-15 05:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-15 05:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-08-15 05:32 --------- d-----w C:\ProgramData\WinEnGen
    2008-08-14 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-14 19:49 --------- d-----w C:\ProgramData\qlmdgxuv
    2008-08-14 01:13 --------- d-----w C:\Program Files\Windows Mail
    2008-08-11 11:37 --------- d-----w C:\Program Files\Orange
    2008-08-11 11:24 --------- d-----w C:\Program Files\SAGEM
    2008-08-10 13:22 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-10 13:21 --------- d-----w C:\Program Files\iTunes
    2008-08-10 13:21 --------- d-----w C:\Program Files\iPod
    2008-08-06 17:01 --------- d-----w C:\Users\Julie\AppData\Roaming\Media Player Classic
    2008-08-04 15:42 --------- d-----w C:\Program Files\OrangeHSS
    2008-07-30 18:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
    2008-07-30 18:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-07-29 08:45 --------- d-----w C:\Program Files\QuickTime
    2008-07-29 08:45 --------- d-----w C:\Program Files\Bonjour
    2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
    2008-07-15 05:08 --------- d-----w C:\Users\Julie\AppData\Roaming\Teeworlds
    2008-07-11 06:40 174 --sha-w C:\Program Files\desktop.ini
    2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-06-26 13:54 --------- d-----w C:\Program Files\BitTorrent
    2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-03-10 13:38 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-03-10 13:38 32 ----a-w C:\ProgramData\ezsid.dat
    2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-02-13 20:44 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-06 17:17 171448]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-23 13:06 507904]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
    "WebInfo"="C:\Windows\system32\khyzenot.exe" [2008-08-14 21:49 86016]
    "strinfomon"="C:\ProgramData\strinfomon\kvspobur.exe" [2008-08-15 10:16 81920]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
    "PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
    "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
    "lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 20:07 435120]
    "lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 14:40 20480]
    "FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 20:10 312240]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "c1P8qJdhiG"="C:\ProgramData\qlmdgxuv\yputqbat.exe" [2008-08-14 21:49 57344]

