rapport hijackthis

[alex53200]

et dc je mets apres redemarrer windows normalement pas avec la console ?? le boulet , alex !!! mdr !!!

[Falkra]

Après, oui, fais redémarer normalement, et poste le rapport obtenu.

Cela permet une protectino supplémentaire en cas de pépin, la console de récup.

[alex53200]

ComboFix 08-09-14.06 - alexandra louveau 2008-09-15 18:42:02.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.227 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\alexandra louveau\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\alexandra louveau\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

* Un nouveau point de restauration a été créé

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-13 21:07 . 2008-09-13 21:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-13 21:07 . 2008-09-13 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-13 21:07 . 2008-09-13 21:07 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\Malwarebytes

2008-09-13 21:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-13 21:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-13 19:32 . 2008-09-14 07:33 <REP> d-------- C:\Program Files\Studio-Scrap

2008-09-13 19:32 . 2008-09-14 07:25 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\Studio-Scrap

2008-09-13 17:48 . 2008-09-13 21:05 <REP> d-------- C:\Lop SD

2008-09-13 17:25 . 2008-09-13 17:25 <REP> d-------- C:\Program Files\Trend Micro

2008-09-13 12:37 . 2008-09-14 10:46 <REP> d-------- C:\Program Files\Navilog1

2008-09-13 09:42 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-13 09:36 . 2008-09-13 09:36 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico

2008-09-13 09:35 . 2008-09-13 09:35 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico

2008-09-13 09:25 . 2008-09-13 09:25 <REP> d-------- C:\Program Files\OINAnalytics

2008-09-12 18:57 . 2008-09-12 18:57 <REP> d-------- C:\Program Files\SEC

2008-09-12 18:57 . 2003-02-24 16:20 827,392 -ra------ C:\WINDOWS\system32\Flash.ocx

2008-09-12 18:57 . 2005-10-21 07:25 13,396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys

2008-09-12 18:56 . 2008-09-12 18:57 <REP> d-------- C:\Program Files\MagicTune Premium

2008-09-12 15:26 . 2008-09-12 15:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-09-12 15:26 . 2008-09-12 15:26 1,409 --a------ C:\WINDOWS\QTFont.for

2008-09-12 15:25 . 2008-09-12 15:25 <REP> d-------- C:\Program Files\Apple Software Update

2008-09-12 15:25 . 2008-09-12 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-09-12 15:11 . 2008-09-12 17:55 <REP> d-------- C:\Program Files\Avanquest update

2008-09-12 15:11 . 2008-09-12 15:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software

2008-09-12 15:11 . 2007-11-02 12:47 109,992 --a------ C:\WINDOWS\system32\drivers\s916mdm.sys

2008-09-12 15:11 . 2007-11-02 12:47 103,976 --a------ C:\WINDOWS\system32\drivers\s916mgmt.sys

2008-09-12 15:11 . 2007-11-02 12:47 100,008 --a------ C:\WINDOWS\system32\drivers\s916obex.sys

2008-09-12 15:11 . 2007-11-02 12:47 83,496 --a------ C:\WINDOWS\system32\drivers\s916bus.sys

2008-09-12 15:11 . 2007-11-02 12:47 15,016 --a------ C:\WINDOWS\system32\drivers\s916mdfl.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916whnt.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916wh.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916cmnt.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916cm.sys

2008-09-12 15:09 . 2008-09-12 15:15 <REP> d-------- C:\Program Files\Sony Ericsson

2008-09-12 15:09 . 2008-09-12 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-09-12 13:24 . 2008-09-12 13:24 379 --a------ C:\WINDOWS\ODBC.INI

2008-09-12 13:08 . 2008-09-12 13:08 <REP> d-------- C:\Program Files\Microsoft ActiveSync

2008-09-12 13:06 . 2008-09-12 13:06 <REP> d-------- C:\Program Files\Fichiers communs\L&H

2008-09-11 23:52 . 2008-09-13 09:52 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\WinButler

