[Résolu] correction de mon HijackThis

[thebestgalerien]

Salut a tous !!

 

bon je vien de découvrir ce fameu logiciel qui semble étre plus qu'efficace ,

aprés je n'y connais pas grand chose en informatique donc si quelqu'un pourrait m'aider a dégager toutes les merdes de mon ordi

 

donc voila le rapport que j'ai copier coller :

 

voila merci d'avance

 

Logfile of HijackThis v1.99.1

Scan saved at 13:46:39, on 02/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.uzzxefzjyy.com/tywHJZti45ZK4/RG...rlnEFXI5Je.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {41D970E4-0EEF-4FB9-99BB-05750A64D2A3} - C:\WINDOWS\system32\onrikkup.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pdgjxqdm.dll

O2 - BHO: (no name) - {67bd4290-1dd2-11b2-adbf-c1cab77e6f46} - C:\WINDOWS\system32\ky4xeMzh.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7C20DF45-30B8-4840-B447-20D5CE22F651} - C:\WINDOWS\system32\pmkjg.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\iifdbbb.dll

O2 - BHO: (no name) - {cc2c1f72-1dd1-11b2-be70-ca8667d831d7} - C:\WINDOWS\system32\TQSWx64i.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P] Supreme Commander

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nmbkzyje] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nmbkzyje.dll"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINDOWS\system32\Command & Conquer 3 Tiberium Wars.exe

O4 - HKLM\..\Run: [crbrhhxuam] c:\windows\system32\crbrhhxuam.exe crbrhhxuam

O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"

O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\axjyjpvp.dll",forkonce

O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Startup: .protected

O4 - Global Startup: .protected

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: iifdbbb - C:\WINDOWS\SYSTEM32\iifdbbb.dll

O20 - Winlogon Notify: pmkjg - C:\WINDOWS\system32\pmkjg.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: syshelps - {7B01BF05-A15E-485F-AF48-8BB95EDB2CED} - syshelps.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\atgpkpxx.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

Modifié le 15 août 2007 par thebestgalerien

[Gof]

EDIT : déja pris en charge ici http://forum.zebulon.fr/index.php?showtopic=127169&hl=.

[thebestgalerien]

mais ce n'es pas dutou le même probléme , un topic c'est pour mon antivirus et l'autre pour la correction d'un test HijackThis

 

cela n'es pas la même chose non ??

[Gof]

Bonsoir thebestgalerien,

 

Il est fort probable que les deux soient liés vu le rapport.

 

Tu n'as pas non plus de pare-feu ? La aussi, les installations échouent ?

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
  
• Lorsque l'analyse sera complétée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse. suivi d'un nouveau log hijackthis
  

[thebestgalerien]

bonsoir Gof , be franchement les mec vous étes des pros de l'informatique et c'est cool de nous aider nous les noobs !!

 

a par sa j'ai fait ce que tu m'a dis donc pour le combofix :

 

ComboFix 07-08-03.4 - "Fabien" 2007-08-03 2:44:36.1 [GMT 2:00] - NTFS

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.Vrai

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\.protected

C:\DOCUME~1\Fabien\APPLIC~1.\hidires\m_hook.sys

C:\DOCUME~1\Fabien\APPLIC~1.\macromedia\Flash Player\#SharedObjects\RW8X9L2P\www.broadcaster.com

C:\DOCUME~1\Fabien\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\Fabien\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\DOCUME~1\Fabien\APPLIC~1.\Ultimate Fixer