    C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-23 21:28:13 344064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.MPG4"= vp31vfw.dll
    "msacm.l3codec"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-294148248-2132267115-3273299950-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6EA5F393-AD6D-4879-B024-A77059CE5832}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
    "{2112E4AF-A16E-42A2-A9FA-DB1137EF69BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DFB8E4BF-4652-408E-9F10-67A9CACC0DA6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{33957CDE-961C-4438-B7BC-64E37A5D28A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{95FE20FF-AAE8-4508-A8A4-4A9BDD17A0ED}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{B2F593D4-87F0-41FC-B621-7C5D3AD09767}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{939E9F55-2CF3-45B0-A909-6CAD56781229}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{41FFE1D8-D199-46D2-9D9B-7A8414E11CCE}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{536619D3-5FCB-443F-BBF8-374E7030AB18}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{753EAB97-7BF3-4F5E-A7BA-86D1326D5A13}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{EA23E820-2142-48A3-A3CC-2A8516C5AE19}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= UDP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
    "UDP Query User{4EF47CAC-3FC1-4C5F-8881-248AFDD3EC8D}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= TCP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
    "{5D607529-8306-44ED-934E-AB51BBCD5864}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
    "{97C99824-D87D-4105-8099-A31447F468EE}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
    "{E0416CB4-2D08-49FD-8FA5-6125D597B247}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
    "{41E39112-9CE1-40E5-9075-9934C2131723}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
    "{542499CB-B0B5-487E-B5EE-986CB46EB881}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
    "{1F097AA3-6DD6-4F91-A4B4-CACB388B6283}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
    "{C83C6DA5-8CA7-4948-8651-28916D951D26}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
    "{72D2EA34-0487-4D84-8411-2692E5248BA3}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
    "{6BB5EFAD-A350-4C6C-8CA3-581196209A5C}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
    "{C182ECD5-A170-4B53-ABA3-171F8D3E4932}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
    "{8C833947-9C7A-46F6-BC1D-C641D83B683E}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
    "{FBC80399-0DFA-44CC-8CC1-0FDE9E514D3F}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
    "{EEF806A3-F9DA-4767-8860-9B9ABB3E0A5D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
    "{195E0272-C040-43A0-A748-DBBA12237B40}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
    "{FBB7BCA1-2E24-4E39-8645-6DFA73E55B73}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
    "{0AFBDC87-F7F6-49D2-8F2F-B6EDAFEC7E18}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
    "{62D225CA-FD73-4F3B-949C-9705943D242D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
    "{267EA51F-C499-47AF-A72E-F903F0C62807}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
    "{5C9ACED9-AE9D-44F8-A16C-0DE451F20D0E}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
    "{D4C33F94-869E-40B4-A041-3EBBD5D6DD9F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
    "{28F8CCDC-5044-4B1B-92E9-DCC27A794DDB}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
    "{184B47D7-9030-4743-8AD3-95F7A8B6A93F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
    "{20A41250-A1C6-4778-A336-56801958C4ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5E51948B-3A28-4445-A232-F81BF2640731}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{01C200C5-0D9B-4E38-BBC4-1BB9A61B0F62}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{45074DC6-879C-4F4B-BF7F-92E3F39D90C2}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{440C8ADD-C7BC-4F20-B3AF-755C0B5EF72D}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{94B5E28B-2664-4B70-90A8-8652D0C3A9F7}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{333668E5-B5E5-45BA-A6EC-AFF541741333}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{9F6C1277-B100-480E-B76D-5104E88E201B}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "{3CE7E586-082F-409D-881C-79AEDB57245F}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "{4D0BC2CA-78D9-450E-9707-6103F69D9023}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
    "{7713D7F6-81E8-43AC-8D0B-DF8CD280EA1E}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
    "{6512241C-9430-4943-9F21-D8ECC8920B64}"= UDP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
    "{51D9CE9E-E8B0-44AF-B55F-E3A103F19C11}"= TCP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
    "{9A5CB53F-C29A-47FF-8959-89EF1FFDC72F}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
    "{10BF77AF-FEB3-4A5E-835E-187EBBAEC7CD}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
    "{EA164002-1BFD-4308-8869-D58BFCAC6B4B}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
    "{A33DAEE7-D77D-4A25-9DF6-9AF6568DE9F9}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
    "{34827008-B3BA-4A53-B979-B77DDF825D92}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{B0067EF7-6213-4D44-9AB5-567D35904995}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{8754B001-0D3C-4580-A7C4-7E4972D244E0}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "{49F83396-F3B2-4D1D-AE32-BF9F78635A5C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "TCP Query User{A86E8892-858E-41DE-B251-0CCCC22B8FCB}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
    "UDP Query User{81DAEE10-1448-4116-B0DC-3498ECA3DAF7}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
    "TCP Query User{56DB0CC9-5F09-494D-A5B8-0D55B5F17D64}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{995B9471-2F18-49FA-B71B-792C0C830951}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{B0B4D862-017C-4D32-A576-F87D6BCC04E5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{1ED2A6DA-A93E-4AF3-BD96-D330198AAAED}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
    "UDP Query User{E7058ADA-3573-4455-B55D-87B43BF78424}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
    "{48336865-3EC0-431F-9B30-DD36BD531A14}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{BEA56142-7821-4B3C-9326-2219E7872817}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{63D8A362-6E5A-4ABA-9782-0E40FD4BD6B9}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{56A09833-91B1-42AC-A899-61C59889D7B0}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{DFCC994F-E636-4DCA-83A7-A645D46F4690}C:\\users\\julie\\program files\\dna\\btdna.exe"= UDP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{324659F3-F096-4CC2-84CE-47E8D52CC830}C:\\users\\julie\\program files\\dna\\btdna.exe"= TCP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
    "TCP Query User{57422E1D-0F32-4582-957C-1FFA0D858578}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{F43DC13A-3572-411B-B95F-1255DA2B4257}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{D499003C-35A1-41AD-8063-12D2BB902429}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{6D0A5FEA-907D-4860-BA2F-C6B9245C29A5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{372B3FE6-DF33-4D6A-BBC6-3F2F72A2AE9A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{09F2112F-A891-44BA-85EE-3D11BEA3ECFB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{AD07DB0C-73A2-48D9-9FEB-5C07E69152F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{017BCCA1-A770-47F2-A91C-7E0D408D25AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
    R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-04-26 17:38]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 22:03]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 05:57]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 17:38]
    S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
    S3 USB28xxBGA;USB 2883 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2006-08-09 10:10]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2006-08-09 10:10]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\Auto\command - AdobeR.exe e
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    HKCU-Run-ProcGenWeb - C:\ProgramData\ProcGenWeb\xqtkvwjm.exe
    HKLM-Run-LaunchList - C:\Program Files\Pinnacle\MediaCenter\LaunchList.exe

