Sujet Précédent Sujet Suivant

Problème trojan

blackgothdoll Messages postés 13 Statut Membre -  
blackgothdoll Messages postés 13 Statut Membre -
Bonjour,
j'ai pas mal d'alerte trojan qui s'affichent, j'avais réussi à en enlever certain et débloquer le fond d'écran qui affichait warning
apparemment ils sont bloqués par le pare feu windows maintenant et un message s'affiche quand j'ouvre certains sites etc

j'ai déjà fait un scan avec malewarebyte's, Smitfraudfix et Hijackthis
ça s'affiche toujours, avec des liens commerciaux pour des antivirus payant qui me détecte 3567 éléments nuisibles
enfin bref

je sais plus trop quoi faire j'ai essayé pas mal de trucs et ça s'affiche quand même
j'ai lu d'autres réponses sur le forum enfin j'ai essayé le maximum et voilà
alors si quelqu'un pourrait me sauver...
merci...
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
Utilisateur anonyme
 
Salut

j'ai déjà fait un scan avec malewarebyte's, Smitfraudfix

t as les rapports ??

Télécharge HijackThis ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
Réponse 2 / 23
blackgothdoll
 
merci de m'avoir répondu
alors voici celui de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:49, on 17/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\qlmdgxuv\yputqbat.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\oodtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\khyzenot.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Microsoft Encarta\Collection Encarta 2004\EDICT.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Julie\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: vwsrfton - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - C:\Windows\vwsrfton.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\MediaCenter\LaunchList.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WebInfo] C:\Windows\system32\khyzenot.exe
O4 - HKCU\..\Run: [strinfomon] C:\ProgramData\strinfomon\kvspobur.exe
O4 - HKCU\..\Run: [ProcGenWeb] C:\ProgramData\ProcGenWeb\xqtkvwjm.exe
O4 - HKLM\..\Policies\Explorer\Run: [c1P8qJdhiG] C:\ProgramData\qlmdgxuv\yputqbat.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
0
Réponse 3 / 23
Utilisateur anonyme
 
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 4 / 23
blackgothdoll Messages postés 13 Statut Membre
 
voilà
ComboFix 08-08-16.01 - Julie 2008-08-17 12:38:53.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1179 [GMT 2:00]
Endroit: C:\Users\Julie\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@ads.pointroll[2].txt
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@edt02[2].txt
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@rad.msn[1].txt
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@serving-sys[2].txt

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 10:21 --------- d-----w C:\Users\Julie\AppData\Roaming\Skype
2008-08-17 09:36 --------- d-----w C:\ProgramData\ProcGenWeb
2008-08-17 08:38 --------- d-----w C:\Users\Julie\AppData\Roaming\skypePM
2008-08-15 16:34 --------- d-----w C:\Program Files\PC Clean Pro
2008-08-15 09:09 --------- d-----w C:\Program Files\EA GAMES
2008-08-15 08:16 --------- d-----w C:\ProgramData\strinfomon
2008-08-15 07:04 --------- d-----w C:\ProgramData\eMule
2008-08-15 06:58 --------- d-----w C:\Users\Julie\AppData\Roaming\Malwarebytes
2008-08-15 06:58 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-15 06:58 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 06:35 --------- d-----w C:\ProgramData\avg8
2008-08-15 06:27 --------- d-----w C:\Program Files\AVG
2008-08-15 06:22 691 ----a-w C:\Users\Julie\AppData\Roaming\GetValue.vbs
2008-08-15 06:22 35 ----a-w C:\Users\Julie\AppData\Roaming\SetValue.bat
2008-08-15 05:46 --------- d-----w C:\Users\Julie\AppData\Roaming\BitTorrent
2008-08-15 05:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-15 05:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-15 05:32 --------- d-----w C:\ProgramData\WinEnGen
2008-08-14 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-14 19:49 --------- d-----w C:\ProgramData\qlmdgxuv
2008-08-14 01:13 --------- d-----w C:\Program Files\Windows Mail
2008-08-11 11:37 --------- d-----w C:\Program Files\Orange
2008-08-11 11:24 --------- d-----w C:\Program Files\SAGEM
2008-08-10 13:22 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 13:21 --------- d-----w C:\Program Files\iTunes
2008-08-10 13:21 --------- d-----w C:\Program Files\iPod
2008-08-06 17:01 --------- d-----w C:\Users\Julie\AppData\Roaming\Media Player Classic
2008-08-04 15:42 --------- d-----w C:\Program Files\OrangeHSS
2008-07-30 18:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-30 18:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-29 08:45 --------- d-----w C:\Program Files\QuickTime
2008-07-29 08:45 --------- d-----w C:\Program Files\Bonjour
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 05:08 --------- d-----w C:\Users\Julie\AppData\Roaming\Teeworlds
2008-07-11 06:40 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-26 13:54 --------- d-----w C:\Program Files\BitTorrent
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-10 13:38 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-10 13:38 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-13 20:44 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-06 17:17 171448]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-23 13:06 507904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"WebInfo"="C:\Windows\system32\khyzenot.exe" [2008-08-14 21:49 86016]
"strinfomon"="C:\ProgramData\strinfomon\kvspobur.exe" [2008-08-15 10:16 81920]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 20:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 14:40 20480]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 20:10 312240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"c1P8qJdhiG"="C:\ProgramData\qlmdgxuv\yputqbat.exe" [2008-08-14 21:49 57344]