2008-09-10 22:32 . 2008-09-10 22:52 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\OfficeUpdate12

2008-09-10 20:51 . 2008-09-12 15:42 <REP> d-------- C:\WINDOWS\SHELLNEW

2008-09-10 10:49 . 2008-09-10 17:53 <REP> d-------- C:\Program Files\Conduit

2008-09-09 18:49 . 2008-09-15 18:18 <REP> d-------- C:\Program Files\fwmns

2008-09-04 12:10 . 2008-09-04 12:10 <REP> d-------- C:\Program Files\gwbdrx

2008-08-28 16:19 . 2008-08-28 16:19 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\Apple Computer

2008-08-25 14:31 . 2008-08-25 14:31 524,288 --a------ C:\WINDOWS\opuc.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-15 16:32 --------- d-----w C:\Program Files\Wanadoo

2008-09-14 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-09-13 09:26 --------- d-----w C:\Program Files\Microsoft Studio Files

2008-09-12 18:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-12 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-12 16:49 --------- d-----w C:\Program Files\EPSON

2008-09-12 16:04 --------- d-----w C:\Program Files\Encore

2008-09-12 16:04 --------- d-----w C:\Program Files\EA GAMES

2008-09-12 16:01 --------- d-----w C:\Program Files\eMule

2008-09-12 13:43 --------- d-----w C:\Program Files\Microsoft Works

2008-09-12 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-09-12 13:31 --------- d-----w C:\Program Files\QuickTime

2008-09-12 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-09-11 21:59 --------- d-----w C:\Program Files\TomTom HOME 2

2008-09-10 16:23 --------- d-----w C:\Program Files\BoontyGames

2008-09-10 16:07 --------- d-----w C:\Program Files\Windows Live

2008-09-09 16:49 --------- d-----w C:\Program Files\skmw

2008-09-09 16:49 --------- d-----w C:\Program Files\dwimn

2008-09-06 19:38 --------- d-----w C:\Documents and Settings\alexandra louveau\Application Data\OpenOffice.org2

2008-09-02 08:24 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-03 13:32 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-08-03 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom

2008-08-03 11:02 --------- d-----w C:\Documents and Settings\alexandra louveau\Application Data\TomTom

2008-07-27 10:32 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-07-25 21:56 --------- d-----w C:\Program Files\Java

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2007-12-06 10:04 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe

2007-07-04 09:57 98 ----a-w C:\Program Files\INSTALL.LOG

2006-12-28 14:41 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-12-14 16:36 88 --sh--r C:\WINDOWS\system32\95B45B3E5A.sys

2007-12-14 16:36 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-14_20.20.23.70 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]

2008-09-12 15:22 249856 --a------ C:\Program Files\OINAnalytics\OINAnalytics.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]

"wmvwinwn"="C:\Program Files\fwmns\wmvwinwn.exe" [2008-09-11 745984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 707376]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"C-Media Mixer"="Mixer.exe" [2003-03-20 C:\WINDOWS\mixer.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-28 124912]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=htqnsx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.mpng"= C:\Program Files\t@b\0.957\686\tabdec.dll

"vidc.mvjp"= C:\Program Files\t@b\0.957\686\tabdec.dll

"vidc.444p"= C:\Program Files\t@b\0.957\686\tabdec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GammaTray.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GammaTray.lnk

backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NCProTray.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NCProTray.lnk

backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ghvgy]

C:\Documents and Settings\alexandra louveau\Application Data\?icrosoft.NET\??oolsv.exe [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]

--a------ 2007-12-07 23:36 844800 C:\Program Files\ChristmasTree\ChristmasTree.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

--a------ 2006-10-13 17:01 277296 C:\Program Files\Microsoft LifeCam\LifeExp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--------- 2008-02-20 17:19 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-02 20:39 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2008-05-06 10:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmvwinwn]

--a------ 2008-09-11 20:37 745984 C:\Program Files\fwmns\wmvwinwn.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

--------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\dwimn\\dllhosts.exe"=

"C:\\Program Files\\fwmns\\wmvwinwn.exe"=

"C:\\Program Files\\fwmns\\dllhosts.exe"=

"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"C:\\Program Files\\MagicTune Premium\\MagicTune.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:shareaza

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]

S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-02-10 69120]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb2b9f9a-6148-11dd-aee6-000b6b6fbb93}]

\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tâches planifiées'

.

