TROJAN VIRTUMONDERésolu/Fermé

Question

Bonjour,
Ou Bonsoir ,

Depuiis Quelques jours ou quelques semaines Mon ordinateur est infectés d'un trojan : VIRTUMONDE 

Apres Plusieurs Analyse et plusieurs tentatives de désinfections Rien est venu a bout

Il est toujours là ou il sont toujours la ,, puisque j'en ai trois :s

Aidez Moi S'il vous Plait !

D'après se que j'ai déchifrée [ en anglais ] par le logiciels search & destroy je ne pourait l'éliminer Quand enlever ma connection internet ! est-ce vrai ??

MoKo · Answer

Il existe Vundofix il me semble pour cette infection, mais si tu cherches bien sur le net, il en faut d'autres. Il y a plusieurs tutos de dispo pour regler ce prob. Google est ton ami :)

Help-me-=) · Answer

Merci Je vais Essayer pour se qui est de vundofix ,, mais il me semble que google est déjà mon meilleur ami

à+

Help-me-=) · Answer

Voilà J'ai Essayer Mais le trojan Est en Mode Masquer Vundofix Ne le Detecte Pas 
:s

Help-me-=) · Answer

Aidez Moii S'il vous Plait :

Peut être que sa peut aider :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:56, on 29/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\conime.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anne-laure\HiJackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 92.48.81.32 iHabbixReloaded
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1358859215-3497976692-2764473087-1005\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'vero')
O4 - HKUS\S-1-5-21-1358859215-3497976692-2764473087-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'vero')
O4 - HKUS\S-1-5-21-1358859215-3497976692-2764473087-1005\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_SC4E5.tmp" /EF "HKCU" (User 'vero')
O4 - Startup: Outil de notification Live Search.lnk = Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Anne-laure\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Help-me-=) · Answer

Oui , Je voudrais

Merci . Comment je faiis?