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\p9qmtxcm.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-17 12:46:25
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@unicast[2].txt 138 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 1

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Windows\System32\oodag.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-17 12:54:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-17 10:54:21

    Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 52,793,905,152 octets libres

    256 --- E O F --- 2008-08-14 01:08:33
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Affiche tous les fichiers et dossiers :
    Pour cela :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «appliquer» pour valider les changements.

    Et OK

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\Windows\system32\khyzenot.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Fais la meme chose pour : C:\ProgramData\strinfomon\kvspobur.exe
    0
  7. blackgothdoll Messages postés 13 Statut Membre
     
    voilà alors j'ai tout mis mais je suppose que toute la fin est inutile chuis dsl
    ça c C:\Windows\system32\khyzenot.exe:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.15.0 2008.08.15 -
    AntiVir 7.8.1.19 2008.08.16 -
    Authentium 5.1.0.4 2008.08.16 -
    Avast 4.8.1195.0 2008.08.17 -
    AVG 8.0.0.161 2008.08.16 Downloader.Swizzor
    BitDefender 7.2 2008.08.17 -
    CAT-QuickHeal 9.50 2008.08.16 -
    ClamAV 0.93.1 2008.08.16 -
    DrWeb 4.44.0.09170 2008.08.17 -
    eSafe 7.0.17.0 2008.08.14 -
    eTrust-Vet 31.6.6035 2008.08.15 -
    Ewido 4.0 2008.08.17 -
    F-Prot 4.4.4.56 2008.08.16 -
    F-Secure 7.60.13501.0 2008.08.17 -
    Fortinet 3.14.0.0 2008.08.17 W32/PolySmall.BP!tr
    GData 2.0.7306.1023 2008.08.16 -
    Ikarus T3.1.1.34.0 2008.08.17 -
    K7AntiVirus 7.10.417 2008.08.15 -
    Kaspersky 7.0.0.125 2008.08.17 -
    McAfee 5362 2008.08.15 -
    Microsoft 1.3807 2008.08.17 Trojan:Win32/Busky.EC
    NOD32v2 3362 2008.08.17 a variant of Win32/TrojanDownloader.FakeAlert.BP
    Norman 5.80.02 2008.08.15 -
    Panda 9.0.0.4 2008.08.17 -
    PCTools 4.4.2.0 2008.08.16 -
    Prevx1 V2 2008.08.17 Suspicious
    Rising 20.57.62.00 2008.08.17 -
    Sophos 4.32.0 2008.08.17 Mal/EncPk-DG
    Sunbelt 3.1.1546.1 2008.08.15 -
    Symantec 10 2008.08.17 -
    TheHacker 6.3.0.3.052 2008.08.17 -
    TrendMicro 8.700.0.1004 2008.08.16 -
    VBA32 3.12.8.3 2008.08.17 -
    ViRobot 2008.8.16.1338 2008.08.16 -
    VirusBuster 4.5.11.0 2008.08.16 -
    Webwasher-Gateway 6.6.2 2008.08.17 -
    Information additionnelle
    File size: 86016 bytes
    MD5...: afa722a5425015780c846aa4d53ea62e
    SHA1..: 24fb96346f21ea9e8ca0c94f7e798995b7cda352
    SHA256: 6dfaa5c7521a544615e6260d87261bc6e6b7c89532ae6671a2ae6a6a7f0ec5ca
    SHA512: 384eb7aac71cb7464163c9d691a82d1ee9068f20d8893412759572806a731349
    8df7e6a53098ae11f74cc1ac61d1a1e5eac6645fb0c9ff9bdb66648242ad3607
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x401f46
    timedatestamp.....: 0x48a47b72 (Thu Aug 14 18:37:38 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .ixgf 0x1000 0x11400 0x12000 6.68 1b40a0ef857fc1c25f8c0ee3b6d4a8f4
    .ucdu 0x13000 0x742 0x1000 3.03 84317341d781da6157172c1842e75777
    .mfrsx 0x14000 0x5a2c 0x1000 0.64 3c4ea46e996a14143ccd89d456070920