.

------- Examen supplémentaire -------

.

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr

R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Search

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 -: { - C:\Program Files\Messenger\msmsgs.exe

O17 -: HKLM\CCS\Interface\{3EEF2D7A-86AA-405F-B14F-467493A062DE}: NameServer = 80.10.246.2,80.10.246.129

 

O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab

C:\WINDOWS\Downloaded Program Files\Rawflow.ocx

 

O16 -: {1D6E056F-D1BB-40F6-88E4-11EE98056FD2} - hxxp://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf

C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll

 

O16 -: {5308E02B-4ABA-48E4-AA9E-8A7693661473} - hxxp://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab

C:\WINDOWS\Downloaded Program Files\GameAx.inf

C:\WINDOWS\Downloaded Program Files\GameEvents.dll

C:\WINDOWS\Downloaded Program Files\GameAx.dll

 

O16 -: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - hxxp://www.wistiti.fr/ImageUploader4.cab

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ImageUploader4.inf

C:\WINDOWS\system32\unicows.dll

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ImageUploader4.ocx

 

O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab

C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf

C:\WINDOWS\system32\unicows.dll

C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx

 

O16 -: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://www.photoways.com/assets/aurigma/ImageUploader4.cab

C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf

C:\WINDOWS\system32\unicows.dll

C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx

 

O16 -: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} - hxxp://jeuxenligne.orange.fr/orange2.0/OnlineHSS/zuma/Popcap.cab

C:\WINDOWS\Downloaded Program Files\Popcap.inf

C:\WINDOWS\Downloaded Program Files\Popcap.dll

 

O16 -: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

C:\WINDOWS\Downloaded Program Files\imikimi_cab.inf

 

O16 -: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://wanadoofr.oberon-media.com/online2/diner_dash/DinerDash.1.0.0.58.cab

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58.inf

C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-15 18:46:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

.

Heure de fin: 2008-09-15 18:50:10

ComboFix-quarantined-files.txt 2008-09-15 16:49:04

ComboFix2.txt 2008-09-14 18:20:43

 

Avant-CF: 105,614,192,640 octets libres

AprŠs-CF: 105,669,431,296 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

 

256 --- E O F --- 2008-09-15 11:05:33

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:52:10, on 15/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\fwmns\wmvwinwn.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [wmvwinwn] C:\Program Files\fwmns\wmvwinwn.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O15 - Trusted Zone: http://*.secuser.com

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {1D6E056F-D1BB-40F6-88E4-11EE98056FD2} (Oberon ActiveX Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bb53france.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/net/Import/ImageUploader4.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/B..._2/axofupld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/onl...mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.wistiti.fr/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader5.cab

O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/Onl...zuma/Popcap.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://wanadoofr.oberon-media.com/online2/...sh.1.0.0.58.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EEF2D7A-86AA-405F-B14F-467493A062DE}: NameServer = 80.10.246.2,80.10.246.129

O20 - AppInit_DLLs: htqnsx.dll

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

 

--

End of file - 9509 bytes

[Falkra]

Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

• Désactive ton antivirus, il peut gêner.
  
• Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :
  

Killall::

 

File::

C:\WINDOWS\Downloaded Program Files\Popcap.inf

C:\WINDOWS\Downloaded Program Files\Popcap.dll

 

Folder::

C:\Program Files\fwmns

C:\Program Files\gwbdrx

C:\Program Files\skmw

C:\Program Files\dwimn

C:\Program Files\Microsoft Studio Files

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"wmvwinwn"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ghvgy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\dwimn\\dllhosts.exe"=-

"C:\\Program Files\\fwmns\\wmvwinwn.exe"=-

"C:\\Program Files\\fwmns\\dllhosts.exe"=-

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là, et réactive ton antivirus.