Help-me-=) · Answer

Voilà J'ai fais Exactement Se Que Vous Avez Dit , J'éspere que ça à marcher , voilà le rapport : ComboFix 08-10-30.04 - Anne-laure 2008-10-30 9:58:32.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1222 [GMT 1:00] Lancé depuis: C:\Users\Anne-laure\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FBrowserAdvisor C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk C:\Users\Véronique\AppData\Roaming\inst.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 )))))))))))))))))))))))))))))))))))) . 2008-10-29 20:37 . 2008-10-29 20:37 401,720 --a------ C:\Users\Anne-laure\HiJackThis.exe 2008-10-29 19:52 . 2008-10-29 19:52 d-------- C:\Program Files\Trend Micro 2008-10-29 18:04 . 2008-10-29 18:04 d-------- C:\VundoFix Backups 2008-10-29 15:48 . 2008-10-29 15:55 d-------- C:\Users\Anne-laure\DoctorWeb 2008-10-29 13:09 . 2008-10-29 13:51 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-29 13:09 . 2008-10-29 13:51 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-29 13:09 . 2008-10-29 13:22 d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-29 11:00 . 2008-10-29 11:00 d-------- C:\Program Files\Defenza 2008-10-29 11:00 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\System32\Machnm1.exe 2008-10-29 11:00 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\System32\Machnm64.sys 2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\System32\118290.54 2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\118294.78 2008-10-29 11:00 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\System32\Machnm32.sys 2008-10-29 08:38 . 2008-08-12 04:39 443,392 --a------ C:\WINDOWS\System32\win32spl.dll 2008-10-29 08:38 . 2008-09-18 05:56 147,456 --a------ C:\WINDOWS\System32\Faultrep.dll 2008-10-29 08:38 . 2008-09-18 05:56 125,952 --a------ C:\WINDOWS\System32\wersvc.dll 2008-10-28 09:31 . 2008-10-28 09:32 d-------- C:\Program Files\Photo Story 3 for Windows 2008-10-26 19:53 . 2008-10-28 20:35 d-------- C:\Program Files\Messenger Plus! Live 2008-10-26 10:28 . 2008-10-26 10:28 d-------- C:\Program Files\The Cleaner Demo 2008-10-26 10:12 . 2008-10-26 10:57 d-------- C:\Program Files\Trojan Remover 2008-10-23 20:34 . 2008-10-23 20:34 d-------- C:\Users\All Users\UDL 2008-10-23 20:34 . 2008-10-23 20:34 d-------- C:\ProgramData\UDL 2008-10-23 20:24 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\System32\E_FLBBZE.DLL 2008-10-23 20:24 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\System32\E_FD4BBZE.DLL 2008-10-23 20:24 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\System32\E_DCINST.DLL 2008-10-23 20:23 . 2008-10-23 20:29 d-------- C:\Users\All Users\EPSON 2008-10-23 20:23 . 2008-10-23 20:29 d-------- C:\ProgramData\EPSON 2008-10-23 20:23 . 2008-10-23 20:32 d-------- C:\Program Files\EPSON 2008-10-23 20:22 . 2008-10-23 20:22 25 --a------ C:\WINDOWS\CDED92Euro.ini 2008-10-23 07:55 . 2008-08-05 10:49 428,544 --a------ C:\WINDOWS\System32\EncDec.dll 2008-10-23 07:55 . 2008-08-05 10:49 293,376 --a------ C:\WINDOWS\System32\psisdecd.dll 2008-10-23 07:55 . 2008-08-05 10:48 217,088 --a------ C:\WINDOWS\System32\psisrndr.ax 2008-10-23 07:55 . 2008-08-05 10:48 177,664 --a------ C:\WINDOWS\System32\mpg2splt.ax 2008-10-23 07:55 . 2008-08-05 10:48 80,896 --a------ C:\WINDOWS\System32\MSNP.ax 2008-10-18 19:12 . 2008-10-26 10:23 d-------- C:\Users\Anne-laure\AppData\Roaming\Hamachi 2008-10-18 19:11 . 2008-10-18 19:11 25,280 --a------ C:\WINDOWS\System32\drivers\hamachi.sys 2008-10-18 17:10 . 2008-10-18 17:55 d-------- C:\Program Files\Dofus 2008-10-15 10:11 . 2008-10-15 10:11 d-------- C:\Users\Anne-laure\AppData\Roaming\Media Player Classic 2008-10-15 07:40 . 2008-09-18 06:09 3,601,464 --a------ C:\WINDOWS\System32 tkrnlpa.exe 2008-10-15 07:40 . 2008-09-18 06:09 3,549,240 --a------ C:\WINDOWS\System32 toskrnl.exe 2008-10-15 07:40 . 2008-09-18 03:16 2,032,640 --a------ C:\WINDOWS\System32\win32k.sys 2008-10-15 07:40 . 2008-10-02 04:49 827,392 --a------ C:\WINDOWS\System32\wininet.dll 2008-10-15 07:40 . 2008-09-03 04:59 468,992 --a------ C:\WINDOWS\System32 ewdev.dll 2008-10-15 07:40 . 2008-08-27 02:06 288,768 --a------ C:\WINDOWS\System32\drivers\srv.sys 2008-10-15 07:40 . 2008-09-03 04:58 74,752 --a------ C:\WINDOWS\System32 ewdev.exe 2008-10-15 07:39 . 2008-10-02 02:32 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb 2008-10-14 18:21 . 2008-10-14 18:21 d-------- C:\Program Files\Audacity 2008-10-14 18:16 . 2008-10-14 18:16 d-------- C:\Program Files\Common Files\DVDVIDEOSOFT 2008-10-14 18:16 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\System32\msvcr70.dll 2008-10-14 17:42 . 2008-03-21 21:30 3,596,288 --a------ C:\WINDOWS\System32\qt-dx331.dll 2008-10-14 17:42 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\System32\xvidcore.dll 2008-10-14 17:42 . 2008-03-31 22:25 682,496 --a------ C:\WINDOWS\System32\divx.dll 2008-10-14 17:42 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\System32\lameACM.acm 2008-10-14 17:42 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\System32\yv12vfw.dll 2008-10-14 17:42 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\System32\unrar.dll 2008-10-14 17:42 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\System32\xvidvfw.dll 2008-10-14 17:42 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\System32\ac3acm.acm 2008-10-14 17:42 . 2008-03-21 21:28 81,920 --a------ C:\WINDOWS\System32\dpl100.dll 2008-10-14 17:42 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\System32\lame_acm.xml 2008-10-14 17:41 . 2008-10-14 17:42 d-------- C:\Program Files\K-Lite Codec Pack 2008-10-14 17:41 . 2008-03-28 18:41 7,680 --a------ C:\WINDOWS\System32\ff_vfw.dll 2008-10-14 17:41 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\System32\ff_vfw.dll.manifest 2008-10-12 20:24 . 2008-10-28 13:14 d-------- C:\Users\Anne-laure\AppData\Roaming\LimeWire 2008-10-11 21:56 . 2008-10-26 10:48 d-------- C:\Program Files\Windows Live Toolbar 2008-10-11 21:56 . 2008-10-11 21:56 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-10-11 21:20 . 2006-11-29 12:06 3,426,072 --a------ C:\WINDOWS\System32\d3dx9_32.dll 2008-10-11 21:17 . 2008-06-26 04:21 712,704 --a------ C:\WINDOWS\System32\WindowsCodecs.dll 2008-10-11 21:17 . 2008-06-26 04:21 347,648 --a------ C:\WINDOWS\System32\WindowsCodecsExt.dll 2008-10-11 21:14 . 2008-10-11 21:14 d-------- C:\Program Files\Microsoft 2008-10-11 21:10 . 2008-10-11 21:10 d-------- C:\Program Files\Common Files\Windows Live 2008-10-11 21:07 . 2008-10-23 20:44 d-------- C:\Program Files\Microsoft Silverlight 2008-10-11 17:17 . 2008-10-11 17:19 d-------- C:\Users\Anne-laure\AppData\Roaming\SecondLife 2008-10-10 11:38 . 2008-04-17 12:12 107,368 --a------ C:\WINDOWS\System32\GEARAspi.dll 2008-10-10 11:38 . 2008-04-17 12:12 15,464 --a------ C:\WINDOWS\System32\drivers\GEARAspiWDM.sys 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\Program Files\iTunes 2008-10-10 11:37 . 2008-10-10 11:37 d-------- C:\Program Files\iPod 2008-10-10 11:36 . 2008-10-10 11:36 d-------- C:\Program Files\Bonjour 2008-10-10 11:28 . 2008-10-10 11:28 d-------- C:\Program Files\Apple Software Update 2008-10-09 19:49 . 2008-10-09 19:49 d-------- C:\Program Files\Conjugaison 2008-10-09 19:24 . 2008-10-29 08:32 d-------- C:\Users\vero\AppData\Roaming\F-Secure 2008-10-09 18:26 . 2008-10-09 18:26 d-------- C:\Users\All Users\TomTom 2008-10-09 18:26 . 2008-10-09 18:26 d-------- C:\ProgramData\TomTom 2008-10-09 18:26 . 2008-10-30 09:53 d-------- C:\Program Files\TomTom HOME 2008-10-09 18:25 . 2008-10-09 18:25 d-------- C:\Users\vero\AppData\Roaming\TomTom 2008-10-09 18:25 . 2008-10-09 18:25 d-------- C:\Users\vero\AppData\Roaming\InstallShield 2008-10-09 18:24 . 2008-10-09 18:24 d-------- C:\Program Files\TomTom HOME 2 2008-10-09 18:23 . 2008-10-09 18:23 d-------- C:\Program Files\TomTom DesktopSuite 2008-10-08 12:24 . 2008-10-08 12:24 d-------- C:\Users\Anne-laure\AppData\Roaming\InstallShield 2008-10-08 11:24 . 2008-10-08 11:24 d-------- C:\Users\vero\AppData\Roaming\Apple Computer 2008-10-07 02:10 . 2008-07-16 02:32 2,048 --a------ C:\WINDOWS\System32 zres.dll 2008-10-06 16:35 . 2008-10-29 10:49 d-------- C:\Users\Anne-laure\AppData\Roaming\F-Secure 2008-10-06 16:25 . 2008-04-23 17:15 572,512 --a------ C:\WINDOWS\System32\msvcp50.dll 2008-10-06 16:25 . 