C:\DOCUME~1\Fabien\MENUDM~1\PROGRA~1\DMARRA~1.\.protected

C:\DOCUME~1\Maman\APPLIC~1\HbTools

C:\Program Files\Fichiers communs\drivecleaner free

C:\Program Files\Ultimate Cleaner

C:\Program Files\Ultimate Cleaner\com\ucsecuredelete.dll

C:\WINDOWS\.protected

C:\WINDOWS\exefld

C:\WINDOWS\exefld\14595031.exe

C:\WINDOWS\start.exe

C:\WINDOWS\system32\adftvdqf.dll

C:\WINDOWS\SYSTEM32\aionvuel.ini

C:\WINDOWS\system32\bjyrtplt.dll

C:\WINDOWS\system32\bojroyfv.exe

C:\WINDOWS\system32\brsdfqge.dll

C:\WINDOWS\system32\cfvkwhqq.exe

C:\WINDOWS\system32\cjufxwvd.dll

C:\WINDOWS\system32\crbrhhxuam.dat

C:\WINDOWS\system32\crbrhhxuam.exe

C:\WINDOWS\system32\crbrhhxuam_nav.dat

C:\WINDOWS\system32\crbrhhxuam_navps.dat

C:\WINDOWS\system32\cwvajeut.exe

C:\WINDOWS\system32\dkudsdrg.dll

C:\WINDOWS\system32\drivers\etc\.protected

C:\WINDOWS\system32\dvuqomon.dll

C:\WINDOWS\system32\exlgjstr.exe

C:\WINDOWS\system32\fmeiqfcs.dll

C:\WINDOWS\SYSTEM32\gjkmp.bak1

C:\WINDOWS\SYSTEM32\gjkmp.bak2

C:\WINDOWS\SYSTEM32\gjkmp.ini

C:\WINDOWS\SYSTEM32\gjkmp.ini2

C:\WINDOWS\SYSTEM32\gjkmp.tmp

C:\WINDOWS\system32\gtcnixfl.exe

C:\WINDOWS\SYSTEM32\hngcgkyo.ini

C:\WINDOWS\system32\iifdbbb.dll

C:\WINDOWS\system32\ijyobfqj.exe

C:\WINDOWS\system32\jghkfnmi.dll

C:\WINDOWS\system32\jxedpkob.dll

C:\WINDOWS\system32\krisvmtm.exe

C:\WINDOWS\system32\kvchuwvp.exe

C:\WINDOWS\system32\leuvnoia.dll

C:\WINDOWS\system32\lhltrtgs.dll

C:\WINDOWS\system32\ljkyiayt.exe

C:\WINDOWS\system32\lnrgifuq.exe

C:\WINDOWS\system32\lwgeowbo.dll

C:\WINDOWS\system32\lyyqueot.exe

C:\WINDOWS\system32\miifwtwe.dll

C:\WINDOWS\system32\msnnvyia.dll

C:\WINDOWS\system32\myaqdyim.exe

C:\WINDOWS\system32\nbuikpep.exe

C:\WINDOWS\system32\nipyaale.exe

C:\WINDOWS\system32\nolsfuwa.exe

C:\WINDOWS\system32\nskictaf.exe

C:\WINDOWS\system32\ojvypyoc.exe

C:\WINDOWS\system32\onrikkup.dll

C:\WINDOWS\system32\opskchep.dll

C:\WINDOWS\system32\oykgcgnh.dll

C:\WINDOWS\system32\pdgjxqdm.dll

C:\WINDOWS\system32\pmkjg.dll

C:\WINDOWS\system32\poopbnrn.dll

C:\WINDOWS\system32\pxmwwwnx.dll

C:\WINDOWS\system32\qoppnhgm.exe

C:\WINDOWS\system32\qtynxrao.dll

C:\WINDOWS\system32\qvbigulo.exe

C:\WINDOWS\system32\repqcaxm.exe

C:\WINDOWS\system32\rmykvvbe.exe

C:\WINDOWS\system32\sesddmhg.exe

C:\WINDOWS\system32\smxvhloh.dll

C:\WINDOWS\system32\SysPr.prx

C:\WINDOWS\system32\taywfanj.exe

C:\WINDOWS\system32\tjwqyscs.exe

C:\WINDOWS\system32\tsgpjbaj.dll

C:\WINDOWS\system32\unihcpow.dll

C:\WINDOWS\system32\uvynnnkx.exe

C:\WINDOWS\system32\vtuuvvv.dll

C:\WINDOWS\system32\vvxhcdoo.exe

C:\WINDOWS\system32\vwkteuje.dll

C:\WINDOWS\system32\weydsmub.exe

C:\WINDOWS\system32\wgffuhqa.dll

C:\WINDOWS\system32\winspool.dll

C:\WINDOWS\system32\wwvarfse.exe

C:\WINDOWS\system32\ymqxklvm.exe

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_M_HOOK

-------\LEGACY_ROSA

-------\DomainService

-------\rosa

 