[alex53200]

ComboFix 08-09-15.02 - alexandra louveau 2008-09-16 11:35:04.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.269 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\alexandra louveau\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\alexandra louveau\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\dwimn

C:\Program Files\dwimn\banif.bxz

C:\Program Files\dwimn\banif.exe

C:\Program Files\dwimn\barclays.bxz

C:\Program Files\dwimn\barclays.exe

C:\Program Files\dwimn\bbva.bxz

C:\Program Files\dwimn\bbva.exe

C:\Program Files\dwimn\bctf.bat

C:\Program Files\dwimn\bes.bxz

C:\Program Files\dwimn\bes.exe

C:\Program Files\dwimn\block

C:\Program Files\dwimn\bpinet.bxz

C:\Program Files\dwimn\bpinet.exe

C:\Program Files\dwimn\Cópia de Mswinsck.ocx

C:\Program Files\dwimn\calc.exe

C:\Program Files\dwimn\cgd.bxz

C:\Program Files\dwimn\cgd.exe

C:\Program Files\dwimn\dllhosts.exe

C:\Program Files\dwimn\dwin32.ocr

C:\Program Files\dwimn\iek.exe

C:\Program Files\dwimn\infoseg.bxz

C:\Program Files\dwimn\install\fflkc.exe

C:\Program Files\dwimn\irc.exe

C:\Program Files\dwimn\lg

C:\Program Files\dwimn\live.exe

C:\Program Files\dwimn\live.txt

C:\Program Files\dwimn\locaweb.bxz

C:\Program Files\dwimn\mlst.exe

C:\Program Files\dwimn\mon.exe

C:\Program Files\dwimn\montepio.bxz

C:\Program Files\dwimn\montepio.exe

C:\Program Files\dwimn\msgex.exe

C:\Program Files\dwimn\Mswinsck.ocx

C:\Program Files\dwimn\notfirinnndfdsfdf.dll

C:\Program Files\dwimn\plugins\all.exe

C:\Program Files\dwimn\plugins\bl.exe

C:\Program Files\dwimn\plugins\blo.exe

C:\Program Files\dwimn\plugins\block.exe

C:\Program Files\dwimn\plugins\dllhosts.exe

C:\Program Files\dwimn\plugins\fl.exe

C:\Program Files\dwimn\plugins\irc.exe

C:\Program Files\dwimn\plugins\mlst.exe

C:\Program Files\dwimn\plugins\rds.exe

C:\Program Files\dwimn\plugins\replay.exe

C:\Program Files\dwimn\rds.exe

C:\Program Files\dwimn\Readme.exe

C:\Program Files\dwimn\replay.exe

C:\Program Files\dwimn\scrypt.exe

C:\Program Files\dwimn\sec\fx.crp

C:\Program Files\dwimn\state

C:\Program Files\dwimn\upfile.exe

C:\Program Files\dwimn\upinfov.drv

C:\Program Files\dwimn\vcdg.bat

C:\Program Files\dwimn\wininfo1.vxd

C:\Program Files\dwimn\wininfo2.vxd

C:\Program Files\dwimn\wininfo3.vxd

C:\Program Files\dwimn\WinRds\1.crp

C:\Program Files\dwimn\WinRds\2.crp

C:\Program Files\dwimn\WinRds\3.crp

C:\Program Files\dwimn\WinRds\install.crp

C:\Program Files\dwimn\WinRds\Reiniciar.crp

C:\Program Files\dwimn\WinRds\termsrv.dll

C:\Program Files\dwimn\zzcalc.exe

C:\Program Files\dwimn\zzzaccesor.dll

C:\Program Files\fwmns

C:\Program Files\fwmns\bctf.bat

C:\Program Files\fwmns\block

C:\Program Files\fwmns\bpinet.bxz

C:\Program Files\fwmns\bpinet.exe

C:\Program Files\fwmns\cgd.bxz

C:\Program Files\fwmns\cgd.exe

C:\Program Files\fwmns\dllhosts.exe

C:\Program Files\fwmns\dwin32.ocr