2008-10-29 10:36 60,064 --a------ C:\WINDOWS\System32\drivers\fsdfw.sys 2008-10-06 16:25 . 2008-04-23 17:11 34,752 --a------ C:\WINDOWS\System32\drivers\fses.sys 2008-10-06 16:24 . 2008-10-06 16:24 d-------- C:\Users\All Users\F-Secure 2008-10-06 16:24 . 2008-10-06 16:24 d-------- C:\ProgramData\F-Secure 2008-10-06 16:22 . 2008-10-06 16:22 d-------- C:\Program Files\Orange 2008-10-06 16:18 . 2008-10-14 09:04 d-------- C:\Users\All Users\fssg 2008-10-06 16:18 . 2008-10-14 09:04 d-------- C:\ProgramData\fssg 2008-10-06 15:08 . 2008-06-26 02:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll 2008-10-06 15:08 . 2008-06-26 02:45 2,644,480 --a------ C:\WINDOWS\System32\NlsLexicons0009.dll 2008-10-06 15:07 . 2008-06-26 04:29 801,280 --a------ C:\WINDOWS\System32\NaturalLanguage6.dll 2008-10-06 15:05 . 2008-07-31 02:13 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll 2008-10-06 15:05 . 2008-04-26 09:26 891,448 --a------ C:\WINDOWS\System32\drivers cpip.sys 2008-10-06 15:05 . 2008-04-12 04:32 784,896 --a------ C:\WINDOWS\System32 pcrt4.dll 2008-10-06 15:05 . 2008-06-19 04:31 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL 2008-10-06 15:05 . 2008-04-05 02:21 72,192 --a------ C:\WINDOWS\System32\drivers\pacer.sys 2008-10-06 15:05 . 2008-07-31 04:32 28,160 --a------ C:\WINDOWS\System32\Apphlpdm.dll 2008-10-06 15:05 . 2008-04-05 04:34 15,360 --a------ C:\WINDOWS\System32\pacerprf.dll 2008-10-06 14:41 . 2008-07-19 06:09 1,811,656 --a------ C:\WINDOWS\System32\wuaueng.dll 2008-10-06 14:41 . 2008-07-19 04:44 1,524,736 --a------ C:\WINDOWS\System32\wucltux.dll 2008-10-06 14:41 . 2008-07-19 06:09 563,912 --a------ C:\WINDOWS\System32\wuapi.dll 2008-10-06 14:41 . 2008-07-19 04:44 83,456 --a------ C:\WINDOWS\System32\wudriver.dll 2008-10-06 14:41 . 2008-07-19 06:10 53,448 --a------ C:\WINDOWS\System32\wuauclt.exe 2008-10-06 14:41 . 2008-07-19 06:10 45,768 --a------ C:\WINDOWS\System32\wups2.dll 2008-10-06 14:41 . 2008-07-19 06:10 36,552 --a------ C:\WINDOWS\System32\wups.dll 2008-10-06 14:40 . 2008-07-18 21:08 163,904 --a------ C:\WINDOWS\System32\wuwebv.dll 2008-10-06 14:40 . 2008-07-18 19:44 31,232 --a------ C:\WINDOWS\System32\wuapp.exe 2008-10-06 14:24 . 2008-10-06 14:24 d-------- C:\Program Files\Securitoo 2008-10-06 14:24 . 2006-11-28 19:46 28,224 --a------ C:\WINDOWS\System32\drivers\PCAMp50.sys 2008-10-06 14:24 . 2006-11-28 19:46 27,072 --a------ C:\WINDOWS\System32\drivers\PCASp50.sys 2008-10-06 14:22 . 2008-10-06 14:49 d-------- C:\Program Files\OrangeHSS 2008-10-06 14:22 . 2007-12-11 19:22 65,536 --a------ C:\WINDOWS\System32\Autodial2000.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT 2008-10-29 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-26 09:38 --------- d-----w C:\Program Files\Hamachi 2008-10-23 19:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-20 10:28 --------- d-----w C:\Program Files\Windows Live 2008-10-16 01:13 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-12 19:24 --------- d-----w C:\Program Files\LimeWire 2008-10-11 20:50 --------- d-----w C:\ProgramData\WLInstaller 2008-10-10 10:36 --------- d-----w C:\Program Files\QuickTime 2008-10-10 10:35 --------- d-----w C:\Program Files\Common Files\Apple 2008-10-08 11:31 --------- d-----w C:\Program Files\FinePixViewer 2008-10-08 11:27 --------- d-----w C:\Users\Anne-laure\AppData\Roaming\FUJIFILM 2008-10-08 11:23 --------- d-----w C:\Users\Véronique\AppData\Roaming\FUJIFILM 2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-20 17:38 1,435,224 ----a-w C:\Users anou\TMPGEnc-2.524.63.181-Free.zip 2008-06-20 17:05 1,665,325 ----a-w C:\Users anou\agfreesetup.exe 2008-06-20 16:31 1,579,972 ----a-w C:\Users anou\dvdaudioextractor.exe 2008-06-10 19:38 20,019 ----a-w C:\Users anou\unfreez.zip 2008-05-31 19:45 3,115,008 ----a-w C:\Users anou\AudioVideo_To_Exe(English).exe 2008-05-28 09:46 47,360 ----a-w C:\Users\Véronique\AppData\Roaming\pcouffin.sys 2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat 2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat 2008-04-28 01:45 174 --sha-w C:\Program Files\desktop.ini 2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-27 07:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\WINDOWS\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "au"="C:\Program Files\Dealio\DealioAU.exe" [2008-04-16 591200] "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-04-23 182936] "F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-04-23 744032] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 1359872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168] C:\Users\Anne-laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-20 143360] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-06-15 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2BF1B30A-E70B-40C0-A49B-E32E0357E594}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5DE2C203-A710-4888-A4A0-B03BC6F9F7EE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{AB26A2BA-3E21-4EDC-BA86-74252A1E9B60}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{0F718442-4349-481B-B9BE-0434243B45CC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{2584FB02-825A-4197-BCA8-5DEFEA1D7FC3}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7D89EE86-9CF5-4C71-B679-C896786B9327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{23CCE833-C21A-4284-942A-1E2BDC544952}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{158F0404-1BBA-48A7-B105-4CFF6C637FA8}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "TCP Query User{E4240EF3-695C-4EAC-834B-580750BF9B6A}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{BA578043-7B5F-4C14-A5F0-DD1203936051}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{FB00228A-A7BB-43F6-A5BF-73A7D28205CB}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "UDP Query User{440986FF-83C0-400D-93B1-ECA44E786697}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "TCP Query User{AECC5E9E-BAE8-4888-9F67-6301045DAADA}C:\program files\hamachi\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{23AB184E-67A6-4A61-8C12-79AEB04D7169}C:\program files\hamachi\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{E3F29125-A2B2-4113-8259-25657DFDBDB6}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{9E030592-428F-49C6-A9A2-23D22441CF1A}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{63C96D9E-C7A9-44CE-88BE-0C515539437C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2192EAE9-5368-4EE8-8CD3-9C66A8912293}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{6D454281-F9A4-42A7-86FC-C5AE502DEEBA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{A03C0C98-1D14-4B69-8834-7AF18EE7CBC7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AD2F44F6-5754-4B64-A8A8-4F6C6A2FA4BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{112DB924-3F00-438F-ACB8-1C1D58D9EBA6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{48480C3F-4276-4B3B-9D8B-488BD0F40DEA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-10-29 41184] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2008-04-23 34752] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-10-29 60064] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2008-04-23 12896] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-23 62048] S3 Brndis;External USB Cable Modem;C:\Windows\system32\DRIVERS\Brndis.sys [2004-02-06 16512] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 27072] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2008-04-23 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2008-04-23 25184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5f6184-012e-11dd-8acc-806e6f6e6963}] \shell\AutoRun\command - E:\EPSETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990fee76-9538-11dd-9d90-001bb97e2318}] \shell\AutoRun\command - J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f1fc82-990f-11dd-bed9-001bb97e2318}] \shell\AutoRun\command - K:\start.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{2D2B0467-6BFE-4217-82E0-E7D63BCEFB92}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33] 2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{A3BD8618-9E38-4205-94E6-90329DCC055B}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Users\Anne-laure\AppData\Roaming\Mozilla\Firefox\Profiles\leichzot.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-30 10:04:59 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0