    ( 4 imports )
    > KERNEL32.dll: VirtualAlloc, GetDriveTypeW, FreeResource, GetProcAddress, lstrcpyW, CloseHandle, GlobalAddAtomW, GetLastError, SetLastError, GetTickCount, GlobalLock, GetModuleFileNameW, MoveFileW, FindResourceW, SetEvent, CreateFileW, GlobalAlloc, InterlockedIncrement, GlobalFree, FindNextFileW, WritePrivateProfileStringW, LockResource, DuplicateHandle, LoadResource, MultiByteToWideChar, TerminateThread, WideCharToMultiByte, ResetEvent, GlobalUnlock, SetThreadPriority, SuspendThread, GetPrivateProfileStringW, CreateProcessW, LoadLibraryA
    > USER32.dll: WindowFromPoint, LoadBitmapW, GetWindowRect, SendMessageW, EnableWindow, GetWindowThreadProcessId, SetForegroundWindow, GetMessageW, RegisterWindowMessageW, LoadImageW, ReleaseDC, SetWindowPos, SetCursor, GetSystemMetrics, TranslateMessage, SystemParametersInfoW, GetSysColor, FillRect, UpdateWindow, PostThreadMessageW
    > GDI32.dll: CreateCompatibleDC, DeleteObject, SetBkColor, CreateDCW, CreateSolidBrush, CreateRoundRectRgn, LineTo, GetDeviceCaps, CreateFontIndirectW
    > ADVAPI32.dll: RegDeleteValueW, LookupAccountSidW, RegSetValueExW

    ( 0 exports )

    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=EF7094810069592E504D019C35FAFE00F4459A75

    et voilà pour C:\ProgramData\strinfomon\kvspobur.exe

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.15.0 2008.08.15 -
    AntiVir 7.8.1.19 2008.08.16 -
    Authentium 5.1.0.4 2008.08.16 -
    Avast 4.8.1195.0 2008.08.17 -
    AVG 8.0.0.161 2008.08.16 Downloader.Swizzor
    BitDefender 7.2 2008.08.17 -
    CAT-QuickHeal 9.50 2008.08.16 -
    ClamAV 0.93.1 2008.08.16 -
    DrWeb 4.44.0.09170 2008.08.17 -
    eSafe 7.0.17.0 2008.08.14 -
    eTrust-Vet 31.6.6035 2008.08.15 -
    Ewido 4.0 2008.08.17 -
    F-Prot 4.4.4.56 2008.08.16 -
    F-Secure 7.60.13501.0 2008.08.17 -
    Fortinet 3.14.0.0 2008.08.17 W32/PolySmall.BP!tr
    GData 2.0.7306.1023 2008.08.16 -
    Ikarus T3.1.1.34.0 2008.08.17 Trojan-Downloader.Win32.FakeAlert.C
    K7AntiVirus 7.10.417 2008.08.15 -
    Kaspersky 7.0.0.125 2008.08.17 -
    McAfee 5362 2008.08.15 -
    Microsoft 1.3807 2008.08.17 TrojanDownloader:Win32/FakeAlert.C
    NOD32v2 3362 2008.08.17 Win32/TrojanDownloader.Agent.OCR
    Norman 5.80.02 2008.08.15 -
    Panda 9.0.0.4 2008.08.17 -
    PCTools 4.4.2.0 2008.08.17 -
    Prevx1 V2 2008.08.17 Suspicious
    Rising 20.57.62.00 2008.08.17 -
    Sophos 4.32.0 2008.08.17 Mal/EncPk-DG
    Sunbelt 3.1.1546.1 2008.08.15 -
    Symantec 10 2008.08.17 -
    TheHacker 6.3.0.3.052 2008.08.17 -
    TrendMicro 8.700.0.1004 2008.08.16 -
    VBA32 3.12.8.3 2008.08.17 -
    ViRobot 2008.8.16.1338 2008.08.16 -
    VirusBuster 4.5.11.0 2008.08.16 -
    Webwasher-Gateway 6.6.2 2008.08.17 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: 43a23e08823721483e31c8c63a4d7e35
    SHA1..: a026b815c74ec256ade206bf2cf16c8906876f44
    SHA256: 148bc8913e842e3c5630f683d7eace4a0de22d8eb18dd25880c6d6f528df4053
    SHA512: 97cc98610c48ac6e3d2104917e5d3f0af674c60d428108e054b47ba6cd70e98b
    2b21781a51b74343d91f210f82ff1388e580528f0a33f7f843acbc2ef5b1f1be
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x401ed3
    timedatestamp.....: 0x48a51bda (Fri Aug 15 06:02:02 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .ohywv 0x1000 0x10c60 0x11000 6.86 bcea78bbb7d8810c1c010deaf7a5e583
    .gtdfre 0x12000 0x722 0x1000 2.97 45dddbf722aa6ffe1cfc5a5f9fb4250d
    .pnenk 0x13000 0x599c 0x1000 0.54 110ff589dd8d2b214176d8fdebae29b2