C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-23 21:28:13 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MPG4"= vp31vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-294148248-2132267115-3273299950-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6EA5F393-AD6D-4879-B024-A77059CE5832}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{2112E4AF-A16E-42A2-A9FA-DB1137EF69BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DFB8E4BF-4652-408E-9F10-67A9CACC0DA6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{33957CDE-961C-4438-B7BC-64E37A5D28A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{95FE20FF-AAE8-4508-A8A4-4A9BDD17A0ED}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{B2F593D4-87F0-41FC-B621-7C5D3AD09767}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{939E9F55-2CF3-45B0-A909-6CAD56781229}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{41FFE1D8-D199-46D2-9D9B-7A8414E11CCE}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{536619D3-5FCB-443F-BBF8-374E7030AB18}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{753EAB97-7BF3-4F5E-A7BA-86D1326D5A13}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{EA23E820-2142-48A3-A3CC-2A8516C5AE19}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= UDP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"UDP Query User{4EF47CAC-3FC1-4C5F-8881-248AFDD3EC8D}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= TCP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"{5D607529-8306-44ED-934E-AB51BBCD5864}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{97C99824-D87D-4105-8099-A31447F468EE}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{E0416CB4-2D08-49FD-8FA5-6125D597B247}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{41E39112-9CE1-40E5-9075-9934C2131723}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{542499CB-B0B5-487E-B5EE-986CB46EB881}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{1F097AA3-6DD6-4F91-A4B4-CACB388B6283}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{C83C6DA5-8CA7-4948-8651-28916D951D26}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{72D2EA34-0487-4D84-8411-2692E5248BA3}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{6BB5EFAD-A350-4C6C-8CA3-581196209A5C}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
"{C182ECD5-A170-4B53-ABA3-171F8D3E4932}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
"{8C833947-9C7A-46F6-BC1D-C641D83B683E}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
"{FBC80399-0DFA-44CC-8CC1-0FDE9E514D3F}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
"{EEF806A3-F9DA-4767-8860-9B9ABB3E0A5D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{195E0272-C040-43A0-A748-DBBA12237B40}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{FBB7BCA1-2E24-4E39-8645-6DFA73E55B73}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
"{0AFBDC87-F7F6-49D2-8F2F-B6EDAFEC7E18}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
"{62D225CA-FD73-4F3B-949C-9705943D242D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{267EA51F-C499-47AF-A72E-F903F0C62807}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{5C9ACED9-AE9D-44F8-A16C-0DE451F20D0E}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{D4C33F94-869E-40B4-A041-3EBBD5D6DD9F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{28F8CCDC-5044-4B1B-92E9-DCC27A794DDB}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"{184B47D7-9030-4743-8AD3-95F7A8B6A93F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"{20A41250-A1C6-4778-A336-56801958C4ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E51948B-3A28-4445-A232-F81BF2640731}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{01C200C5-0D9B-4E38-BBC4-1BB9A61B0F62}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{45074DC6-879C-4F4B-BF7F-92E3F39D90C2}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{440C8ADD-C7BC-4F20-B3AF-755C0B5EF72D}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{94B5E28B-2664-4B70-90A8-8652D0C3A9F7}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{333668E5-B5E5-45BA-A6EC-AFF541741333}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{9F6C1277-B100-480E-B76D-5104E88E201B}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{3CE7E586-082F-409D-881C-79AEDB57245F}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{4D0BC2CA-78D9-450E-9707-6103F69D9023}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{7713D7F6-81E8-43AC-8D0B-DF8CD280EA1E}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{6512241C-9430-4943-9F21-D8ECC8920B64}"= UDP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
"{51D9CE9E-E8B0-44AF-B55F-E3A103F19C11}"= TCP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
"{9A5CB53F-C29A-47FF-8959-89EF1FFDC72F}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
"{10BF77AF-FEB3-4A5E-835E-187EBBAEC7CD}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
"{EA164002-1BFD-4308-8869-D58BFCAC6B4B}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{A33DAEE7-D77D-4A25-9DF6-9AF6568DE9F9}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{34827008-B3BA-4A53-B979-B77DDF825D92}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{B0067EF7-6213-4D44-9AB5-567D35904995}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{8754B001-0D3C-4580-A7C4-7E4972D244E0}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{49F83396-F3B2-4D1D-AE32-BF9F78635A5C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"TCP Query User{A86E8892-858E-41DE-B251-0CCCC22B8FCB}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"UDP Query User{81DAEE10-1448-4116-B0DC-3498ECA3DAF7}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"TCP Query User{56DB0CC9-5F09-494D-A5B8-0D55B5F17D64}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{995B9471-2F18-49FA-B71B-792C0C830951}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B0B4D862-017C-4D32-A576-F87D6BCC04E5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1ED2A6DA-A93E-4AF3-BD96-D330198AAAED}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"UDP Query User{E7058ADA-3573-4455-B55D-87B43BF78424}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"{48336865-3EC0-431F-9B30-DD36BD531A14}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{BEA56142-7821-4B3C-9326-2219E7872817}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{63D8A362-6E5A-4ABA-9782-0E40FD4BD6B9}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{56A09833-91B1-42AC-A899-61C59889D7B0}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{DFCC994F-E636-4DCA-83A7-A645D46F4690}C:\\users\\julie\\program files\\dna\\btdna.exe"= UDP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
"UDP Query User{324659F3-F096-4CC2-84CE-47E8D52CC830}C:\\users\\julie\\program files\\dna\\btdna.exe"= TCP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
"TCP Query User{57422E1D-0F32-4582-957C-1FFA0D858578}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{F43DC13A-3572-411B-B95F-1255DA2B4257}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{D499003C-35A1-41AD-8063-12D2BB902429}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6D0A5FEA-907D-4860-BA2F-C6B9245C29A5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{372B3FE6-DF33-4D6A-BBC6-3F2F72A2AE9A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{09F2112F-A891-44BA-85EE-3D11BEA3ECFB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AD07DB0C-73A2-48D9-9FEB-5C07E69152F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{017BCCA1-A770-47F2-A91C-7E0D408D25AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-04-26 17:38]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 22:03]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 05:57]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 17:38]
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 USB28xxBGA;USB 2883 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2006-08-09 10:10]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2006-08-09 10:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\Auto\command - AdobeR.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-ProcGenWeb - C:\ProgramData\ProcGenWeb\xqtkvwjm.exe
HKLM-Run-LaunchList - C:\Program Files\Pinnacle\MediaCenter\LaunchList.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\p9qmtxcm.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 12:46:25
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies\julie@unicast[2].txt 138 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Windows\System32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-17 12:54:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-17 10:54:21