Help-me-=) · Answer

Voilà J'ai fais Exactement Se Que Vous Avez Dit , J'éspere que ça à marcher , voilà le rapport : ComboFix 08-10-30.04 - Anne-laure 2008-10-30 9:58:32.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1222 [GMT 1:00] Lancé depuis: C:\Users\Anne-laure\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FBrowserAdvisor C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk C:\Users\Véronique\AppData\Roaming\inst.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 )))))))))))))))))))))))))))))))))))) . 2008-10-29 20:37 . 2008-10-29 20:37 401,720 --a------ C:\Users\Anne-laure\HiJackThis.exe 2008-10-29 19:52 . 2008-10-29 19:52 d-------- C:\Program Files\Trend Micro 2008-10-29 18:04 . 2008-10-29 18:04 d-------- C:\VundoFix Backups 2008-10-29 15:48 . 2008-10-29 15:55 d-------- C:\Users\Anne-laure\DoctorWeb 2008-10-29 13:09 . 2008-10-29 13:51 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-29 13:09 . 2008-10-29 13:51 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-29 13:09 . 2008-10-29 13:22 d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-29 11:00 . 2008-10-29 11:00 d-------- C:\Program Files\Defenza 2008-10-29 11:00 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\System32\Machnm1.exe 2008-10-29 11:00 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\System32\Machnm64.sys 2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\System32\118290.54 2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\118294.78 2008-10-29 11:00 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\System32\Machnm32.sys 2008-10-29 08:38 . 2008-08-12 04:39 443,392 --a------ C:\WINDOWS\System32\win32spl.dll 2008-10-29 08:38 . 2008-09-18 05:56 147,456 --a------ C:\WINDOWS\System32\Faultrep.dll 2008-10-29 08:38 . 2008-09-18 05:56 125,952 --a------ C:\WINDOWS\System32\wersvc.dll 2008-10-28 09:31 . 2008-10-28 09:32 d-------- C:\Program Files\Photo Story 3 for Windows 2008-10-26 19:53 . 2008-10-28 20:35 d-------- C:\Program Files\Messenger Plus! Live 2008-10-26 10:28 . 2008-10-26 10:28 d-------- C:\Program Files\The Cleaner Demo 2008-10-26 10:12 . 2008-10-26 10:57 d-------- C:\Program Files\Trojan Remover 2008-10-23 20:34 . 2008-10-23 20:34 d-------- C:\Users\All Users\UDL 2008-10-23 20:34 . 2008-10-23 20:34 d-------- C:\ProgramData\UDL 2008-10-23 20:24 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\System32\E_FLBBZE.DLL 2008-10-23 20:24 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\System32\E_FD4BBZE.DLL 2008-10-23 20:24 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\System32\E_DCINST.DLL 2008-10-23 20:23 . 2008-10-23 20:29 d-------- C:\Users\All Users\EPSON 2008-10-23 20:23 . 2008-10-23 20:29 d-------- C:\ProgramData\EPSON 2008-10-23 20:23 . 2008-10-23 20:32 d-------- C:\Program Files\EPSON 2008-10-23 20:22 . 2008-10-23 20:22 25 --a------ C:\WINDOWS\CDED92Euro.ini 2008-10-23 07:55 . 2008-08-05 10:49 428,544 --a------ C:\WINDOWS\System32\EncDec.dll 2008-10-23 07:55 . 2008-08-05 10:49 293,376 --a------ C:\WINDOWS\System32\psisdecd.dll 2008-10-23 07:55 . 2008-08-05 10:48 217,088 --a------ C:\WINDOWS\System32\psisrndr.ax 2008-10-23 07:55 . 2008-08-05 10:48 177,664 --a------ C:\WINDOWS\System32\mpg2splt.ax 2008-10-23 07:55 . 2008-08-05 10:48 80,896 --a------ C:\WINDOWS\System32\MSNP.ax 2008-10-18 19:12 . 2008-10-26 10:23 d-------- C:\Users\Anne-laure\AppData\Roaming\Hamachi 2008-10-18 19:11 . 2008-10-18 19:11 25,280 --a------ C:\WINDOWS\System32\drivers\hamachi.sys 2008-10-18 17:10 . 2008-10-18 17:55 d-------- C:\Program Files\Dofus 2008-10-15 10:11 . 2008-10-15 10:11 d-------- C:\Users\Anne-laure\AppData\Roaming\Media Player Classic 2008-10-15 07:40 . 2008-09-18 06:09 3,601,464 --a------ C:\WINDOWS\System32 tkrnlpa.exe 2008-10-15 07:40 . 2008-09-18 06:09 3,549,240 --a------ C:\WINDOWS\System32 toskrnl.exe 2008-10-15 07:40 . 2008-09-18 03:16 2,032,640 --a------ C:\WINDOWS\System32\win32k.sys 2008-10-15 07:40 . 2008-10-02 04:49 827,392 --a------ C:\WINDOWS\System32\wininet.dll 2008-10-15 07:40 . 2008-09-03 04:59 468,992 --a------ C:\WINDOWS\System32 ewdev.dll 2008-10-15 07:40 . 2008-08-27 02:06 288,768 --a------ C:\WINDOWS\System32\drivers\srv.sys 2008-10-15 07:40 . 2008-09-03 04:58 74,752 --a------ C:\WINDOWS\System32 ewdev.exe 2008-10-15 07:39 . 2008-10-02 02:32 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb 2008-10-14 18:21 . 2008-10-14 18:21 d-------- C:\Program Files\Audacity 2008-10-14 18:16 . 2008-10-14 18:16 d-------- C:\Program Files\Common Files\DVDVIDEOSOFT 2008-10-14 18:16 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\System32\msvcr70.dll 2008-10-14 17:42 . 2008-03-21 21:30 3,596,288 --a------ C:\WINDOWS\System32\qt-dx331.dll 2008-10-14 17:42 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\System32\xvidcore.dll 2008-10-14 17:42 . 2008-03-31 22:25 682,496 --a------ C:\WINDOWS\System32\divx.dll 2008-10-14 17:42 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\System32\lameACM.acm 2008-10-14 17:42 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\System32\yv12vfw.dll 2008-10-14 17:42 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\System32\unrar.dll 2008-10-14 17:42 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\System32\xvidvfw.dll 2008-10-14 17:42 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\System32\ac3acm.acm 2008-10-14 17:42 . 2008-03-21 21:28 81,920 --a------ C:\WINDOWS\System32\dpl100.dll 2008-10-14 17:42 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\System32\lame_acm.xml 2008-10-14 17:41 . 2008-10-14 17:42 d-------- C:\Program Files\K-Lite Codec Pack 2008-10-14 17:41 . 2008-03-28 18:41 7,680 --a------ C:\WINDOWS\System32\ff_vfw.dll 2008-10-14 17:41 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\System32\ff_vfw.dll.manifest 2008-10-12 20:24 . 2008-10-28 13:14 d-------- C:\Users\Anne-laure\AppData\Roaming\LimeWire 2008-10-11 21:56 . 2008-10-26 10:48 d-------- C:\Program Files\Windows Live Toolbar 2008-10-11 21:56 . 2008-10-11 21:56 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-10-11 21:20 . 2006-11-29 12:06 3,426,072 --a------ C:\WINDOWS\System32\d3dx9_32.dll 2008-10-11 21:17 . 2008-06-26 04:21 712,704 --a------ C:\WINDOWS\System32\WindowsCodecs.dll 2008-10-11 21:17 . 2008-06-26 04:21 347,648 --a------ C:\WINDOWS\System32\WindowsCodecsExt.dll 2008-10-11 21:14 . 2008-10-11 21:14 d-------- C:\Program Files\Microsoft 2008-10-11 21:10 . 2008-10-11 21:10 d-------- C:\Program Files\Common Files\Windows Live 2008-10-11 21:07 . 2008-10-23 20:44 d-------- C:\Program Files\Microsoft Silverlight 2008-10-11 17:17 . 2008-10-11 17:19 d-------- C:\Users\Anne-laure\AppData\Roaming\SecondLife 2008-10-10 11:38 . 2008-04-17 12:12 107,368 --a------ C:\WINDOWS\System32\GEARAspi.dll 2008-10-10 11:38 . 2008-04-17 12:12 15,464 --a------ C:\WINDOWS\System32\drivers\GEARAspiWDM.sys 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\Program Files\iTunes 2008-10-10 11:37 . 2008-10-10 11:37 d-------- C:\Program Files\iPod 2008-10-10 11:36 . 2008-10-10 11:36 d-------- C:\Program Files\Bonjour 2008-10-10 11:28 . 2008-10-10 11:28 d-------- C:\Program Files\Apple Software Update 2008-10-09 19:49 . 2008-10-09 19:49 d-------- C:\Program Files\Conjugaison 2008-10-09 19:24 . 2008-10-29 08:32 d-------- C:\Users\vero\AppData\Roaming\F-Secure 2008-10-09 18:26 . 2008-10-09 18:26 d-------- C:\Users\All Users\TomTom 2008-10-09 18:26 . 2008-10-09 18:26 d-------- C:\ProgramData\TomTom 2008-10-09 18:26 . 2008-10-30 09:53 d-------- C:\Program Files\TomTom HOME 2008-10-09 18:25 . 2008-10-09 18:25 d-------- C:\Users\vero\AppData\Roaming\TomTom 2008-10-09 18:25 . 2008-10-09 18:25 d-------- C:\Users\vero\AppData\Roaming\InstallShield 2008-10-09 18:24 . 2008-10-09 18:24 d-------- C:\Program Files\TomTom HOME 2 2008-10-09 18:23 . 2008-10-09 18:23 d-------- C:\Program Files\TomTom DesktopSuite 2008-10-08 12:24 . 2008-10-08 12:24 d-------- C:\Users\Anne-laure\AppData\Roaming\InstallShield 2008-10-08 11:24 . 2008-10-08 11:24 d-------- C:\Users\vero\AppData\Roaming\Apple Computer 2008-10-07 02:10 . 2008-07-16 02:32 2,048 --a------ C:\WINDOWS\System32 zres.dll 2008-10-06 16:35 . 2008-10-29 10:49 d-------- C:\Users\Anne-laure\AppData\Roaming\F-Secure 2008-10-06 16:25 . 2008-04-23 17:15 572,512 --a------ C:\WINDOWS\System32\msvcp50.dll 2008-10-06 16:25 . 