    ( 4 imports )
    > KERNEL32.dll: SetCurrentDirectoryW, DuplicateHandle, GetProcAddress, GetUserDefaultLangID, GetFileAttributesExW, CreateFileW, ResetEvent, LoadLibraryA, InterlockedIncrement, GetPrivateProfileStringW, FreeLibrary, SuspendThread, ReadFile, ReadProcessMemory, LoadLibraryW, WaitForSingleObject, LockResource, WritePrivateProfileStringW, VirtualFree, LoadResource, TerminateThread, CreateProcessW, CreateThread, FindNextFileW, lstrcpyW, SetEvent, CreateWaitableTimerW, GlobalFree, GetCurrentProcess
    > USER32.dll: SetCapture, LoadImageW, OffsetRect, DestroyMenu, GetClassNameW, PostMessageW, LoadBitmapW, GetParent, SendMessageW, DestroyIcon, SendDlgItemMessageW, SetDlgItemTextW, GetWindowTextW, SystemParametersInfoW, ReleaseDC, WindowFromPoint, LoadStringW, CreatePopupMenu, GetWindowDC, DrawTextW, GetSysColor, GetSystemMetrics, SetCursorPos
    > GDI32.dll: GetDeviceCaps, MoveToEx, SetDIBits, SetMapMode, CreateFontIndirectW, SelectObject, SetBkMode, StretchBlt, CreatePen, CreateICW, CreateDCW
    > ADVAPI32.dll: InitializeSecurityDescriptor, RegQueryValueExW, StartServiceW

    ( 0 exports )

    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=B2BC3CA40022D0FB4091012DF0BA96004D8663D1

    pour les dossiers jrecoche comme avant?
    0
  8. Utilisateur anonyme
     
    Fais la meme chose pour : C:\ProgramData\strinfomon\kvspobur.exe
    0
  9. blackgothdoll Messages postés 13 Statut Membre
     
    j'ai mis les deux là ds la réponse au-dessus
    0
  10. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\Windows\system32\khyzenot.exe
    C:\ProgramData\strinfomon\kvspobur.exe

    Folder::
    C:\ProgramData\ProcGenWeb
    C:\Program Files\PC Clean Pro
    C:\ProgramData\WinEnGen
    C:\ProgramData\qlmdgxuv

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WebInfo"=-
    "strinfomon"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  11. blackgothdoll Messages postés 13 Statut Membre
     