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 52,793,905,152 octets libres

256 --- E O F --- 2008-08-14 01:08:33
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
Utilisateur anonyme
 
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Windows\system32\khyzenot.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Fais la meme chose pour : C:\ProgramData\strinfomon\kvspobur.exe
0
Réponse 6 / 23
blackgothdoll Messages postés 13 Statut Membre
 
voilà alors j'ai tout mis mais je suppose que toute la fin est inutile chuis dsl
ça c C:\Windows\system32\khyzenot.exe:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.15.0 2008.08.15 -
AntiVir 7.8.1.19 2008.08.16 -
Authentium 5.1.0.4 2008.08.16 -
Avast 4.8.1195.0 2008.08.17 -
AVG 8.0.0.161 2008.08.16 Downloader.Swizzor
BitDefender 7.2 2008.08.17 -
CAT-QuickHeal 9.50 2008.08.16 -
ClamAV 0.93.1 2008.08.16 -
DrWeb 4.44.0.09170 2008.08.17 -
eSafe 7.0.17.0 2008.08.14 -
eTrust-Vet 31.6.6035 2008.08.15 -
Ewido 4.0 2008.08.17 -
F-Prot 4.4.4.56 2008.08.16 -
F-Secure 7.60.13501.0 2008.08.17 -
Fortinet 3.14.0.0 2008.08.17 W32/PolySmall.BP!tr
GData 2.0.7306.1023 2008.08.16 -
Ikarus T3.1.1.34.0 2008.08.17 -
K7AntiVirus 7.10.417 2008.08.15 -
Kaspersky 7.0.0.125 2008.08.17 -
McAfee 5362 2008.08.15 -
Microsoft 1.3807 2008.08.17 Trojan:Win32/Busky.EC
NOD32v2 3362 2008.08.17 a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman 5.80.02 2008.08.15 -
Panda 9.0.0.4 2008.08.17 -
PCTools 4.4.2.0 2008.08.16 -
Prevx1 V2 2008.08.17 Suspicious
Rising 20.57.62.00 2008.08.17 -
Sophos 4.32.0 2008.08.17 Mal/EncPk-DG
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.17 -
TheHacker 6.3.0.3.052 2008.08.17 -
TrendMicro 8.700.0.1004 2008.08.16 -
VBA32 3.12.8.3 2008.08.17 -
ViRobot 2008.8.16.1338 2008.08.16 -
VirusBuster 4.5.11.0 2008.08.16 -
Webwasher-Gateway 6.6.2 2008.08.17 -
Information additionnelle
File size: 86016 bytes
MD5...: afa722a5425015780c846aa4d53ea62e
SHA1..: 24fb96346f21ea9e8ca0c94f7e798995b7cda352
SHA256: 6dfaa5c7521a544615e6260d87261bc6e6b7c89532ae6671a2ae6a6a7f0ec5ca
SHA512: 384eb7aac71cb7464163c9d691a82d1ee9068f20d8893412759572806a731349
8df7e6a53098ae11f74cc1ac61d1a1e5eac6645fb0c9ff9bdb66648242ad3607
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401f46
timedatestamp.....: 0x48a47b72 (Thu Aug 14 18:37:38 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.ixgf 0x1000 0x11400 0x12000 6.68 1b40a0ef857fc1c25f8c0ee3b6d4a8f4
.ucdu 0x13000 0x742 0x1000 3.03 84317341d781da6157172c1842e75777
.mfrsx 0x14000 0x5a2c 0x1000 0.64 3c4ea46e996a14143ccd89d456070920

( 4 imports )
> KERNEL32.dll: VirtualAlloc, GetDriveTypeW, FreeResource, GetProcAddress, lstrcpyW, CloseHandle, GlobalAddAtomW, GetLastError, SetLastError, GetTickCount, GlobalLock, GetModuleFileNameW, MoveFileW, FindResourceW, SetEvent, CreateFileW, GlobalAlloc, InterlockedIncrement, GlobalFree, FindNextFileW, WritePrivateProfileStringW, LockResource, DuplicateHandle, LoadResource, MultiByteToWideChar, TerminateThread, WideCharToMultiByte, ResetEvent, GlobalUnlock, SetThreadPriority, SuspendThread, GetPrivateProfileStringW, CreateProcessW, LoadLibraryA
> USER32.dll: WindowFromPoint, LoadBitmapW, GetWindowRect, SendMessageW, EnableWindow, GetWindowThreadProcessId, SetForegroundWindow, GetMessageW, RegisterWindowMessageW, LoadImageW, ReleaseDC, SetWindowPos, SetCursor, GetSystemMetrics, TranslateMessage, SystemParametersInfoW, GetSysColor, FillRect, UpdateWindow, PostThreadMessageW
> GDI32.dll: CreateCompatibleDC, DeleteObject, SetBkColor, CreateDCW, CreateSolidBrush, CreateRoundRectRgn, LineTo, GetDeviceCaps, CreateFontIndirectW
> ADVAPI32.dll: RegDeleteValueW, LookupAccountSidW, RegSetValueExW

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=EF7094810069592E504D019C35FAFE00F4459A75