2008-10-29 10:36 60,064 --a------ C:\WINDOWS\System32\drivers\fsdfw.sys 2008-10-06 16:25 . 2008-04-23 17:11 34,752 --a------ C:\WINDOWS\System32\drivers\fses.sys 2008-10-06 16:24 . 2008-10-06 16:24 d-------- C:\Users\All Users\F-Secure 2008-10-06 16:24 . 2008-10-06 16:24 d-------- C:\ProgramData\F-Secure 2008-10-06 16:22 . 2008-10-06 16:22 d-------- C:\Program Files\Orange 2008-10-06 16:18 . 2008-10-14 09:04 d-------- C:\Users\All Users\fssg 2008-10-06 16:18 . 2008-10-14 09:04 d-------- C:\ProgramData\fssg 2008-10-06 15:08 . 2008-06-26 02:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll 2008-10-06 15:08 . 2008-06-26 02:45 2,644,480 --a------ C:\WINDOWS\System32\NlsLexicons0009.dll 2008-10-06 15:07 . 2008-06-26 04:29 801,280 --a------ C:\WINDOWS\System32\NaturalLanguage6.dll 2008-10-06 15:05 . 2008-07-31 02:13 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll 2008-10-06 15:05 . 2008-04-26 09:26 891,448 --a------ C:\WINDOWS\System32\drivers cpip.sys 2008-10-06 15:05 . 2008-04-12 04:32 784,896 --a------ C:\WINDOWS\System32 pcrt4.dll 2008-10-06 15:05 . 2008-06-19 04:31 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL 2008-10-06 15:05 . 2008-04-05 02:21 72,192 --a------ C:\WINDOWS\System32\drivers\pacer.sys 2008-10-06 15:05 . 2008-07-31 04:32 28,160 --a------ C:\WINDOWS\System32\Apphlpdm.dll 2008-10-06 15:05 . 2008-04-05 04:34 15,360 --a------ C:\WINDOWS\System32\pacerprf.dll 2008-10-06 14:41 . 2008-07-19 06:09 1,811,656 --a------ C:\WINDOWS\System32\wuaueng.dll 2008-10-06 14:41 . 2008-07-19 04:44 1,524,736 --a------ C:\WINDOWS\System32\wucltux.dll 2008-10-06 14:41 . 2008-07-19 06:09 563,912 --a------ C:\WINDOWS\System32\wuapi.dll 2008-10-06 14:41 . 2008-07-19 04:44 83,456 --a------ C:\WINDOWS\System32\wudriver.dll 2008-10-06 14:41 . 2008-07-19 06:10 53,448 --a------ C:\WINDOWS\System32\wuauclt.exe 2008-10-06 14:41 . 2008-07-19 06:10 45,768 --a------ C:\WINDOWS\System32\wups2.dll 2008-10-06 14:41 . 2008-07-19 06:10 36,552 --a------ C:\WINDOWS\System32\wups.dll 2008-10-06 14:40 . 2008-07-18 21:08 163,904 --a------ C:\WINDOWS\System32\wuwebv.dll 2008-10-06 14:40 . 2008-07-18 19:44 31,232 --a------ C:\WINDOWS\System32\wuapp.exe 2008-10-06 14:24 . 2008-10-06 14:24 d-------- C:\Program Files\Securitoo 2008-10-06 14:24 . 2006-11-28 19:46 28,224 --a------ C:\WINDOWS\System32\drivers\PCAMp50.sys 2008-10-06 14:24 . 2006-11-28 19:46 27,072 --a------ C:\WINDOWS\System32\drivers\PCASp50.sys 2008-10-06 14:22 . 2008-10-06 14:49 d-------- C:\Program Files\OrangeHSS 2008-10-06 14:22 . 2007-12-11 19:22 65,536 --a------ C:\WINDOWS\System32\Autodial2000.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT 2008-10-29 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-26 09:38 --------- d-----w C:\Program Files\Hamachi 2008-10-23 19:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-20 10:28 --------- d-----w C:\Program Files\Windows Live 2008-10-16 01:13 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-12 19:24 --------- d-----w C:\Program Files\LimeWire 2008-10-11 20:50 --------- d-----w C:\ProgramData\WLInstaller 2008-10-10 10:36 --------- d-----w C:\Program Files\QuickTime 2008-10-10 10:35 --------- d-----w C:\Program Files\Common Files\Apple 2008-10-08 11:31 --------- d-----w C:\Program Files\FinePixViewer 2008-10-08 11:27 --------- d-----w C:\Users\Anne-laure\AppData\Roaming\FUJIFILM 2008-10-08 11:23 --------- d-----w C:\Users\Véronique\AppData\Roaming\FUJIFILM 2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-20 17:38 1,435,224 ----a-w C:\Users anou\TMPGEnc-2.524.63.181-Free.zip 2008-06-20 17:05 1,665,325 ----a-w C:\Users anou\agfreesetup.exe 2008-06-20 16:31 1,579,972 ----a-w C:\Users anou\dvdaudioextractor.exe 2008-06-10 19:38 20,019 ----a-w C:\Users anou\unfreez.zip 2008-05-31 19:45 3,115,008 ----a-w C:\Users anou\AudioVideo_To_Exe(English).exe 2008-05-28 09:46 47,360 ----a-w C:\Users\Véronique\AppData\Roaming\pcouffin.sys 2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat 2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat 2008-04-28 01:45 174 --sha-w C:\Program Files\desktop.ini 2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-27 07:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\WINDOWS\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "au"="C:\Program Files\Dealio\DealioAU.exe" [2008-04-16 591200] "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-04-23 182936] "F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-04-23 744032] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 1359872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168] C:\Users\Anne-laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-20 143360] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-06-15 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2BF1B30A-E70B-40C0-A49B-E32E0357E594}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5DE2C203-A710-4888-A4A0-B03BC6F9F7EE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{AB26A2BA-3E21-4EDC-BA86-74252A1E9B60}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{0F718442-4349-481B-B9BE-0434243B45CC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{2584FB02-825A-4197-BCA8-5DEFEA1D7FC3}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7D89EE86-9CF5-4C71-B679-C896786B9327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{23CCE833-C21A-4284-942A-1E2BDC544952}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{158F0404-1BBA-48A7-B105-4CFF6C637FA8}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "TCP Query User{E4240EF3-695C-4EAC-834B-580750BF9B6A}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{BA578043-7B5F-4C14-A5F0-DD1203936051}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{FB00228A-A7BB-43F6-A5BF-73A7D28205CB}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "UDP Query User{440986FF-83C0-400D-93B1-ECA44E786697}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "TCP Query User{AECC5E9E-BAE8-4888-9F67-6301045DAADA}C:\program files\hamachi\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{23AB184E-67A6-4A61-8C12-79AEB04D7169}C:\program files\hamachi\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{E3F29125-A2B2-4113-8259-25657DFDBDB6}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{9E030592-428F-49C6-A9A2-23D22441CF1A}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{63C96D9E-C7A9-44CE-88BE-0C515539437C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2192EAE9-5368-4EE8-8CD3-9C66A8912293}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{6D454281-F9A4-42A7-86FC-C5AE502DEEBA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{A03C0C98-1D14-4B69-8834-7AF18EE7CBC7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AD2F44F6-5754-4B64-A8A8-4F6C6A2FA4BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{112DB924-3F00-438F-ACB8-1C1D58D9EBA6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{48480C3F-4276-4B3B-9D8B-488BD0F40DEA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-10-29 41184] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2008-04-23 34752] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-10-29 60064] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2008-04-23 12896] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-23 62048] S3 Brndis;External USB Cable Modem;C:\Windows\system32\DRIVERS\Brndis.sys [2004-02-06 16512] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 27072] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2008-04-23 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2008-04-23 25184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5f6184-012e-11dd-8acc-806e6f6e6963}] \shell\AutoRun\command - E:\EPSETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990fee76-9538-11dd-9d90-001bb97e2318}] \shell\AutoRun\command - J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f1fc82-990f-11dd-bed9-001bb97e2318}] \shell\AutoRun\command - K:\start.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{2D2B0467-6BFE-4217-82E0-E7D63BCEFB92}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33] 2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{A3BD8618-9E38-4205-94E6-90329DCC055B}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Users\Anne-laure\AppData\Roaming\Mozilla\Firefox\Profiles\leichzot.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-30 10:04:59 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0