 

((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))

 

 

2007-08-03 02:43 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-02 13:11 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

2007-07-29 13:06 377,876 --a------ C:\WINDOWS\SYSTEM32\wifsbvgn.dll

2007-07-27 17:19 377,876 --a------ C:\WINDOWS\SYSTEM32\iwltoaph.dll

2007-07-26 17:21 125,972 --a------ C:\WINDOWS\SYSTEM32\axjyjpvp.dll

2007-07-25 19:18 86,016 --a------ C:\WINDOWS\SYSTEM32\mljjkig.exe

2007-07-25 19:17 350,241 --a------ C:\WINDOWS\SYSTEM32\eqpphtli.exe

2007-07-24 19:17 86,016 --a------ C:\WINDOWS\SYSTEM32\ddcyxyw.exe

2007-07-24 19:17 350,241 --a------ C:\WINDOWS\SYSTEM32\iiykuteq.exe

2007-07-23 13:42 86,016 --a------ C:\WINDOWS\SYSTEM32\cbxuttr.exe

2007-07-23 13:42 350,241 --a------ C:\WINDOWS\SYSTEM32\prmuwxhb.exe

2007-07-20 01:55 <REP> d-------- C:\Program Files\Alwil Software

2007-07-19 17:21 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys

2007-07-19 14:49 <REP> d-------- C:\DOCUME~1\Fabien\.housecall6.6

2007-07-18 19:06 <REP> d-------- C:\kav

2007-07-17 15:05 <REP> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2007-07-11 15:28 350,241 --a------ C:\WINDOWS\SYSTEM32\isahbbhv.exe

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-03 02:58 --------- d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment

2007-08-03 02:04 --------- d-------- C:\Program Files\Everest Poker.net

2007-08-02 15:30 --------- d-------- C:\Program Files\eMule

2007-08-02 00:21 --------- d-------- C:\Program Files\Starcraft

2007-07-24 12:12 34304 --a--c--- C:\DOCUME~1\Fabien\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-07-19 04:13 --------- d-------- C:\Program Files\a-squared Free

2007-07-15 17:52 --------- d-------- C:\Program Files\DAEMON Tools

2007-07-10 10:30 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-29 13:23 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-06-29 13:16 --------- d-------- C:\Program Files\Microsoft ActiveSync

2007-06-29 13:16 --------- d-------- C:\Program Files\Fichiers communs\Teleca Shared

2007-06-29 08:46 51733 --a------ C:\WINDOWS\system32\plugin1.dat

2007-06-29 02:06 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-06-28 21:56 --------- d-------- C:\DOCUME~1\Fabien\APPLIC~1\Command & Conquer 3 Les guerres du Tiberium

2007-06-27 14:27 72516 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-06-27 14:27 461554 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-06-27 12:54 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-06-27 04:28 21948 --a------ C:\Program Files\serial.zip

2007-06-27 04:28 21948 --a------ C:\Program Files\serial.dat

2007-06-27 04:09 --------- d-------- C:\Program Files\Electronic Arts

2007-06-26 20:30 --------- d-------- C:\Program Files\THQ

2007-06-16 12:16 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-06-15 11:18 --------- d-------- C:\Program Files\Lavasoft

2007-06-13 00:25 --------- d-------- C:\Program Files\WebMediaPlayer

2006-10-07 20:54 390023 -rahs---- C:\Program Files\wunauclt.zip

2006-10-07 20:54 390023 -rahs---- C:\Program Files\wunauclt.tbe

2006-08-27 15:38 1015973 -rahs---- C:\Program Files\serial.tde

2006-08-27 15:19 56239 --a------ C:\Program Files\svchosts.tbe

2006-07-30 20:45 278528 --a--c--- C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2005-09-28 10:56 185856 --a------ C:\Program Files\7za.exe

2003-03-20 20:49 266 --ahs---- C:\Program Files\desktop.ini

2003-03-20 20:49 11208 --ah-c--- C:\Program Files\folder.htt

--------- C:\Program Files\Hijackthis Version Française

2004-08-19 23:09:19 65,024 --sha-w C:\WINDOWS\SYSTEM32\asycfilt.dll

2004-08-19 23:09:30 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll

2001-08-28 11:00:00 57,344 --sha-w C:\WINDOWS\SYSTEM32\mfc42loc.dll

2004-08-19 23:09:34 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll

2004-08-19 23:09:34 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll

2001-08-28 11:00:00 253,952 -csha-w C:\WINDOWS\SYSTEM32\msvcrt20.dll

2004-08-19 23:09:36 553,472 --sha-w C:\WINDOWS\SYSTEM32\oleaut32.dll

2004-08-19 23:09:36 83,456 --sha-w C:\WINDOWS\SYSTEM32\olepro32.dll

2004-08-19 23:09:46 30,749 --sha-w C:\WINDOWS\SYSTEM32\vbajet32.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67bd4290-1dd2-11b2-adbf-c1cab77e6f46}]

C:\WINDOWS\system32\ky4xeMzh.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc2c1f72-1dd1-11b2-be70-ca8667d831d7}]

C:\WINDOWS\system32\TQSWx64i.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" []

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]

"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" []

"orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" []

"I downloaded pirated Software from P2P"="Supreme Commander" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 11:38]

"nwiz"="nwiz.exe" [2005-11-04 11:38 C:\WINDOWS\SYSTEM32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-04 11:38]

"nmbkzyje"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\nmbkzyje.dll" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"I downloaded pirated Software from P2P "="C:\WINDOWS\system32\Command & Conquer 3 Tiberium Wars.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" []

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" []

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

"german.exe"="C:\WINDOWS\system32\wintems.exe" []

"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

.protected [2007-05-27 19:58:19]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"syshelps"= {7B01BF05-A15E-485F-AF48-8BB95EDB2CED} - syshelps.dll [ ]

 

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant d'Acrobat.lnk

backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinScheduler.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinScheduler.lnk

backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk

backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chsf]

C:\WINDOWS\chsf.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fcaoy]

C:\Program Files\Lxatlht\Pgbtou.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]

C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lycosInside]

C:\Program Files\lycos\Lyc_SysTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]

C:\Program Files\Media Gateway\MediaGateway.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

"C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]

C:\Program Files\NaviSearch\bin\nls.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\System32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]

mmrtkrnl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]

rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]

c:\temp\salm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srelmfob]

C:\WINDOWS\srelmfob.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]

SysTray.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgkud8k9]

C:\WINDOWS\system32\tgkud8k9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopSearch]

C:\Program Files\TopSearch\TopSearch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\twhxcjal]

C:\WINDOWS\system32\qksqfdad.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upload lies]

C:\DOCUME~1\Fabien\APPLIC~1\CLOSET~1\DEFAULT ENC WAIT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vxuirtrc]

C:\WINDOWS\System32\hwbqujxp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanadoo Messager.exe]

"C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]

C:\Program Files\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates]

"C:\Program Files\WebRebates4\webrebates.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]

"C:\Program Files\Web_Rebates\WebRebates0.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"C:\Program Files\Winamp3\winampa.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows SA]

C:\Program Files\WindowsSA\omniscient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

 

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys

R0 MMRTKRNL;MMRTKRNL;C:\WINDOWS\system32\drivers\mmrtkrnl.sys

R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys

R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys

R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys

R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys

R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys

R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys

R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys

R2 enodpl;enodpl;C:\WINDOWS\system32\drivers\enodpl.sys

R2 tandpl;tandpl;C:\WINDOWS\system32\drivers\tandpl.sys

R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft;C:\WINDOWS\system32\drivers\msmpu401.sys

R3 nvax;Service for NVIDIA® nForce Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys

R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys

R3 nvnforce;Service for NVIDIA® nForce Audio;C:\WINDOWS\system32\drivers\nvapu.sys

S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys

S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys

S3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add;C:\WINDOWS\system32\DRIVERS\GcKernel.sys

S3 HIDSwvd;Minipilote de p‚riph‚rique Microsoft SideWinder HID virtuel;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys

S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

S3 musbehco;musbehco;\??\C:\DOCUME~1\Fabien\LOCALS~1\Temp\musbehco.sys

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys

S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys

S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter;C:\WINDOWS\system32\DRIVERS\irstusb.sys

S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys

S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

S3 zlportio;zlportio;\??\C:\DOCUME~1\Fabien\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\starfuck_de\starfuck_de\program\zlportio.sys

S4 ATMsrvc;ATM Service;C:\WINDOWS\System32\ATMsrvc.exe

S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39631872-d11b-11da-94a8-00e018f78029}]

AutoRun\command- J:\OblivionLauncher.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]

C:\WINDOWS\system32\o-o-b.exe s

 

Contents of the 'Scheduled Tasks' folder

2007-07-30 18:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

2007-07-28 12:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-28 08:00:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-28 18:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-27 16:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\dr.exe

2007-07-27 18:00:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-27 15:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\dr.exe

2007-07-27 18:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\user32.exe

2007-07-27 12:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-27 06:00:00 C:\WINDOWS\Tasks\At9.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-03 02:59:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]

"FlushCacheFiles"=str(7):"C:\WINDOWS\SoftwareDistribution\EventCache\{CB3F900D-D45F-47D0-9661-21813CD92DB4}.bin\"

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-03 3:02:07 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-03 03:01

 

--- E O F ---

 

et voila le test de hijackThis :

 

Logfile of HijackThis v1.99.1

Scan saved at 03:02:53, on 03/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\cmd.exe

C:\ComboFix\vfind.cfexe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {67bd4290-1dd2-11b2-adbf-c1cab77e6f46} - C:\WINDOWS\system32\ky4xeMzh.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {cc2c1f72-1dd1-11b2-be70-ca8667d831d7} - C:\WINDOWS\system32\TQSWx64i.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P] Supreme Commander

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nmbkzyje] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nmbkzyje.dll"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] C:\WINDOWS\system32\Command & Conquer 3 Tiberium Wars.exe

O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Global Startup: .protected

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: syshelps - {7B01BF05-A15E-485F-AF48-8BB95EDB2CED} - syshelps.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

bonne chance pour tous décripter sa a l'air telement compliqué comme ca

[angelique]

hello Gof

 

y'a du bagle(ui va se faire bouffer par Elibagla^^), navipromo/egdaccess et du vundo , un rapport blacklight a été pondu ici:

http://forum.zebulon.fr/index.php?showtopic=127169&hl=

 

Je te laisse la suite

[Malekal_morte]

C'est n'importe quoi ce PC...

Ver MSN + Magic.Control + Baggle + d'autres merdes...

 

Ca sent le gars qui téléchargent des cracks, et le premier programme et lien pourri..

les sites pornos..

 

Va peut-être falloir commencer à arreter de faire n'importe quoi sur internet..

[thebestgalerien]

lol oui c'est vrai que c'est un peu le bordel , j'ai 4fréres chez moi qui se servent tousses de cet ordi donc forcémement chacun y met un peu n'importe quoi dessus , comment tout éradiquer alors ??

[Gof]

Bonsoir tout le monde Bonsoir thebestgalerien

 

Effectivement il y a du boulot . Il va falloir songer très sérieusement à t'équiper d'outils de sécurité (lorsque je te le dirais) et à responsabiliser tes frères sur les usages de l'internet !

 

Bon, on va dégrossir. Tout ne sera pas traité, mais une bonne partie déja.

 

Télécharge ELIBAGLA (le lien se trouve en bas de page)

• Clique sur le bouton Descargar Elibagla , place le sur le bureau.
  
• Double-clique dessus pour l'ouvrir.
  
• Assure-toi que dans le menu déroulant Unidad, tu aies bien C:\
  
• Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
  
• Clique sur le bouton Explorar pour lancer l'analyse.
  

Poste le rapport ELIBAGLA dans ta prochaine réponse. Si tu ne le vois pas, il se trouve ici > C:\InfoSat.txt.

 

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau.

• Décompresse-le (clic droit >> Extraire ici) et double-clique sur le fichier MSNFix.bat.
  
• Exécute l'option R.
  
• Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
  Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
  
• Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
  

Fais un clic droit sur ce lien : Navilog1

• Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.
  
• Ensuite double clique sur navilog1.exe pour lancer l'installation.
  
• Une fois l'installation terminée, le fix s'exécutera automatiquement.
  (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
  
• Laisse-toi guider. Au menu principal, choisis 1 et valide.
  Patiente jusqu'au message : *** Analyse Termine le ..... ***
  
• Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir. Sauvegarde le rapport sous Navilog1 de sorte de me le poster dans ta prochaine réponse. Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
  

Double-clique encore sur le raccourci Navilog1 présent sur le bureau

• Laisse-toi guider. Au menu principal, choisis 2 et valide.
  Patiente jusqu'au message : *** Analyse Termine le ..... ***
  
• Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir. Sauvegarde le rapport sous Navilog2 de sorte de me le poster dans ta prochaine réponse. Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
  

.

 

Enfin, repasse l'outil Combofix.

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
  
• Lorsque l'analyse sera complétée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse. suivi d'un nouveau log hijackthis
  

 

Au final, et dans l'ordre, je veux voir :

• Le rapport Elibagla.
  
• Le rapport MSNFIX.
  
• Le rapport Navilog en option 1, puis 2.
  
• Un nouveau rapport Combofix.
  
• Un nouveau rapport hijackthis.
  

Au travail !

[thebestgalerien]

Alors j'ai fait tout ce que tu m’as demandé

 

Avec elibagla j’ai trouver 3fichiers infecter par baggle, j'ai suivi la procédure pour les virer de l'ordi, j'ai recommencé un test et il n'y avait plus aucune menace

 

msnfix pareil , premier essai il a trouver un fichier infecté , deuxième plus rien

 

Entre temps j'ai essayé d’installé antivir, et la bonne surprise sa marche !!!!! j'ai fait un petit test et j'ai trouver quasiment 300 fichiers infectés , tousses mis en quarantaine

 

Ensuite j'ai lancé navilog mais quand je veux l'installer antivir me prévient que c'est un fichier dangereux et il me demande de le mettre en quarantaine donc désolé mais ce test je ne l'es donc pas fait

 

Voici après mon rapport de conbofix :

 

 

ComboFix 07-08-03.4 - "Fabien" 2007-08-04 11:23:30.2 [GMT 2:00] - NTFS

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.Vrai

 

 

((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))

 

 

2007-08-03 17:33 <REP> d-------- C:\Program Files\CCleaner

2007-08-03 17:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic

2007-08-03 02:43 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-02 13:11 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

2007-07-26 17:21 125,972 --a------ C:\WINDOWS\SYSTEM32\axjyjpvp.dll

2007-07-25 19:18 86,016 --a------ C:\WINDOWS\SYSTEM32\mljjkig.exe

2007-07-25 19:17 350,241 --a------ C:\WINDOWS\SYSTEM32\eqpphtli.exe

2007-07-24 19:17 86,016 --a------ C:\WINDOWS\SYSTEM32\ddcyxyw.exe

2007-07-24 19:17 350,241 --a------ C:\WINDOWS\SYSTEM32\iiykuteq.exe

2007-07-23 13:42 86,016 --a------ C:\WINDOWS\SYSTEM32\cbxuttr.exe

2007-07-23 13:42 350,241 --a------ C:\WINDOWS\SYSTEM32\prmuwxhb.exe

2007-07-20 01:55 <REP> d-------- C:\Program Files\Alwil Software

2007-07-19 17:21 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys

2007-07-19 14:49 <REP> d-------- C:\DOCUME~1\Fabien\.housecall6.6

2007-07-18 19:06 <REP> d-------- C:\kav

2007-07-17 15:05 <REP> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2007-07-11 15:28 350,241 --a------ C:\WINDOWS\SYSTEM32\isahbbhv.exe

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-04 03:05 72516 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-08-04 03:05 461554 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-08-03 18:26 --------- d-------- C:\Program Files\WebMediaPlayer

2007-08-03 18:10 --------- d-------- C:\Program Files\Everest Poker.net

2007-08-03 02:58 --------- d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment

2007-08-02 15:30 --------- d-------- C:\Program Files\eMule

2007-08-02 00:21 --------- d-------- C:\Program Files\Starcraft

2007-07-24 12:12 34304 --a--c--- C:\DOCUME~1\Fabien\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-07-19 04:13 --------- d-------- C:\Program Files\a-squared Free

2007-07-15 17:52 --------- d-------- C:\Program Files\DAEMON Tools

2007-07-10 10:30 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-06-29 13:23 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-06-29 13:16 --------- d-------- C:\Program Files\Microsoft ActiveSync

2007-06-29 13:16 --------- d-------- C:\Program Files\Fichiers communs\Teleca Shared

2007-06-29 08:46 51733 --a------ C:\WINDOWS\system32\plugin1.dat

2007-06-29 02:06 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-06-28 21:56 --------- d-------- C:\DOCUME~1\Fabien\APPLIC~1\Command & Conquer 3 Les guerres du Tiberium

2007-06-27 12:54 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-06-27 04:09 --------- d-------- C:\Program Files\Electronic Arts

2007-06-26 20:30 --------- d-------- C:\Program Files\THQ

2007-06-16 12:16 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-06-15 11:18 --------- d-------- C:\Program Files\Lavasoft

2007-05-16 17:13 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll

2007-05-16 17:13 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll

2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-05-16 17:13 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll

2007-05-16 17:13 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll

2007-05-04 14:36 3079680 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2006-10-07 20:54 390023 -rahs---- C:\Program Files\wunauclt.zip

2006-10-07 20:54 390023 -rahs---- C:\Program Files\wunauclt.tbe

2006-08-27 15:38 1015973 -rahs---- C:\Program Files\serial.tde

2006-08-27 15:19 56239 --a------ C:\Program Files\svchosts.tbe

2006-07-30 20:45 278528 --a--c--- C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2003-03-20 20:49 266 --ahs---- C:\Program Files\desktop.ini

2003-03-20 20:49 11208 --ah-c--- C:\Program Files\folder.htt

--------- C:\Program Files\Hijackthis Version Française

2004-08-19 23:09:19 65,024 --sha-w C:\WINDOWS\SYSTEM32\asycfilt.dll

2004-08-19 23:09:30 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll

2001-08-28 11:00:00 57,344 --sha-w C:\WINDOWS\SYSTEM32\mfc42loc.dll

2004-08-19 23:09:34 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll

2004-08-19 23:09:34 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll

2001-08-28 11:00:00 253,952 -csha-w C:\WINDOWS\SYSTEM32\msvcrt20.dll

2004-08-19 23:09:36 553,472 --sha-w C:\WINDOWS\SYSTEM32\oleaut32.dll

2004-08-19 23:09:36 83,456 --sha-w C:\WINDOWS\SYSTEM32\olepro32.dll

2004-08-19 23:09:46 30,749 --sha-w C:\WINDOWS\SYSTEM32\vbajet32.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67bd4290-1dd2-11b2-adbf-c1cab77e6f46}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc2c1f72-1dd1-11b2-be70-ca8667d831d7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]

"I downloaded pirated Software from P2P"="Supreme Commander" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 11:38]

"nwiz"="nwiz.exe" [2005-11-04 11:38 C:\WINDOWS\SYSTEM32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-04 11:38]

"nmbkzyje"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\nmbkzyje.dll" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

.protected [2007-05-27 19:58:19]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"syshelps"= {7B01BF05-A15E-485F-AF48-8BB95EDB2CED} - syshelps.dll [ ]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant d'Acrobat.lnk

backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinScheduler.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinScheduler.lnk

backup=C:\WINDOWS\pss\InterVideo WinScheduler.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk

backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chsf]

C:\WINDOWS\chsf.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]

C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fcaoy]

C:\Program Files\Lxatlht\Pgbtou.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HbTools]

C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lycosInside]

C:\Program Files\lycos\Lyc_SysTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]

C:\Program Files\Media Gateway\MediaGateway.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

"C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]

C:\Program Files\NaviSearch\bin\nls.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\System32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]

mmrtkrnl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]

rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]

c:\temp\salm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srelmfob]

C:\WINDOWS\srelmfob.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]

SysTray.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgkud8k9]

C:\WINDOWS\system32\tgkud8k9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopSearch]

C:\Program Files\TopSearch\TopSearch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\twhxcjal]

C:\WINDOWS\system32\qksqfdad.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upload lies]

C:\DOCUME~1\Fabien\APPLIC~1\CLOSET~1\DEFAULT ENC WAIT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vxuirtrc]

C:\WINDOWS\System32\hwbqujxp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wanadoo Messager.exe]

"C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]

C:\Program Files\HbTools\Bin\4.7.1.0\HbtWeatherOnTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates]

"C:\Program Files\WebRebates4\webrebates.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]

"C:\Program Files\Web_Rebates\WebRebates0.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"C:\Program Files\Winamp3\winampa.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows SA]

C:\Program Files\WindowsSA\omniscient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

 

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys

R0 MMRTKRNL;MMRTKRNL;C:\WINDOWS\system32\drivers\mmrtkrnl.sys

R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys

R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys

R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys

R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys

R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys

R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys

R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys

R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys

R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys

R2 enodpl;enodpl;C:\WINDOWS\system32\drivers\enodpl.sys

R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

R2 tandpl;tandpl;C:\WINDOWS\system32\drivers\tandpl.sys

R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys

R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft;C:\WINDOWS\system32\drivers\msmpu401.sys

R3 nvax;Service for NVIDIA® nForce Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys

R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys

R3 nvnforce;Service for NVIDIA® nForce Audio;C:\WINDOWS\system32\drivers\nvapu.sys

S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys

S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys

S3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add;C:\WINDOWS\system32\DRIVERS\GcKernel.sys

S3 HIDSwvd;Minipilote de p‚riph‚rique Microsoft SideWinder HID virtuel;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys

S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

S3 musbehco;musbehco;\??\C:\DOCUME~1\Fabien\LOCALS~1\Temp\musbehco.sys

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys

S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys

S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter;C:\WINDOWS\system32\DRIVERS\irstusb.sys

S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys

S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

S3 zlportio;zlportio;\??\C:\DOCUME~1\Fabien\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\starfuck_de\starfuck_de\program\zlportio.sys

S4 ATMsrvc;ATM Service;C:\WINDOWS\System32\ATMsrvc.exe

S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39631872-d11b-11da-94a8-00e018f78029}]

AutoRun\command- J:\OblivionLauncher.exe

 

*Newly Created Service* - SSMDRV

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]

C:\WINDOWS\system32\o-o-b.exe s

 

Contents of the 'Scheduled Tasks' folder

2007-07-30 18:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

2007-07-28 12:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-28 08:00:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-28 18:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-27 16:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\dr.exe

2007-07-27 18:00:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-27 15:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\dr.exe

2007-07-27 18:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\user32.exe

2007-07-27 12:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\wunauclt.exe

2007-07-27 06:00:00 C:\WINDOWS\Tasks\At9.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-04 11:29:32

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000682

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-08-04 11:31:11

C:\ComboFix-quarantined-files.txt ... 2007-08-04 11:30

C:\ComboFix2.txt ... 2007-08-03 03:02

 

--- E O F ---

 

 

 

 

Suivi de celui de hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 16:42:31, on 04/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {67bd4290-1dd2-11b2-adbf-c1cab77e6f46} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {cc2c1f72-1dd1-11b2-be70-ca8667d831d7} - (no file)

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P] Supreme Commander

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nmbkzyje] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nmbkzyje.dll"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Global Startup: .protected

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk045YYFR

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: syshelps - {7B01BF05-A15E-485F-AF48-8BB95EDB2CED} - syshelps.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

 

 

Bon je sens qu'on es sur la bonne voie la, l'ordi es quasiment guéri j'espère !!!! :P

Je le sens déjà allez mieux