    voilà pour combox fix

    ComboFix 08-08-16.01 - Julie 2008-08-17 16:10:21.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1182 [GMT 2:00]
    Endroit: C:\Users\Julie\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Julie\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\ProgramData\strinfomon\kvspobur.exe
    C:\Windows\system32\khyzenot.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\PC Clean Pro
    C:\ProgramData\ProcGenWeb
    C:\ProgramData\qlmdgxuv
    C:\ProgramData\qlmdgxuv\yputqbat.exe
    C:\ProgramData\strinfomon\kvspobur.exe
    C:\ProgramData\WinEnGen
    C:\ProgramData\WinEnGen\xcfkzgzo.exe
    C:\Windows\system32\khyzenot.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier cr‚‚ dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-17 14:10 --------- d-----w C:\ProgramData\strinfomon
    2008-08-17 14:08 --------- d-----w C:\Users\Julie\AppData\Roaming\Skype
    2008-08-17 13:19 --------- d-----w C:\Program Files\directx
    2008-08-17 08:38 --------- d-----w C:\Users\Julie\AppData\Roaming\skypePM
    2008-08-15 09:09 --------- d-----w C:\Program Files\EA GAMES
    2008-08-15 07:04 --------- d-----w C:\ProgramData\eMule
    2008-08-15 06:58 --------- d-----w C:\Users\Julie\AppData\Roaming\Malwarebytes
    2008-08-15 06:58 --------- d-----w C:\ProgramData\Malwarebytes
    2008-08-15 06:58 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-15 06:35 --------- d-----w C:\ProgramData\avg8
    2008-08-15 06:27 --------- d-----w C:\Program Files\AVG
    2008-08-15 06:22 691 ----a-w C:\Users\Julie\AppData\Roaming\GetValue.vbs
    2008-08-15 06:22 35 ----a-w C:\Users\Julie\AppData\Roaming\SetValue.bat
    2008-08-15 05:46 --------- d-----w C:\Users\Julie\AppData\Roaming\BitTorrent
    2008-08-15 05:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-15 05:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-08-14 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-14 01:13 --------- d-----w C:\Program Files\Windows Mail
    2008-08-11 11:37 --------- d-----w C:\Program Files\Orange
    2008-08-11 11:24 --------- d-----w C:\Program Files\SAGEM
    2008-08-10 13:22 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-10 13:21 --------- d-----w C:\Program Files\iTunes
    2008-08-10 13:21 --------- d-----w C:\Program Files\iPod
    2008-08-06 17:01 --------- d-----w C:\Users\Julie\AppData\Roaming\Media Player Classic
    2008-08-04 15:42 --------- d-----w C:\Program Files\OrangeHSS
    2008-07-30 18:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
    2008-07-30 18:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-07-29 08:45 --------- d-----w C:\Program Files\QuickTime
    2008-07-29 08:45 --------- d-----w C:\Program Files\Bonjour
    2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
    2008-07-15 05:08 --------- d-----w C:\Users\Julie\AppData\Roaming\Teeworlds
    2008-07-11 06:40 174 --sha-w C:\Program Files\desktop.ini
    2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-06-26 13:54 --------- d-----w C:\Program Files\BitTorrent
    2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-03-10 13:38 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-03-10 13:38 32 ----a-w C:\ProgramData\ezsid.dat
    2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-02-13 20:44 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-17_12.53.26.54 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-17 10:46:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-08-17 14:17:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-08-17 14:17:00 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-08-17 10:46:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-08-17 14:17:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-08-17 14:17:00 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-08-17 10:46:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-08-17 14:16:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-08-17 10:46:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-17 14:16:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-08-17 10:46:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-08-17 14:16:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-08-17 10:25:39 107,614 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-08-17 14:12:45 107,614 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-08-17 10:25:39 122,020 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-08-17 14:12:45 122,020 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-08-17 10:25:39 618,470 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-08-17 14:12:45 618,470 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-08-17 10:25:39 700,222 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-08-17 14:12:45 700,222 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-08-17 10:22:48 11,202 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-294148248-2132267115-3273299950-1000_UserData.bin
    + 2008-08-17 14:09:00 11,464 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-294148248-2132267115-3273299950-1000_UserData.bin
    - 2008-08-17 10:22:48 60,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-08-17 14:09:00 60,710 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-08-17 09:34:21 52,312 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-08-17 14:08:57 52,854 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-06 17:17 171448]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-23 13:06 507904]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
    "PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
    "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
    "lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 20:07 435120]
    "lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 14:40 20480]
    "FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 20:10 312240]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