Help-me-=) · Answer

Voilà J'ai fais Exactement Se Que Vous Avez Dit , J'éspere que ça à marcher , voilà le rapport : ComboFix 08-10-30.04 - Anne-laure 2008-10-30 9:58:32.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1222 [GMT 1:00] Lancé depuis: C:\Users\Anne-laure\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FBrowserAdvisor C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk C:\Users\Véronique\AppData\Roaming\inst.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 )))))))))))))))))))))))))))))))))))) . 2008-10-29 20:37 . 2008-10-29 20:37 401,720 --a------ C:\Users\Anne-laure\HiJackThis.exe 2008-10-29 19:52 . 2008-10-29 19:52 d-------- C:\Program Files\Trend Micro 2008-10-29 18:04 . 2008-10-29 18:04 d-------- C:\VundoFix Backups 2008-10-29 15:48 . 2008-10-29 15:55 d-------- C:\Users\Anne-laure\DoctorWeb 2008-10-29 13:09 . 2008-10-29 13:51 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-29 13:09 . 2008-10-29 13:51 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-29 13:09 . 2008-10-29 13:22 d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-29 11:00 . 2008-10-29 11:00 d-------- C:\Program Files\Defenza 2008-10-29 11:00 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\System32\Machnm1.exe 2008-10-29 11:00 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\System32\Machnm64.sys 2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\System32\118290.54 2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\118294.78 2008-10-29 11:00 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\System32\Machnm32.sys 2008-10-29 08:38 . 2008-08-12 04:39 443,392 --a------ C:\WINDOWS\System32\win32spl.dll 2008-10-29 08:38 . 2008-09-18 05:56 147,456 --a------ C:\WINDOWS\System32\Faultrep.dll 2008-10-29 08:38 . 2008-09-18 05:56 125,952 --a------ C:\WINDOWS\System32\wersvc.dll 2008-10-28 09:31 . 2008-10-28 09:32 d-------- C:\Program Files\Photo Story 3 for Windows 2008-10-26 19:53 . 2008-10-28 20:35 d-------- C:\Program Files\Messenger Plus! Live 2008-10-26 10:28 . 2008-10-26 10:28 d-------- C:\Program Files\The Cleaner Demo 2008-10-26 10:12 . 2008-10-26 10:57 d-------- C:\Program Files\Trojan Remover 2008-10-23 20:34 . 2008-10-23 20:34 d-------- C:\Users\All Users\UDL 2008-10-23 20:34 . 2008-10-23 20:34 d-------- C:\ProgramData\UDL 2008-10-23 20:24 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\System32\E_FLBBZE.DLL 2008-10-23 20:24 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\System32\E_FD4BBZE.DLL 2008-10-23 20:24 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\System32\E_DCINST.DLL 2008-10-23 20:23 . 2008-10-23 20:29 d-------- C:\Users\All Users\EPSON 2008-10-23 20:23 . 2008-10-23 20:29 d-------- C:\ProgramData\EPSON 2008-10-23 20:23 . 2008-10-23 20:32 d-------- C:\Program Files\EPSON 2008-10-23 20:22 . 2008-10-23 20:22 25 --a------ C:\WINDOWS\CDED92Euro.ini 2008-10-23 07:55 . 2008-08-05 10:49 428,544 --a------ C:\WINDOWS\System32\EncDec.dll 2008-10-23 07:55 . 2008-08-05 10:49 293,376 --a------ C:\WINDOWS\System32\psisdecd.dll 2008-10-23 07:55 . 2008-08-05 10:48 217,088 --a------ C:\WINDOWS\System32\psisrndr.ax 2008-10-23 07:55 . 2008-08-05 10:48 177,664 --a------ C:\WINDOWS\System32\mpg2splt.ax 2008-10-23 07:55 . 2008-08-05 10:48 80,896 --a------ C:\WINDOWS\System32\MSNP.ax 2008-10-18 19:12 . 2008-10-26 10:23 d-------- C:\Users\Anne-laure\AppData\Roaming\Hamachi 2008-10-18 19:11 . 2008-10-18 19:11 25,280 --a------ C:\WINDOWS\System32\drivers\hamachi.sys 2008-10-18 17:10 . 2008-10-18 17:55 d-------- C:\Program Files\Dofus 2008-10-15 10:11 . 2008-10-15 10:11 d-------- C:\Users\Anne-laure\AppData\Roaming\Media Player Classic 2008-10-15 07:40 . 2008-09-18 06:09 3,601,464 --a------ C:\WINDOWS\System32 tkrnlpa.exe 2008-10-15 07:40 . 2008-09-18 06:09 3,549,240 --a------ C:\WINDOWS\System32 toskrnl.exe 2008-10-15 07:40 . 2008-09-18 03:16 2,032,640 --a------ C:\WINDOWS\System32\win32k.sys 2008-10-15 07:40 . 2008-10-02 04:49 827,392 --a------ C:\WINDOWS\System32\wininet.dll 2008-10-15 07:40 . 2008-09-03 04:59 468,992 --a------ C:\WINDOWS\System32 ewdev.dll 2008-10-15 07:40 . 2008-08-27 02:06 288,768 --a------ C:\WINDOWS\System32\drivers\srv.sys 2008-10-15 07:40 . 2008-09-03 04:58 74,752 --a------ C:\WINDOWS\System32 ewdev.exe 2008-10-15 07:39 . 2008-10-02 02:32 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb 2008-10-14 18:21 . 2008-10-14 18:21 d-------- C:\Program Files\Audacity 2008-10-14 18:16 . 2008-10-14 18:16 d-------- C:\Program Files\Common Files\DVDVIDEOSOFT 2008-10-14 18:16 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\System32\msvcr70.dll 2008-10-14 17:42 . 2008-03-21 21:30 3,596,288 --a------ C:\WINDOWS\System32\qt-dx331.dll 2008-10-14 17:42 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\System32\xvidcore.dll 2008-10-14 17:42 . 2008-03-31 22:25 682,496 --a------ C:\WINDOWS\System32\divx.dll 2008-10-14 17:42 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\System32\lameACM.acm 2008-10-14 17:42 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\System32\yv12vfw.dll 2008-10-14 17:42 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\System32\unrar.dll 2008-10-14 17:42 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\System32\xvidvfw.dll 2008-10-14 17:42 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\System32\ac3acm.acm 2008-10-14 17:42 . 2008-03-21 21:28 81,920 --a------ C:\WINDOWS\System32\dpl100.dll 2008-10-14 17:42 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\System32\lame_acm.xml 2008-10-14 17:41 . 2008-10-14 17:42 d-------- C:\Program Files\K-Lite Codec Pack 2008-10-14 17:41 . 2008-03-28 18:41 7,680 --a------ C:\WINDOWS\System32\ff_vfw.dll 2008-10-14 17:41 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\System32\ff_vfw.dll.manifest 2008-10-12 20:24 . 2008-10-28 13:14 d-------- C:\Users\Anne-laure\AppData\Roaming\LimeWire 2008-10-11 21:56 . 2008-10-26 10:48 d-------- C:\Program Files\Windows Live Toolbar 2008-10-11 21:56 . 2008-10-11 21:56 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-10-11 21:20 . 2006-11-29 12:06 3,426,072 --a------ C:\WINDOWS\System32\d3dx9_32.dll 2008-10-11 21:17 . 2008-06-26 04:21 712,704 --a------ C:\WINDOWS\System32\WindowsCodecs.dll 2008-10-11 21:17 . 2008-06-26 04:21 347,648 --a------ C:\WINDOWS\System32\WindowsCodecsExt.dll 2008-10-11 21:14 . 2008-10-11 21:14 d-------- C:\Program Files\Microsoft 2008-10-11 21:10 . 2008-10-11 21:10 d-------- C:\Program Files\Common Files\Windows Live 2008-10-11 21:07 . 2008-10-23 20:44 d-------- C:\Program Files\Microsoft Silverlight 2008-10-11 17:17 . 2008-10-11 17:19 d-------- C:\Users\Anne-laure\AppData\Roaming\SecondLife 2008-10-10 11:38 . 2008-04-17 12:12 107,368 --a------ C:\WINDOWS\System32\GEARAspi.dll 2008-10-10 11:38 . 2008-04-17 12:12 15,464 --a------ C:\WINDOWS\System32\drivers\GEARAspiWDM.sys 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-10 11:37 . 2008-10-10 11:38 d-------- C:\Program Files\iTunes 2008-10-10 11:37 . 2008-10-10 11:37 d-------- C:\Program Files\iPod 2008-10-10 11:36 . 2008-10-10 11:36 d-------- C:\Program Files\Bonjour 2008-10-10 11:28 . 2008-10-10 11:28 d-------- C:\Program Files\Apple Software Update 2008-10-09 19:49 . 2008-10-09 19:49 d-------- C:\Program Files\Conjugaison 2008-10-09 19:24 . 2008-10-29 08:32 d-------- C:\Users\vero\AppData\Roaming\F-Secure 2008-10-09 18:26 . 2008-10-09 18:26 d-------- C:\Users\All Users\TomTom 2008-10-09 18:26 . 2008-10-09 18:26 d-------- C:\ProgramData\TomTom 2008-10-09 18:26 . 2008-10-30 09:53 d-------- C:\Program Files\TomTom HOME 2008-10-09 18:25 . 2008-10-09 18:25 d-------- C:\Users\vero\AppData\Roaming\TomTom 2008-10-09 18:25 . 2008-10-09 18:25 d-------- C:\Users\vero\AppData\Roaming\InstallShield 2008-10-09 18:24 . 2008-10-09 18:24 d-------- C:\Program Files\TomTom HOME 2 2008-10-09 18:23 . 2008-10-09 18:23 d-------- C:\Program Files\TomTom DesktopSuite 2008-10-08 12:24 . 2008-10-08 12:24 d-------- C:\Users\Anne-laure\AppData\Roaming\InstallShield 2008-10-08 11:24 . 2008-10-08 11:24 d-------- C:\Users\vero\AppData\Roaming\Apple Computer 2008-10-07 02:10 . 2008-07-16 02:32 2,048 --a------ C:\WINDOWS\System32 zres.dll 2008-10-06 16:35 . 2008-10-29 10:49 d-------- C:\Users\Anne-laure\AppData\Roaming\F-Secure 2008-10-06 16:25 . 2008-04-23 17:15 572,512 --a------ C:\WINDOWS\System32\msvcp50.dll 2008-10-06 16:25 . 2008-10-29 10:36 60,064 --a------ C:\WINDOWS\System32\drivers\fsdfw.sys 2008-10-06 16:25 . 