et voilà pour C:\ProgramData\strinfomon\kvspobur.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.15.0 2008.08.15 -
AntiVir 7.8.1.19 2008.08.16 -
Authentium 5.1.0.4 2008.08.16 -
Avast 4.8.1195.0 2008.08.17 -
AVG 8.0.0.161 2008.08.16 Downloader.Swizzor
BitDefender 7.2 2008.08.17 -
CAT-QuickHeal 9.50 2008.08.16 -
ClamAV 0.93.1 2008.08.16 -
DrWeb 4.44.0.09170 2008.08.17 -
eSafe 7.0.17.0 2008.08.14 -
eTrust-Vet 31.6.6035 2008.08.15 -
Ewido 4.0 2008.08.17 -
F-Prot 4.4.4.56 2008.08.16 -
F-Secure 7.60.13501.0 2008.08.17 -
Fortinet 3.14.0.0 2008.08.17 W32/PolySmall.BP!tr
GData 2.0.7306.1023 2008.08.16 -
Ikarus T3.1.1.34.0 2008.08.17 Trojan-Downloader.Win32.FakeAlert.C
K7AntiVirus 7.10.417 2008.08.15 -
Kaspersky 7.0.0.125 2008.08.17 -
McAfee 5362 2008.08.15 -
Microsoft 1.3807 2008.08.17 TrojanDownloader:Win32/FakeAlert.C
NOD32v2 3362 2008.08.17 Win32/TrojanDownloader.Agent.OCR
Norman 5.80.02 2008.08.15 -
Panda 9.0.0.4 2008.08.17 -
PCTools 4.4.2.0 2008.08.17 -
Prevx1 V2 2008.08.17 Suspicious
Rising 20.57.62.00 2008.08.17 -
Sophos 4.32.0 2008.08.17 Mal/EncPk-DG
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.17 -
TheHacker 6.3.0.3.052 2008.08.17 -
TrendMicro 8.700.0.1004 2008.08.16 -
VBA32 3.12.8.3 2008.08.17 -
ViRobot 2008.8.16.1338 2008.08.16 -
VirusBuster 4.5.11.0 2008.08.16 -
Webwasher-Gateway 6.6.2 2008.08.17 -
Information additionnelle
File size: 81920 bytes
MD5...: 43a23e08823721483e31c8c63a4d7e35
SHA1..: a026b815c74ec256ade206bf2cf16c8906876f44
SHA256: 148bc8913e842e3c5630f683d7eace4a0de22d8eb18dd25880c6d6f528df4053
SHA512: 97cc98610c48ac6e3d2104917e5d3f0af674c60d428108e054b47ba6cd70e98b
2b21781a51b74343d91f210f82ff1388e580528f0a33f7f843acbc2ef5b1f1be
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401ed3
timedatestamp.....: 0x48a51bda (Fri Aug 15 06:02:02 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.ohywv 0x1000 0x10c60 0x11000 6.86 bcea78bbb7d8810c1c010deaf7a5e583
.gtdfre 0x12000 0x722 0x1000 2.97 45dddbf722aa6ffe1cfc5a5f9fb4250d
.pnenk 0x13000 0x599c 0x1000 0.54 110ff589dd8d2b214176d8fdebae29b2

( 4 imports )
> KERNEL32.dll: SetCurrentDirectoryW, DuplicateHandle, GetProcAddress, GetUserDefaultLangID, GetFileAttributesExW, CreateFileW, ResetEvent, LoadLibraryA, InterlockedIncrement, GetPrivateProfileStringW, FreeLibrary, SuspendThread, ReadFile, ReadProcessMemory, LoadLibraryW, WaitForSingleObject, LockResource, WritePrivateProfileStringW, VirtualFree, LoadResource, TerminateThread, CreateProcessW, CreateThread, FindNextFileW, lstrcpyW, SetEvent, CreateWaitableTimerW, GlobalFree, GetCurrentProcess
> USER32.dll: SetCapture, LoadImageW, OffsetRect, DestroyMenu, GetClassNameW, PostMessageW, LoadBitmapW, GetParent, SendMessageW, DestroyIcon, SendDlgItemMessageW, SetDlgItemTextW, GetWindowTextW, SystemParametersInfoW, ReleaseDC, WindowFromPoint, LoadStringW, CreatePopupMenu, GetWindowDC, DrawTextW, GetSysColor, GetSystemMetrics, SetCursorPos
> GDI32.dll: GetDeviceCaps, MoveToEx, SetDIBits, SetMapMode, CreateFontIndirectW, SelectObject, SetBkMode, StretchBlt, CreatePen, CreateICW, CreateDCW
> ADVAPI32.dll: InitializeSecurityDescriptor, RegQueryValueExW, StartServiceW

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=B2BC3CA40022D0FB4091012DF0BA96004D8663D1

pour les dossiers jrecoche comme avant?
0
Réponse 7 / 23
Utilisateur anonyme
 
Fais la meme chose pour : C:\ProgramData\strinfomon\kvspobur.exe
0
Réponse 8 / 23
blackgothdoll Messages postés 13 Statut Membre
 
j'ai mis les deux là ds la réponse au-dessus
0
Réponse 9 / 23
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\Windows\system32\khyzenot.exe
C:\ProgramData\strinfomon\kvspobur.exe