    C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-23 21:28:13 344064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.MPG4"= vp31vfw.dll
    "msacm.l3codec"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-294148248-2132267115-3273299950-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6EA5F393-AD6D-4879-B024-A77059CE5832}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
    "{2112E4AF-A16E-42A2-A9FA-DB1137EF69BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DFB8E4BF-4652-408E-9F10-67A9CACC0DA6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{33957CDE-961C-4438-B7BC-64E37A5D28A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{95FE20FF-AAE8-4508-A8A4-4A9BDD17A0ED}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{B2F593D4-87F0-41FC-B621-7C5D3AD09767}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{939E9F55-2CF3-45B0-A909-6CAD56781229}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{41FFE1D8-D199-46D2-9D9B-7A8414E11CCE}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{536619D3-5FCB-443F-BBF8-374E7030AB18}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{753EAB97-7BF3-4F5E-A7BA-86D1326D5A13}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{EA23E820-2142-48A3-A3CC-2A8516C5AE19}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= UDP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
    "UDP Query User{4EF47CAC-3FC1-4C5F-8881-248AFDD3EC8D}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= TCP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
    "{5D607529-8306-44ED-934E-AB51BBCD5864}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
    "{97C99824-D87D-4105-8099-A31447F468EE}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
    "{E0416CB4-2D08-49FD-8FA5-6125D597B247}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
    "{41E39112-9CE1-40E5-9075-9934C2131723}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
    "{542499CB-B0B5-487E-B5EE-986CB46EB881}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
    "{1F097AA3-6DD6-4F91-A4B4-CACB388B6283}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
    "{C83C6DA5-8CA7-4948-8651-28916D951D26}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
    "{72D2EA34-0487-4D84-8411-2692E5248BA3}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
    "{6BB5EFAD-A350-4C6C-8CA3-581196209A5C}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
    "{C182ECD5-A170-4B53-ABA3-171F8D3E4932}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
    "{8C833947-9C7A-46F6-BC1D-C641D83B683E}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
    "{FBC80399-0DFA-44CC-8CC1-0FDE9E514D3F}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
    "{EEF806A3-F9DA-4767-8860-9B9ABB3E0A5D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
    "{195E0272-C040-43A0-A748-DBBA12237B40}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
    "{FBB7BCA1-2E24-4E39-8645-6DFA73E55B73}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
    "{0AFBDC87-F7F6-49D2-8F2F-B6EDAFEC7E18}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
    "{62D225CA-FD73-4F3B-949C-9705943D242D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
    "{267EA51F-C499-47AF-A72E-F903F0C62807}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
    "{5C9ACED9-AE9D-44F8-A16C-0DE451F20D0E}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
    "{D4C33F94-869E-40B4-A041-3EBBD5D6DD9F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
    "{28F8CCDC-5044-4B1B-92E9-DCC27A794DDB}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
    "{184B47D7-9030-4743-8AD3-95F7A8B6A93F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
    "{20A41250-A1C6-4778-A336-56801958C4ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5E51948B-3A28-4445-A232-F81BF2640731}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{01C200C5-0D9B-4E38-BBC4-1BB9A61B0F62}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{45074DC6-879C-4F4B-BF7F-92E3F39D90C2}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{440C8ADD-C7BC-4F20-B3AF-755C0B5EF72D}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{94B5E28B-2664-4B70-90A8-8652D0C3A9F7}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{333668E5-B5E5-45BA-A6EC-AFF541741333}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{9F6C1277-B100-480E-B76D-5104E88E201B}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "{3CE7E586-082F-409D-881C-79AEDB57245F}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "{4D0BC2CA-78D9-450E-9707-6103F69D9023}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
    "{7713D7F6-81E8-43AC-8D0B-DF8CD280EA1E}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
    "{6512241C-9430-4943-9F21-D8ECC8920B64}"= UDP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
    "{51D9CE9E-E8B0-44AF-B55F-E3A103F19C11}"= TCP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
    "{9A5CB53F-C29A-47FF-8959-89EF1FFDC72F}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
    "{10BF77AF-FEB3-4A5E-835E-187EBBAEC7CD}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
    "{EA164002-1BFD-4308-8869-D58BFCAC6B4B}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
    "{A33DAEE7-D77D-4A25-9DF6-9AF6568DE9F9}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
    "{34827008-B3BA-4A53-B979-B77DDF825D92}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{B0067EF7-6213-4D44-9AB5-567D35904995}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{8754B001-0D3C-4580-A7C4-7E4972D244E0}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "{49F83396-F3B2-4D1D-AE32-BF9F78635A5C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "TCP Query User{A86E8892-858E-41DE-B251-0CCCC22B8FCB}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
    "UDP Query User{81DAEE10-1448-4116-B0DC-3498ECA3DAF7}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
    "TCP Query User{56DB0CC9-5F09-494D-A5B8-0D55B5F17D64}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{995B9471-2F18-49FA-B71B-792C0C830951}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{B0B4D862-017C-4D32-A576-F87D6BCC04E5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{1ED2A6DA-A93E-4AF3-BD96-D330198AAAED}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
    "UDP Query User{E7058ADA-3573-4455-B55D-87B43BF78424}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
    "{48336865-3EC0-431F-9B30-DD36BD531A14}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{BEA56142-7821-4B3C-9326-2219E7872817}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{63D8A362-6E5A-4ABA-9782-0E40FD4BD6B9}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{56A09833-91B1-42AC-A899-61C59889D7B0}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{DFCC994F-E636-4DCA-83A7-A645D46F4690}C:\\users\\julie\\program files\\dna\\btdna.exe"= UDP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{324659F3-F096-4CC2-84CE-47E8D52CC830}C:\\users\\julie\\program files\\dna\\btdna.exe"= TCP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
    "TCP Query User{57422E1D-0F32-4582-957C-1FFA0D858578}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{F43DC13A-3572-411B-B95F-1255DA2B4257}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{D499003C-35A1-41AD-8063-12D2BB902429}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{6D0A5FEA-907D-4860-BA2F-C6B9245C29A5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{372B3FE6-DF33-4D6A-BBC6-3F2F72A2AE9A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{09F2112F-A891-44BA-85EE-3D11BEA3ECFB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{AD07DB0C-73A2-48D9-9FEB-5C07E69152F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{017BCCA1-A770-47F2-A91C-7E0D408D25AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
    R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-04-26 17:38]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 22:03]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 05:57]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 17:38]
    S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
    S3 USB28xxBGA;USB 2883 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2006-08-09 10:10]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2006-08-09 10:10]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\Auto\command - AdobeR.exe e
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Explorer_Run-c1P8qJdhiG - C:\ProgramData\qlmdgxuv\yputqbat.exe