2008-04-23 17:11 34,752 --a------ C:\WINDOWS\System32\drivers\fses.sys 2008-10-06 16:24 . 2008-10-06 16:24 d-------- C:\Users\All Users\F-Secure 2008-10-06 16:24 . 2008-10-06 16:24 d-------- C:\ProgramData\F-Secure 2008-10-06 16:22 . 2008-10-06 16:22 d-------- C:\Program Files\Orange 2008-10-06 16:18 . 2008-10-14 09:04 d-------- C:\Users\All Users\fssg 2008-10-06 16:18 . 2008-10-14 09:04 d-------- C:\ProgramData\fssg 2008-10-06 15:08 . 2008-06-26 02:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll 2008-10-06 15:08 . 2008-06-26 02:45 2,644,480 --a------ C:\WINDOWS\System32\NlsLexicons0009.dll 2008-10-06 15:07 . 2008-06-26 04:29 801,280 --a------ C:\WINDOWS\System32\NaturalLanguage6.dll 2008-10-06 15:05 . 2008-07-31 02:13 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll 2008-10-06 15:05 . 2008-04-26 09:26 891,448 --a------ C:\WINDOWS\System32\drivers cpip.sys 2008-10-06 15:05 . 2008-04-12 04:32 784,896 --a------ C:\WINDOWS\System32 pcrt4.dll 2008-10-06 15:05 . 2008-06-19 04:31 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL 2008-10-06 15:05 . 2008-04-05 02:21 72,192 --a------ C:\WINDOWS\System32\drivers\pacer.sys 2008-10-06 15:05 . 2008-07-31 04:32 28,160 --a------ C:\WINDOWS\System32\Apphlpdm.dll 2008-10-06 15:05 . 2008-04-05 04:34 15,360 --a------ C:\WINDOWS\System32\pacerprf.dll 2008-10-06 14:41 . 2008-07-19 06:09 1,811,656 --a------ C:\WINDOWS\System32\wuaueng.dll 2008-10-06 14:41 . 2008-07-19 04:44 1,524,736 --a------ C:\WINDOWS\System32\wucltux.dll 2008-10-06 14:41 . 2008-07-19 06:09 563,912 --a------ C:\WINDOWS\System32\wuapi.dll 2008-10-06 14:41 . 2008-07-19 04:44 83,456 --a------ C:\WINDOWS\System32\wudriver.dll 2008-10-06 14:41 . 2008-07-19 06:10 53,448 --a------ C:\WINDOWS\System32\wuauclt.exe 2008-10-06 14:41 . 2008-07-19 06:10 45,768 --a------ C:\WINDOWS\System32\wups2.dll 2008-10-06 14:41 . 2008-07-19 06:10 36,552 --a------ C:\WINDOWS\System32\wups.dll 2008-10-06 14:40 . 2008-07-18 21:08 163,904 --a------ C:\WINDOWS\System32\wuwebv.dll 2008-10-06 14:40 . 2008-07-18 19:44 31,232 --a------ C:\WINDOWS\System32\wuapp.exe 2008-10-06 14:24 . 2008-10-06 14:24 d-------- C:\Program Files\Securitoo 2008-10-06 14:24 . 2006-11-28 19:46 28,224 --a------ C:\WINDOWS\System32\drivers\PCAMp50.sys 2008-10-06 14:24 . 2006-11-28 19:46 27,072 --a------ C:\WINDOWS\System32\drivers\PCASp50.sys 2008-10-06 14:22 . 2008-10-06 14:49 d-------- C:\Program Files\OrangeHSS 2008-10-06 14:22 . 2007-12-11 19:22 65,536 --a------ C:\WINDOWS\System32\Autodial2000.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT 2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT 2008-10-29 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-26 09:38 --------- d-----w C:\Program Files\Hamachi 2008-10-23 19:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-20 10:28 --------- d-----w C:\Program Files\Windows Live 2008-10-16 01:13 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-12 19:24 --------- d-----w C:\Program Files\LimeWire 2008-10-11 20:50 --------- d-----w C:\ProgramData\WLInstaller 2008-10-10 10:36 --------- d-----w C:\Program Files\QuickTime 2008-10-10 10:35 --------- d-----w C:\Program Files\Common Files\Apple 2008-10-08 11:31 --------- d-----w C:\Program Files\FinePixViewer 2008-10-08 11:27 --------- d-----w C:\Users\Anne-laure\AppData\Roaming\FUJIFILM 2008-10-08 11:23 --------- d-----w C:\Users\Véronique\AppData\Roaming\FUJIFILM 2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-20 17:38 1,435,224 ----a-w C:\Users anou\TMPGEnc-2.524.63.181-Free.zip 2008-06-20 17:05 1,665,325 ----a-w C:\Users anou\agfreesetup.exe 2008-06-20 16:31 1,579,972 ----a-w C:\Users anou\dvdaudioextractor.exe 2008-06-10 19:38 20,019 ----a-w C:\Users anou\unfreez.zip 2008-05-31 19:45 3,115,008 ----a-w C:\Users anou\AudioVideo_To_Exe(English).exe 2008-05-28 09:46 47,360 ----a-w C:\Users\Véronique\AppData\Roaming\pcouffin.sys 2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat 2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat 2008-04-28 01:45 174 --sha-w C:\Program Files\desktop.ini 2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-27 07:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\WINDOWS\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "au"="C:\Program Files\Dealio\DealioAU.exe" [2008-04-16 591200] "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-04-23 182936] "F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-04-23 744032] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 1359872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168] C:\Users\Anne-laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de notification Live Search.lnk - C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-20 143360] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-06-15 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2BF1B30A-E70B-40C0-A49B-E32E0357E594}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5DE2C203-A710-4888-A4A0-B03BC6F9F7EE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{AB26A2BA-3E21-4EDC-BA86-74252A1E9B60}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{0F718442-4349-481B-B9BE-0434243B45CC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{2584FB02-825A-4197-BCA8-5DEFEA1D7FC3}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{7D89EE86-9CF5-4C71-B679-C896786B9327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{23CCE833-C21A-4284-942A-1E2BDC544952}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{158F0404-1BBA-48A7-B105-4CFF6C637FA8}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "TCP Query User{E4240EF3-695C-4EAC-834B-580750BF9B6A}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{BA578043-7B5F-4C14-A5F0-DD1203936051}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{FB00228A-A7BB-43F6-A5BF-73A7D28205CB}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "UDP Query User{440986FF-83C0-400D-93B1-ECA44E786697}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "TCP Query User{AECC5E9E-BAE8-4888-9F67-6301045DAADA}C:\program files\hamachi\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{23AB184E-67A6-4A61-8C12-79AEB04D7169}C:\program files\hamachi\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{E3F29125-A2B2-4113-8259-25657DFDBDB6}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{9E030592-428F-49C6-A9A2-23D22441CF1A}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{63C96D9E-C7A9-44CE-88BE-0C515539437C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2192EAE9-5368-4EE8-8CD3-9C66A8912293}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{6D454281-F9A4-42A7-86FC-C5AE502DEEBA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{A03C0C98-1D14-4B69-8834-7AF18EE7CBC7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AD2F44F6-5754-4B64-A8A8-4F6C6A2FA4BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{112DB924-3F00-438F-ACB8-1C1D58D9EBA6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{48480C3F-4276-4B3B-9D8B-488BD0F40DEA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-10-29 41184] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2008-04-23 34752] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-10-29 60064] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2008-04-23 12896] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-23 62048] S3 Brndis;External USB Cable Modem;C:\Windows\system32\DRIVERS\Brndis.sys [2004-02-06 16512] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 27072] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2008-04-23 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2008-04-23 25184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5f6184-012e-11dd-8acc-806e6f6e6963}] \shell\AutoRun\command - E:\EPSETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990fee76-9538-11dd-9d90-001bb97e2318}] \shell\AutoRun\command - J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f1fc82-990f-11dd-bed9-001bb97e2318}] \shell\AutoRun\command - K:\start.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{2D2B0467-6BFE-4217-82E0-E7D63BCEFB92}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33] 2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{A3BD8618-9E38-4205-94E6-90329DCC055B}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Users\Anne-laure\AppData\Roaming\Mozilla\Firefox\Profiles\leichzot.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-30 10:04:59 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0