Folder::
C:\ProgramData\ProcGenWeb
C:\Program Files\PC Clean Pro
C:\ProgramData\WinEnGen
C:\ProgramData\qlmdgxuv

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebInfo"=-
"strinfomon"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

0
Réponse 10 / 23
blackgothdoll Messages postés 13 Statut Membre
 
voilà pour combox fix

ComboFix 08-08-16.01 - Julie 2008-08-17 16:10:21.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1182 [GMT 2:00]
Endroit: C:\Users\Julie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Julie\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\ProgramData\strinfomon\kvspobur.exe
C:\Windows\system32\khyzenot.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PC Clean Pro
C:\ProgramData\ProcGenWeb
C:\ProgramData\qlmdgxuv
C:\ProgramData\qlmdgxuv\yputqbat.exe
C:\ProgramData\strinfomon\kvspobur.exe
C:\ProgramData\WinEnGen
C:\ProgramData\WinEnGen\xcfkzgzo.exe
C:\Windows\system32\khyzenot.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 14:10 --------- d-----w C:\ProgramData\strinfomon
2008-08-17 14:08 --------- d-----w C:\Users\Julie\AppData\Roaming\Skype
2008-08-17 13:19 --------- d-----w C:\Program Files\directx
2008-08-17 08:38 --------- d-----w C:\Users\Julie\AppData\Roaming\skypePM
2008-08-15 09:09 --------- d-----w C:\Program Files\EA GAMES
2008-08-15 07:04 --------- d-----w C:\ProgramData\eMule
2008-08-15 06:58 --------- d-----w C:\Users\Julie\AppData\Roaming\Malwarebytes
2008-08-15 06:58 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-15 06:58 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 06:35 --------- d-----w C:\ProgramData\avg8
2008-08-15 06:27 --------- d-----w C:\Program Files\AVG
2008-08-15 06:22 691 ----a-w C:\Users\Julie\AppData\Roaming\GetValue.vbs
2008-08-15 06:22 35 ----a-w C:\Users\Julie\AppData\Roaming\SetValue.bat
2008-08-15 05:46 --------- d-----w C:\Users\Julie\AppData\Roaming\BitTorrent
2008-08-15 05:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-15 05:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-14 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-14 01:13 --------- d-----w C:\Program Files\Windows Mail
2008-08-11 11:37 --------- d-----w C:\Program Files\Orange
2008-08-11 11:24 --------- d-----w C:\Program Files\SAGEM
2008-08-10 13:22 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 13:21 --------- d-----w C:\Program Files\iTunes
2008-08-10 13:21 --------- d-----w C:\Program Files\iPod
2008-08-06 17:01 --------- d-----w C:\Users\Julie\AppData\Roaming\Media Player Classic
2008-08-04 15:42 --------- d-----w C:\Program Files\OrangeHSS
2008-07-30 18:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-30 18:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-29 08:45 --------- d-----w C:\Program Files\QuickTime
2008-07-29 08:45 --------- d-----w C:\Program Files\Bonjour
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 05:08 --------- d-----w C:\Users\Julie\AppData\Roaming\Teeworlds
2008-07-11 06:40 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-26 13:54 --------- d-----w C:\Program Files\BitTorrent
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-10 13:38 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-10 13:38 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-13 20:44 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-13 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-17_12.53.26.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-17 10:46:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-17 14:17:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-17 14:17:00 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-17 10:46:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-17 14:17:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-17 14:17:00 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-17 10:46:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-17 14:16:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-17 10:46:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-17 14:16:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-17 10:46:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-17 14:16:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-17 10:25:39 107,614 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-17 14:12:45 107,614 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-17 10:25:39 122,020 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-08-17 14:12:45 122,020 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-08-17 10:25:39 618,470 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-17 14:12:45 618,470 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-17 10:25:39 700,222 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-08-17 14:12:45 700,222 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-08-17 10:22:48 11,202 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-294148248-2132267115-3273299950-1000_UserData.bin
+ 2008-08-17 14:09:00 11,464 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-294148248-2132267115-3273299950-1000_UserData.bin
- 2008-08-17 10:22:48 60,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-17 14:09:00 60,710 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-17 09:34:21 52,312 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-17 14:08:57 52,854 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-06 17:17 171448]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-23 13:06 507904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 20:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 14:40 20480]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 20:10 312240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 16:01 4431872 C:\Windows\RtHDVCpl.exe]