C:\Program Files\fwmns\exitd.vxd

C:\Program Files\fwmns\iek.exe

C:\Program Files\fwmns\infoseg.bxz

C:\Program Files\fwmns\install\fflkc.exe

C:\Program Files\fwmns\irc.exe

C:\Program Files\fwmns\lg

C:\Program Files\fwmns\live.exe

C:\Program Files\fwmns\liveoff.txt

C:\Program Files\fwmns\locaweb.bxz

C:\Program Files\fwmns\mlst.exe

C:\Program Files\fwmns\mon.exe

C:\Program Files\fwmns\montepio.bxz

C:\Program Files\fwmns\montepio.exe

C:\Program Files\fwmns\ms765583333

C:\Program Files\fwmns\msgex.exe

C:\Program Files\fwmns\name.drv

C:\Program Files\fwmns\notfirinnndfdsfdf.dll

C:\Program Files\fwmns\plugins\diir.exe

C:\Program Files\fwmns\rds.exe

C:\Program Files\fwmns\Readme.exe

C:\Program Files\fwmns\replay.exe

C:\Program Files\fwmns\scrypt.exe

C:\Program Files\fwmns\sec\fx.crp

C:\Program Files\fwmns\state

C:\Program Files\fwmns\upfile.exe

C:\Program Files\fwmns\upinfod.drv

C:\Program Files\fwmns\upinfov.drv

C:\Program Files\fwmns\vcdg.bat

C:\Program Files\fwmns\vcvn.bat

C:\Program Files\fwmns\windvxsweq999888444

C:\Program Files\fwmns\wininfo1.vxd

C:\Program Files\fwmns\wininfo2.vxd

C:\Program Files\fwmns\wininfo3.vxd

C:\Program Files\fwmns\winvxhfythg34a.rd

C:\Program Files\fwmns\wmvwinwn.exe

C:\Program Files\gwbdrx

C:\Program Files\gwbdrx\mlst.exe

C:\Program Files\Microsoft Studio Files

C:\Program Files\Microsoft Studio Files\file.exe

C:\Program Files\Microsoft Studio Files\ftnn987.ko

C:\Program Files\skmw

C:\Program Files\skmw\banif.bxz

C:\Program Files\skmw\banif.exe

C:\Program Files\skmw\barclays.bxz

C:\Program Files\skmw\barclays.exe

C:\Program Files\skmw\bbva.bxz

C:\Program Files\skmw\bbva.exe

C:\Program Files\skmw\bctf.bat

C:\Program Files\skmw\bes.bxz

C:\Program Files\skmw\bes.exe

C:\Program Files\skmw\bpinet.bxz

C:\Program Files\skmw\bpinet.exe

C:\Program Files\skmw\cgd.bxz

C:\Program Files\skmw\cgd.exe

C:\Program Files\skmw\dllhosts.exe

C:\Program Files\skmw\exitd.vxd

C:\Program Files\skmw\iek.exe

C:\Program Files\skmw\infoseg.bxz

C:\Program Files\skmw\install\fflkc.exe

C:\Program Files\skmw\kill.exe

C:\Program Files\skmw\lg

C:\Program Files\skmw\live.exe

C:\Program Files\skmw\live.txt

C:\Program Files\skmw\liveoff.txt

C:\Program Files\skmw\locaweb.bxz

C:\Program Files\skmw\mlst.exe

C:\Program Files\skmw\mon.exe

C:\Program Files\skmw\montepio.bxz

C:\Program Files\skmw\montepio.exe

C:\Program Files\skmw\ms765583333

C:\Program Files\skmw\msgex.exe

C:\Program Files\skmw\Mswinsck.ocx

C:\Program Files\skmw\name.drv

C:\Program Files\skmw\notfirinnndfdsfdf.dll

C:\Program Files\skmw\plugins\block.exe

C:\Program Files\skmw\plugins\il.exe

C:\Program Files\skmw\plugins\ilmmrr.exe

C:\Program Files\skmw\plugins\ir.exe

C:\Program Files\skmw\plugins\irc.exe

C:\Program Files\skmw\plugins\k.exe

C:\Program Files\skmw\rds.exe

C:\Program Files\skmw\Readme.exe