Help-me-=) · Answer

Oula , pardon

Help-me-=) · Answer

Désolé du temps ,, 1h40 Que ça Scan

J'en peux plus xD

Help-me-=) · Answer

Enfin !!

Donc voila le rapport :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1338
Windows 6.0.6001 Service Pack 1

30/10/2008 13:21:28
mbam-log-2008-10-30 (13-21-28).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 205346
Temps écoulé: 2 hour(s), 0 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:egxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Véronique\AppData\Local\Temp	emC94F.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Véronique\AppData\Local\Temp	em4213.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\Users\Véronique\Desktop\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.

Help-me-=) · Answer

Voilà :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:44, on 30/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\Anne-laure\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 92.48.81.32 iHabbixReloaded
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Anne-laure\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Help-me-=) · Answer

Voilà :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:44, on 30/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\Anne-laure\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 92.48.81.32 iHabbixReloaded
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Anne-laure\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Help-me-=) · Answer

alors voilà c'était tou se qu'il fallait faire ?

...

SmitFraudFix v2.369

Scan done at 22:56:11,19, 30/10/2008
Run from C:\Users\Anne-laure\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Windows\system32\conime.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32	askeng.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1	www.legal-at-spybot.info
127.0.0.1	legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Anne-laure


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Anne-laure\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ANNE-L~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Contrôleur de réseau NVIDIA nForce
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{935042F9-914D-41CA-AD82-67BD57308E22}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{935042F9-914D-41CA-AD82-67BD57308E22}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{935042F9-914D-41CA-AD82-67BD57308E22}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Help-me-=) · Answer

Euh ... Le Lien Ne Marchait Pas Donc J'ai CherChé SUr google en esperent ne pas m'etre trompé


Seul probléme je crois que c'est pas ça xD ... vous pouvez me donner le nom exact de se log??

Help-me-=) · Answer

Bonjur , Excusez Moi pour le temps de réponse je n'ai pas pu venir 


Voilà :

Ca C'est Le Début :




SmitFraudFix v2.369

Scan done at 14:52:18,20, 01/11/2008
Run from C:\Users\Anne-laure\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process
 


Et Ca C'est La Fin Du Rapport :



404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{935042F9-914D-41CA-AD82-67BD57308E22}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{935042F9-914D-41CA-AD82-67BD57308E22}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3AB319A9-3A4B-4D46-9009-02C532DB4219}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{935042F9-914D-41CA-AD82-67BD57308E22}: DhcpNameServer=82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Help-me-=) · Answer

Merci d'être la pour m'aider

Help-me-=) · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:01, on 01/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Users\Anne-laure\HiJackThis.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 92.48.81.32 iHabbixReloaded
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Anne-laure\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Help-me-=) · Answer

Quand j'ouvre Findyfiil apres lavoir instalé comme prévu  ça me dit sa :

Des fichiers sont manquants , l'outils est mal installù !
Findykill ne peut continuer a s'éxecuter ..
Appuyer sur une touche pour quitter Fyndikiill 


Rann !!! très énervent , jai suivie a la lettre se que vous m'avez dit !

Help-me-=) · Answer

C'est pareil sa change rien Désolé :s

Help-me-=) · Answer

Bah toujours le meme probléme : qu'il y a des fichiers manquant .........

Help-me-=) · Answer

Bienn ' Fyndikill ' quand je le met il dise qu'il y a des fichiers manquants pour sont bon fonctionnement , alors comme vous me l'avez dit je les à nouveau télécharger mais ça me dit exactement la meme chose !

Help-me-=) · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Folder C:\Program Files\Defenza\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF473C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF485A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF7B29.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF7BCD.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows	emp
vcbin.def.F51A4546.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11022008_202601

Files moved on Reboot...
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF473C.tmp not found!
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF485A.tmp not found!
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF7B29.tmp not found!
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF7BCD.tmp not found!
C:\Windows	emp
vcbin.def.F51A4546.TMP moved successfully.

Help-me-=) · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\Defenza\splash moved successfully.
C:\Program Files\Defenza\Setting moved successfully.
C:\Program Files\Defenza\QuarantineFolder moved successfully.
C:\Program Files\Defenza\pages\images2 moved successfully.
C:\Program Files\Defenza\pages\images moved successfully.
C:\Program Files\Defenza\pages moved successfully.
C:\Program Files\Defenza moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF39DA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF3AC2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF578.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ANNE-L~1\AppData\Local\Temp\~DF94D0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows	emp
vcbin.def.F51A4546.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11022008_205222

Files moved on Reboot...
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF39DA.tmp not found!
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF3AC2.tmp not found!
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF578.tmp not found!
File C:\Users\ANNE-L~1\AppData\Local\Temp\~DF94D0.tmp not found!
File move failed. C:\Windows	emp
vcbin.def.F51A4546.TMP scheduled to be moved on reboot.






Hijack :



C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\Anne-laure\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 92.48.81.32 iHabbixReloaded
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Anne-laure\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Help-me-=) · Answer

excusez moi:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:50, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\conime.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\Users\Anne-laure\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 92.48.81.32 iHabbixReloaded
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Anne-laure\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Véronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Help-me-=) · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:06, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Windows\system32\conime.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Users\Anne-laure\HiJackThis.exe

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 92.48.81.32 iHabbixReloaded
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Anne-laure\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Help-me-=) · Answer

Bah ça va , à la base les trojan il éteigner juste mon pc , maintenant bah apparement non , et les petits probléme de veille ça va mieux pour l'instant =) , Merci beaucoup de ton aide j'étai un peu embêtente j'avoue je suis désolé merci d'avoir était patient =) , merci vraiment si je peux vous rendre service je le ferais

TROJAN VIRTUMONDE

27 réponses

Discussions similaires

Newsletters