C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-23 21:28:13 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MPG4"= vp31vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-294148248-2132267115-3273299950-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6EA5F393-AD6D-4879-B024-A77059CE5832}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{2112E4AF-A16E-42A2-A9FA-DB1137EF69BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DFB8E4BF-4652-408E-9F10-67A9CACC0DA6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{33957CDE-961C-4438-B7BC-64E37A5D28A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{95FE20FF-AAE8-4508-A8A4-4A9BDD17A0ED}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{B2F593D4-87F0-41FC-B621-7C5D3AD09767}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{939E9F55-2CF3-45B0-A909-6CAD56781229}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{41FFE1D8-D199-46D2-9D9B-7A8414E11CCE}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{536619D3-5FCB-443F-BBF8-374E7030AB18}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{753EAB97-7BF3-4F5E-A7BA-86D1326D5A13}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{EA23E820-2142-48A3-A3CC-2A8516C5AE19}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= UDP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"UDP Query User{4EF47CAC-3FC1-4C5F-8881-248AFDD3EC8D}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= TCP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"{5D607529-8306-44ED-934E-AB51BBCD5864}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{97C99824-D87D-4105-8099-A31447F468EE}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{E0416CB4-2D08-49FD-8FA5-6125D597B247}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{41E39112-9CE1-40E5-9075-9934C2131723}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{542499CB-B0B5-487E-B5EE-986CB46EB881}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{1F097AA3-6DD6-4F91-A4B4-CACB388B6283}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{C83C6DA5-8CA7-4948-8651-28916D951D26}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{72D2EA34-0487-4D84-8411-2692E5248BA3}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{6BB5EFAD-A350-4C6C-8CA3-581196209A5C}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
"{C182ECD5-A170-4B53-ABA3-171F8D3E4932}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:PMSInstallInit.exe
"{8C833947-9C7A-46F6-BC1D-C641D83B683E}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
"{FBC80399-0DFA-44CC-8CC1-0FDE9E514D3F}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:PMSManager.exe
"{EEF806A3-F9DA-4767-8860-9B9ABB3E0A5D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{195E0272-C040-43A0-A748-DBBA12237B40}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{FBB7BCA1-2E24-4E39-8645-6DFA73E55B73}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
"{0AFBDC87-F7F6-49D2-8F2F-B6EDAFEC7E18}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:PMC.Service.Main.exe
"{62D225CA-FD73-4F3B-949C-9705943D242D}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{267EA51F-C499-47AF-A72E-F903F0C62807}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{5C9ACED9-AE9D-44F8-A16C-0DE451F20D0E}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{D4C33F94-869E-40B4-A041-3EBBD5D6DD9F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSInstallInit.exe
"{28F8CCDC-5044-4B1B-92E9-DCC27A794DDB}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"{184B47D7-9030-4743-8AD3-95F7A8B6A93F}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC.Tvtv.Wizard.exe
"{20A41250-A1C6-4778-A336-56801958C4ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E51948B-3A28-4445-A232-F81BF2640731}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{01C200C5-0D9B-4E38-BBC4-1BB9A61B0F62}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{45074DC6-879C-4F4B-BF7F-92E3F39D90C2}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{440C8ADD-C7BC-4F20-B3AF-755C0B5EF72D}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{94B5E28B-2664-4B70-90A8-8652D0C3A9F7}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{333668E5-B5E5-45BA-A6EC-AFF541741333}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{9F6C1277-B100-480E-B76D-5104E88E201B}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{3CE7E586-082F-409D-881C-79AEDB57245F}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{4D0BC2CA-78D9-450E-9707-6103F69D9023}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{7713D7F6-81E8-43AC-8D0B-DF8CD280EA1E}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{6512241C-9430-4943-9F21-D8ECC8920B64}"= UDP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