C:\Program Files\skmw\replay.exe

C:\Program Files\skmw\scrypt.exe

C:\Program Files\skmw\sec\fx.crp

C:\Program Files\skmw\state

C:\Program Files\skmw\upfile.exe

C:\Program Files\skmw\upinfod.drv

C:\Program Files\skmw\upinfov.drv

C:\Program Files\skmw\vcdg.bat

C:\Program Files\skmw\windvxsweq999888444

C:\Program Files\skmw\wininfo1.vxd

C:\Program Files\skmw\wininfo2.vxd

C:\Program Files\skmw\wininfo3.vxd

C:\Program Files\skmw\WinRds\1.crp

C:\Program Files\skmw\WinRds\2.crp

C:\Program Files\skmw\WinRds\3.crp

C:\Program Files\skmw\WinRds\install.crp

C:\Program Files\skmw\WinRds\Reiniciar.crp

C:\Program Files\skmw\WinRds\termsrv.dll

C:\Program Files\skmw\winvxhfythg34a.rd

C:\WINDOWS\Downloaded Program Files\Popcap.dll

C:\WINDOWS\Downloaded Program Files\Popcap.inf

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-13 21:07 . 2008-09-13 21:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-13 21:07 . 2008-09-13 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-13 21:07 . 2008-09-13 21:07 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\Malwarebytes

2008-09-13 21:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-13 21:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-13 19:32 . 2008-09-14 07:33 <REP> d-------- C:\Program Files\Studio-Scrap

2008-09-13 19:32 . 2008-09-14 07:25 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\Studio-Scrap

2008-09-13 17:48 . 2008-09-13 21:05 <REP> d-------- C:\Lop SD

2008-09-13 17:25 . 2008-09-13 17:25 <REP> d-------- C:\Program Files\Trend Micro

2008-09-13 12:37 . 2008-09-14 10:46 <REP> d-------- C:\Program Files\Navilog1

2008-09-13 09:42 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-13 09:36 . 2008-09-13 09:36 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico

2008-09-13 09:35 . 2008-09-13 09:35 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico

2008-09-13 09:25 . 2008-09-13 09:25 <REP> d-------- C:\Program Files\OINAnalytics

2008-09-12 18:57 . 2008-09-12 18:57 <REP> d-------- C:\Program Files\SEC

2008-09-12 18:57 . 2003-02-24 16:20 827,392 -ra------ C:\WINDOWS\system32\Flash.ocx

2008-09-12 18:57 . 2005-10-21 07:25 13,396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys

2008-09-12 18:56 . 2008-09-12 18:57 <REP> d-------- C:\Program Files\MagicTune Premium

2008-09-12 15:26 . 2008-09-12 15:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-09-12 15:26 . 2008-09-12 15:26 1,409 --a------ C:\WINDOWS\QTFont.for

2008-09-12 15:25 . 2008-09-12 15:25 <REP> d-------- C:\Program Files\Apple Software Update

2008-09-12 15:25 . 2008-09-12 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-09-12 15:11 . 2008-09-12 17:55 <REP> d-------- C:\Program Files\Avanquest update

2008-09-12 15:11 . 2008-09-12 15:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software

2008-09-12 15:11 . 2007-11-02 12:47 109,992 --a------ C:\WINDOWS\system32\drivers\s916mdm.sys