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-17 16:17:19
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Windows\System32\oodag.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-17 16:25:04 - machine was rebooted [Julie]
    ComboFix-quarantined-files.txt 2008-08-17 14:24:58
    ComboFix2.txt 2008-08-17 10:54:46

    Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 49,153,777,664 octets libres

    279 --- E O F --- 2008-08-17 11:08:20

    et voilà pour hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:28:14, on 17/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\oodtray.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Orange\systray\systrayapp.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Julie\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    0
  12. Utilisateur anonyme
     
    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  13. blackgothdoll Messages postés 13 Statut Membre
     
    voilà pour le rapport malwarebyte's

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1054
    Windows 6.0.6000

    11:30:46 19/08/2008
    mbam-log-8-19-2008 (11-30-46).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 137869
    Temps écoulé: 1 hour(s), 17 minute(s), 19 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcprosd.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcprosd.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\PC Clean Pro (Rogue.PCCleanPro) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  14. Utilisateur anonyme
     
    refais un scan hijackthis et post le rapport stp et on termine

    dis moi aussi comment va le pc stp
    0
  15. blackgothdoll Messages postés 13 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:26:55, on 19/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\oodtray.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Julie\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    0
  16. pilou-louloutte Messages postés 153 Statut Membre 2
     
    salut

    c'est quoi comme virus?
    0
  17. blackgothdoll Messages postés 13 Statut Membre
     
    des trojan, plusieurs genre green screen, tiny.h banqfraud un truc comme ça
    mais apparemment je ne les ai plus grâce à chiquitine29!
    0
  18. pilou-louloutte Messages postés 153 Statut Membre 2
     
    tu est sur que en as plus car moi aussi j'ai été comme toi mais moi j'ai eu un cheval de troie et j'ai était obligé de tt vidé sur mon disque dur et de tt réinstallé
    0
  19. Utilisateur anonyme
     
    sorry je t avais oublié

    désinstal adobe reader car pas a jours et telecharge et instal cette version :

    http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/fra/AdbeRdr90_fr_FR.exe

    ensuite :

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://download.piriform.com/ccsetup210.exe

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    -> Tuto : https://www.malekal.com/tutoriel-ccleaner/

    ensuite ;

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

    tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
    tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

    Pour désinstaller Avast telecharge cet outil

    https://www.avast.com/fr-fr/uninstall-utility

    ensuite :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    http://pc-system.fr/
    # Fais un clic droit sur toolcleaner
    # Choisi executer en tant qu administrateur
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
    0
  20. blackgothdoll Messages postés 13 Statut Membre
     
    merci pour tous tes conseils
    j'ai pas pu répondre avant je suis désolée
    merci encore
    0
  • 1
  • 2