"{51D9CE9E-E8B0-44AF-B55F-E3A103F19C11}"= TCP:C:\Windows\System32\lxdicfg.exe:Printer Communication System
"{9A5CB53F-C29A-47FF-8959-89EF1FFDC72F}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
"{10BF77AF-FEB3-4A5E-835E-187EBBAEC7CD}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
"{EA164002-1BFD-4308-8869-D58BFCAC6B4B}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{A33DAEE7-D77D-4A25-9DF6-9AF6568DE9F9}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{34827008-B3BA-4A53-B979-B77DDF825D92}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{B0067EF7-6213-4D44-9AB5-567D35904995}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{8754B001-0D3C-4580-A7C4-7E4972D244E0}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{49F83396-F3B2-4D1D-AE32-BF9F78635A5C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"TCP Query User{A86E8892-858E-41DE-B251-0CCCC22B8FCB}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"UDP Query User{81DAEE10-1448-4116-B0DC-3498ECA3DAF7}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"TCP Query User{56DB0CC9-5F09-494D-A5B8-0D55B5F17D64}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{995B9471-2F18-49FA-B71B-792C0C830951}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B0B4D862-017C-4D32-A576-F87D6BCC04E5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1ED2A6DA-A93E-4AF3-BD96-D330198AAAED}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"UDP Query User{E7058ADA-3573-4455-B55D-87B43BF78424}C:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:C:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"{48336865-3EC0-431F-9B30-DD36BD531A14}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{BEA56142-7821-4B3C-9326-2219E7872817}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{63D8A362-6E5A-4ABA-9782-0E40FD4BD6B9}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{56A09833-91B1-42AC-A899-61C59889D7B0}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{DFCC994F-E636-4DCA-83A7-A645D46F4690}C:\\users\\julie\\program files\\dna\\btdna.exe"= UDP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
"UDP Query User{324659F3-F096-4CC2-84CE-47E8D52CC830}C:\\users\\julie\\program files\\dna\\btdna.exe"= TCP:C:\users\julie\program files\dna\btdna.exe:btdna.exe
"TCP Query User{57422E1D-0F32-4582-957C-1FFA0D858578}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{F43DC13A-3572-411B-B95F-1255DA2B4257}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{D499003C-35A1-41AD-8063-12D2BB902429}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6D0A5FEA-907D-4860-BA2F-C6B9245C29A5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{372B3FE6-DF33-4D6A-BBC6-3F2F72A2AE9A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{09F2112F-A891-44BA-85EE-3D11BEA3ECFB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AD07DB0C-73A2-48D9-9FEB-5C07E69152F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{017BCCA1-A770-47F2-A91C-7E0D408D25AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-04-26 17:38]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 22:03]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 05:57]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 17:38]
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 USB28xxBGA;USB 2883 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2006-08-09 10:10]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2006-08-09 10:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\Auto\command - AdobeR.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-c1P8qJdhiG - C:\ProgramData\qlmdgxuv\yputqbat.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 16:17:19
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
C:\Windows\System32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-17 16:25:04 - machine was rebooted [Julie]
ComboFix-quarantined-files.txt 2008-08-17 14:24:58
ComboFix2.txt 2008-08-17 10:54:46