2008-09-12 15:11 . 2007-11-02 12:47 103,976 --a------ C:\WINDOWS\system32\drivers\s916mgmt.sys

2008-09-12 15:11 . 2007-11-02 12:47 100,008 --a------ C:\WINDOWS\system32\drivers\s916obex.sys

2008-09-12 15:11 . 2007-11-02 12:47 83,496 --a------ C:\WINDOWS\system32\drivers\s916bus.sys

2008-09-12 15:11 . 2007-11-02 12:47 15,016 --a------ C:\WINDOWS\system32\drivers\s916mdfl.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916whnt.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916wh.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916cmnt.sys

2008-09-12 15:11 . 2007-11-02 12:47 12,200 --a------ C:\WINDOWS\system32\drivers\s916cm.sys

2008-09-12 15:09 . 2008-09-12 15:15 <REP> d-------- C:\Program Files\Sony Ericsson

2008-09-12 15:09 . 2008-09-12 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-09-12 13:24 . 2008-09-12 13:24 379 --a------ C:\WINDOWS\ODBC.INI

2008-09-12 13:08 . 2008-09-12 13:08 <REP> d-------- C:\Program Files\Microsoft ActiveSync

2008-09-12 13:06 . 2008-09-12 13:06 <REP> d-------- C:\Program Files\Fichiers communs\L&H

2008-09-11 23:52 . 2008-09-13 09:52 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\WinButler

2008-09-10 22:32 . 2008-09-10 22:52 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\OfficeUpdate12

2008-09-10 20:51 . 2008-09-12 15:42 <REP> d-------- C:\WINDOWS\SHELLNEW

2008-09-10 10:49 . 2008-09-10 17:53 <REP> d-------- C:\Program Files\Conduit

2008-08-28 16:19 . 2008-08-28 16:19 <REP> d-------- C:\Documents and Settings\alexandra louveau\Application Data\Apple Computer

2008-08-25 14:31 . 2008-08-25 14:31 524,288 --a------ C:\WINDOWS\opuc.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-16 10:17 --------- d-----w C:\Program Files\Wanadoo

2008-09-15 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-09-12 18:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-12 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-12 16:49 --------- d-----w C:\Program Files\EPSON

2008-09-12 16:04 --------- d-----w C:\Program Files\Encore

2008-09-12 16:04 --------- d-----w C:\Program Files\EA GAMES

2008-09-12 16:01 --------- d-----w C:\Program Files\eMule

2008-09-12 13:43 --------- d-----w C:\Program Files\Microsoft Works

2008-09-12 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-09-12 13:31 --------- d-----w C:\Program Files\QuickTime

2008-09-12 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-09-11 21:59 --------- d-----w C:\Program Files\TomTom HOME 2

2008-09-10 16:23 --------- d-----w C:\Program Files\BoontyGames

2008-09-10 16:07 --------- d-----w C:\Program Files\Windows Live

2008-09-06 19:38 --------- d-----w C:\Documents and Settings\alexandra louveau\Application Data\OpenOffice.org2

2008-09-02 08:24 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-03 13:32 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-08-03 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom

2008-08-03 11:02 --------- d-----w C:\Documents and Settings\alexandra louveau\Application Data\TomTom

2008-07-25 21:56 --------- d-----w C:\Program Files\Java

2007-12-06 10:04 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe

2007-07-04 09:57 98 ----a-w C:\Program Files\INSTALL.LOG

2006-12-28 14:41 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2007-12-14 16:36 88 --sh--r C:\WINDOWS\system32\95B45B3E5A.sys

2007-12-14 16:36 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-14_20.20.23.70 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]

2008-09-12 15:22 249856 --a------ C:\Program Files\OINAnalytics\OINAnalytics.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 707376]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]

"C-Media Mixer"="Mixer.exe" [2003-03-20 C:\WINDOWS\mixer.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.mpng"= C:\Program Files\t@b\0.957\686\tabdec.dll

"vidc.mvjp"= C:\Program Files\t@b\0.957\686\tabdec.dll

"vidc.444p"= C:\Program Files\t@b\0.957\686\tabdec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GammaTray.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GammaTray.lnk

backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NCProTray.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NCProTray.lnk

backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]

--a------ 2007-12-07 23:36 844800 C:\Program Files\ChristmasTree\ChristmasTree.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

--a------ 2006-10-13 17:01 277296 C:\Program Files\Microsoft LifeCam\LifeExp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--------- 2008-02-20 17:19 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-02 20:39 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2008-05-06 10:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

--------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"C:\\Program Files\\MagicTune Premium\\MagicTune.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:shareaza

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]

S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-02-10 69120]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb2b9f9a-6148-11dd-aee6-000b6b6fbb93}]

\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tƒches planifi‚es'

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-wmvwinwn - C:\Program Files\fwmns\wmvwinwn.exe

 

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 12:17:38

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cach‚s ...

 

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

 

Recherche de fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\FTRTSVC.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\Program Files\MagicTune Premium\MagicTune.exe

C:\ComboFix\pv.cfexe

.

**************************************************************************

.

Heure de fin: 2008-09-16 12:26:46 - La machine a red‚marr‚ [alexandra louveau]

ComboFix-quarantined-files.txt 2008-09-16 10:26:43

ComboFix2.txt 2008-09-15 16:50:11

ComboFix3.txt 2008-09-14 18:20:43

 

Avant-CF: 105,632,169,984 octets libres

AprŠs-CF: 105,595,506,688 octets libres

 

377 --- E O F --- 2008-09-15 11:05:33

 

 

je nai pa d'anti virus dois je en telecharger un et lekel ??

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:06, on 16/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\vVX3000.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\MagicTune Premium\MagicTune.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O15 - Trusted Zone: http://*.secuser.com

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {1D6E056F-D1BB-40F6-88E4-11EE98056FD2} (Oberon ActiveX Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bb53france.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/net/Import/ImageUploader4.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/B..._2/axofupld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/onl...mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.wistiti.fr/ImageUploader4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab

O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader5.cab

O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/Onl...zuma/Popcap.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://wanadoofr.oberon-media.com/online2/...sh.1.0.0.58.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EEF2D7A-86AA-405F-B14F-467493A062DE}: NameServer = 80.10.246.2,80.10.246.129

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

 

--

End of file - 9439 bytes

[alex53200]

il faut ke je telecharge koi comme anti virus jen ai pas !!! sniffouille !!!

et mon ordi alors ca yé tout est propre !!! miss alex en a marre !!! mdr

[Falkra]

Je te conseille Antivir, réactif, et gratuit (bientôt en français). Surtout évite Avast, qui ne tient plus la route.

Voici un lien de téléchargement direct :

http://dl1.avgate.net/down/windows/antivir...n_winu_en_h.exe

Tuto : http://www.libellules.ch/tuto_antivir.php

 

Voici un extrait de la politique de Boonty, dont un service tourne ici, tu as accepté ces conditions d'utilisation en installant le produit :

 

Il se peut que nous partageons aussi des informations payantes avec des tiers

qui fournissent ds services payants et partage des données regroupées montrant le type

et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,

niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,

internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.

De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails

qui nous assistent en envoyant nos mails a de nombreux clients en même temps...

 

NB : Supprimer le service et/ou désinstaller cela peut empêcher le fonctionnement de certains petits jeux, mais je peux te proposer de quoi le désinstaller proprement.

[alex53200]

voilà cest fait, encore merci pour tout ce ke tu as fait , maintenant je pense avoir un ordi nickl !!! lol !!

[Falkra]

Tu veux garder ou supprimer Boonty ?

[alex53200]

supprimer si cest le mieux pour l'ordi

 

on est plus a une suppression pret maintenant !!! mdr !!!!