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 49,153,777,664 octets libres

279 --- E O F --- 2008-08-17 11:08:20

et voilà pour hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:14, on 17/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Julie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
0
Réponse 11 / 23
Utilisateur anonyme
 
Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 12 / 23
blackgothdoll Messages postés 13 Statut Membre
 
voilà pour le rapport malwarebyte's

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1054
Windows 6.0.6000

11:30:46 19/08/2008
mbam-log-8-19-2008 (11-30-46).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 137869
Temps écoulé: 1 hour(s), 17 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcprosd.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcprosd.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC Clean Pro (Rogue.PCCleanPro) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 13 / 23
Utilisateur anonyme
 
refais un scan hijackthis et post le rapport stp et on termine

dis moi aussi comment va le pc stp
0
Réponse 14 / 23
blackgothdoll Messages postés 13 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:55, on 19/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Julie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
0
Réponse 15 / 23
pilou-louloutte Messages postés 153 Statut Membre 2
 
salut

c'est quoi comme virus?
0
Réponse 16 / 23
blackgothdoll Messages postés 13 Statut Membre
 
des trojan, plusieurs genre green screen, tiny.h banqfraud un truc comme ça
mais apparemment je ne les ai plus grâce à chiquitine29!
0
Réponse 17 / 23
pilou-louloutte Messages postés 153 Statut Membre 2
 
tu est sur que en as plus car moi aussi j'ai été comme toi mais moi j'ai eu un cheval de troie et j'ai était obligé de tt vidé sur mon disque dur et de tt réinstallé
0
Réponse 18 / 23
Utilisateur anonyme
 
sorry je t avais oublié

désinstal adobe reader car pas a jours et telecharge et instal cette version :

http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/fra/AdbeRdr90_fr_FR.exe

ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/

ensuite ;

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility

ensuite :

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
0
Réponse 19 / 23
blackgothdoll Messages postés 13 Statut Membre
 
merci pour tous tes conseils
j'ai pas pu répondre avant je suis désolée
merci encore
0
Réponse 20 / 23
Utilisateur anonyme
 
si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses