Lenteur PC

Fermé
daveke - 23 janv. 2008 à 11:11
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 27 janv. 2008 à 17:05
Bonjour,
Bonjour, j'ai un gros problême de lenteur avec mon pc, je n'arrive quasi plus à ouvrir les fenetres internet ni plus télécharger! pourriez vous m'aider?
je viens de faire le rapport, je vous le tape ci dessous! si qqn pourrait m'aider, ce serait magnifique! d'avance merci à tous!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:03, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Program Files\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [wenx1.exe] C:\WINDOWS\Temp\wenx1.exe
O4 - HKLM\..\Run: [wenx2.exe] C:\WINDOWS\Temp\wenx2.exe
O4 - HKLM\..\Run: [wenx3.exe] C:\WINDOWS\Temp\wenx3.exe
O4 - HKLM\..\Run: [wenx4.exe] C:\WINDOWS\Temp\wenx4.exe
O4 - HKLM\..\Run: [wenx5.exe] C:\WINDOWS\Temp\wenx5.exe
O4 - HKLM\..\Run: [wenx6.exe] C:\WINDOWS\Temp\wenx6.exe
O4 - HKLM\..\Run: [wenx7.exe] C:\WINDOWS\Temp\wenx7.exe
O4 - HKLM\..\Run: [wenx8.exe] C:\WINDOWS\Temp\wenx8.exe
O4 - HKLM\..\Run: [wenx9.exe] C:\WINDOWS\Temp\wenx9.exe
O4 - HKLM\..\Run: [wenx10.exe] C:\WINDOWS\Temp\wenx10.exe
O4 - HKLM\..\Run: [wenx11.exe] C:\WINDOWS\Temp\wenx11.exe
O4 - HKLM\..\Run: [wenx12.exe] C:\WINDOWS\Temp\wenx12.exe
O4 - HKLM\..\Run: [wenx13.exe] C:\WINDOWS\Temp\wenx13.exe
O4 - HKLM\..\Run: [wenx14.exe] C:\WINDOWS\Temp\wenx14.exe
O4 - HKLM\..\Run: [wenx15.exe] C:\WINDOWS\Temp\wenx15.exe
O4 - HKLM\..\Run: [wenx16.exe] C:\WINDOWS\Temp\wenx16.exe
O4 - HKLM\..\Run: [wenx17.exe] C:\WINDOWS\Temp\wenx17.exe
O4 - HKLM\..\Run: [wenx18.exe] C:\WINDOWS\Temp\wenx18.exe
O4 - HKLM\..\Run: [wenx19.exe] C:\WINDOWS\Temp\wenx19.exe
O4 - HKLM\..\Run: [wenx20.exe] C:\WINDOWS\Temp\wenx20.exe
O4 - HKLM\..\Run: [wenx21.exe] C:\WINDOWS\Temp\wenx21.exe
O4 - HKLM\..\Run: [wenx22.exe] C:\WINDOWS\Temp\wenx22.exe
O4 - HKLM\..\Run: [wenx23.exe] C:\WINDOWS\Temp\wenx23.exe
O4 - HKLM\..\Run: [wenx24.exe] C:\WINDOWS\Temp\wenx24.exe
O4 - HKLM\..\Run: [wenx25.exe] C:\WINDOWS\Temp\wenx25.exe
O4 - HKLM\..\Run: [wenx26.exe] C:\WINDOWS\Temp\wenx26.exe
O4 - HKLM\..\Run: [wenx27.exe] C:\WINDOWS\Temp\wenx27.exe
O4 - HKLM\..\Run: [wenx28.exe] C:\WINDOWS\Temp\wenx28.exe
O4 - HKLM\..\Run: [wenx29.exe] C:\WINDOWS\Temp\wenx29.exe
O4 - HKLM\..\Run: [wenx30.exe] C:\WINDOWS\Temp\wenx30.exe
O4 - HKLM\..\Run: [wenx31.exe] C:\WINDOWS\Temp\wenx31.exe
O4 - HKLM\..\Run: [wenx32.exe] C:\WINDOWS\Temp\wenx32.exe
O4 - HKLM\..\Run: [wenx33.exe] C:\WINDOWS\Temp\wenx33.exe
O4 - HKLM\..\Run: [wenx34.exe] C:\WINDOWS\Temp\wenx34.exe
O4 - HKLM\..\Run: [wenx35.exe] C:\WINDOWS\Temp\wenx35.exe
O4 - HKLM\..\Run: [wenx36.exe] C:\WINDOWS\Temp\wenx36.exe
O4 - HKLM\..\Run: [wenx37.exe] C:\WINDOWS\Temp\wenx37.exe
O4 - HKLM\..\Run: [wenx38.exe] C:\WINDOWS\Temp\wenx38.exe
O4 - HKLM\..\Run: [wenx39.exe] C:\WINDOWS\Temp\wenx39.exe
O4 - HKLM\..\Run: [wenx40.exe] C:\WINDOWS\Temp\wenx40.exe
O4 - HKLM\..\Run: [wenx41.exe] C:\WINDOWS\Temp\wenx41.exe
O4 - HKLM\..\Run: [wenx42.exe] C:\WINDOWS\Temp\wenx42.exe
O4 - HKLM\..\Run: [wenx43.exe] C:\WINDOWS\Temp\wenx43.exe
O4 - HKLM\..\Run: [wenx44.exe] C:\WINDOWS\Temp\wenx44.exe
O4 - HKLM\..\Run: [wenx45.exe] C:\WINDOWS\Temp\wenx45.exe
O4 - HKLM\..\Run: [wenx46.exe] C:\WINDOWS\Temp\wenx46.exe
O4 - HKLM\..\Run: [wenx47.exe] C:\WINDOWS\Temp\wenx47.exe
O4 - HKLM\..\Run: [wenx48.exe] C:\WINDOWS\Temp\wenx48.exe
O4 - HKLM\..\Run: [wenx49.exe] C:\WINDOWS\Temp\wenx49.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [wenx50.exe] C:\WINDOWS\Temp\wenx50.exe
O4 - HKLM\..\Run: [wenx51.exe] C:\WINDOWS\Temp\wenx51.exe
O4 - HKLM\..\Run: [wenx52.exe] C:\WINDOWS\Temp\wenx52.exe
O4 - HKLM\..\Run: [wenx53.exe] C:\WINDOWS\Temp\wenx53.exe
O4 - HKLM\..\Run: [wenx54.exe] C:\WINDOWS\Temp\wenx54.exe
O4 - HKLM\..\Run: [wenx55.exe] C:\WINDOWS\Temp\wenx55.exe
O4 - HKLM\..\Run: [wenx56.exe] C:\WINDOWS\Temp\wenx56.exe
O4 - HKLM\..\Run: [wenx57.exe] C:\WINDOWS\Temp\wenx57.exe
O4 - HKLM\..\Run: [wenx58.exe] C:\WINDOWS\Temp\wenx58.exe
O4 - HKLM\..\Run: [wenx59.exe] C:\WINDOWS\Temp\wenx59.exe
O4 - HKLM\..\Run: [wenx60.exe] C:\WINDOWS\Temp\wenx60.exe
O4 - HKLM\..\Run: [wenx61.exe] C:\WINDOWS\Temp\wenx61.exe
O4 - HKLM\..\Run: [wenx62.exe] C:\WINDOWS\Temp\wenx62.exe
O4 - HKLM\..\Run: [wenx63.exe] C:\WINDOWS\Temp\wenx63.exe
O4 - HKLM\..\Run: [wenx64.exe] C:\WINDOWS\Temp\wenx64.exe
O4 - HKLM\..\Run: [wenx65.exe] C:\WINDOWS\Temp\wenx65.exe
O4 - HKLM\..\Run: [wenx66.exe] C:\WINDOWS\Temp\wenx66.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe"
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: gNS - Unknown owner - C:\:bbz.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:

31 réponses

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 11:24
salut,

fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
merci bqa,mais je n'arrive pas à telecharger cette application! le bouton "save file" ne se deverouille pas. je ne comprend pas!
0
voila voila sur coombyfix...c'est de pire en pire! je suis olblmigé d'etiendre lme pc car plus de connexions assez vite pour le redemarrer! voici le rapport...merci d'avance

ComboFix 08-01-23.2 - david 2008-01-23 13:19:21.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.207 [GMT 1:00]
Endroit: D:\Documents and Settings\david.115372460311\Bureau\ComboFix(2).exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free\Logs\update.log
D:\Documents and Settings\david.115372460311\err.log
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc\console.html
D:\Documents and Settings\david.115372460311\ResErrors.log

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 11:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 17:44 . 2008-01-22 17:52 <REP> d-------- C:\Program Files\ErreurChasseur
2008-01-02 21:17 . 2008-01-02 21:22 <REP> d-------- C:\Program Files\SopCast
2007-12-30 10:33 . 2008-01-23 13:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 10:33 . 2007-12-30 10:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 16:18 . 2007-12-29 16:19 <REP> d-------- C:\Program Files\QuickTime
2007-12-26 17:35 . 2007-12-27 12:53 <REP> d-------- C:\Program Files\Fichiers communs\uusee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-18 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-02 17:53 --------- d-----w C:\Program Files\TvAnts
2007-12-27 14:06 --------- d-----w C:\Program Files\EasyBurning
2007-11-25 22:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-02-23 17:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}]
2006-06-10 20:22 61599 --a------ C:\Program Files\LinkOptimizer\LinkOptimizer.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 20:04 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-20 08:41 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03 310272]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 13:11 143360]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:15 579072]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41 163840]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-23 18:49 20480]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-01 08:30 1836544]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 14:16 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 11:58 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 11:57 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-02 09:33 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 07:15 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S2 gNS;gNS;"C:\:bbz.exe" []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-02-03 19:01]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 13:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c507739b-16a9-11dc-aa72-000e50d2ca9e}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-19 16:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 12:00:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-01-23 12:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
"2008-01-18 14:14:34 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2006-06-10 10:26:25 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-23 10:39:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-01 05:30:09 C:\WINDOWS\Tasks\WebReg Photosmart C4100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 13:21:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gNS]
"ImagePath"="\"C:\:bbz.exe\""
.
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406 > daveke
23 janv. 2008 à 13:36
peux tu reposter un hijack this stp
0
daveke > g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014
23 janv. 2008 à 13:38
voila voila! stp!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Program Files\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: gNS - Unknown owner - C:\:bbz.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 11:37
peux tu faire un scan avec l´antispyware d´avg en mode sans echec et poster le rapport ici

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

@+
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 14:06
re,

1
Copie le texte ci-dessous :

File::
C:\Program Files\LinkOptimizer\LinkOptimizer.dll
C:\:bbz.exe
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for

Folder::
C:\Program Files\LinkOptimizer
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\ErreurChasseur
C:\Program Files\SopCast

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

puis :
2

1°- « Démarrer » > « Executer » > taper cmd >

sc stop "gNS" ==> [Enter]
sc config "gNS" start= disabled ==> [Enter]

2°- Redémarre MSE .Choisis ton compte usuel, et non Administrateur.

3°- « Démarrer » > « Executer » > taper cmd >

sc delete "gNS" ==> [Enter]

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.


3
Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

4
desinstal aussi avg antivirus et instale ceci a la place :

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

5
instales

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

6
puis fais un scan complet de ta machine avec antivir

7
post les rapports suivants

combofix.txt2
un nouveau hijack this
et le rapport de scan d´antivir

bon courrage

@+
0
re,

je suis deja coinc&é rien qu'au debut! désolé je suis plus qu'un novice niveau pc!!
j'ai sauvegardé dans le bloc et mtnt comme dois je faire pour le recuperer a coté de combofix dans mon bureau? je n'y arrive pas.
0
je continue après les rapports donnés et suis encore coincé!
je fais le 1 tapant cmd dans executer et tente de faire la deuxième opération sc stop "gNS" mais il me marque le service n'a pas été demarré! quand je passe cette opération et fais la suivante directement ça marche! mais par la suite comment fais je avec 2°- Redémarre MSE .Choisis ton compte usuel, et non Administrateur. je ne comprend pas! redemarre MSE? c'est quoi? et le compte usuel??
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 15:20
une fois le fichier .txt cré tu fais comme sur cette image :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
@+
0
voici le rapport combofix...

ComboFix 08-01-23.2 - david 2008-01-23 15:25:02.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.140 [GMT 1:00]
Endroit: D:\Documents and Settings\david.115372460311\Bureau\ComboFix(2).exe
Command switches used :: D:\Documents and Settings\david.115372460311\CFScript.txt
* Création d'un nouveau point de restauration

FILE
C:\:bbz.exe
C:\Program Files\LinkOptimizer\LinkOptimizer.dll
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ErreurChasseur
C:\Program Files\ErreurChasseur\swupd.log
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\LinkOptimizer
C:\Program Files\LinkOptimizer\LinkOptimizer.dll
C:\Program Files\SopCast
C:\Program Files\SopCast\adv\clips\18CA426D-7B6D-2F41-FCE2-93B1157CCB67\index.htm
C:\Program Files\SopCast\adv\clips\EE067279-16A4-84A3-33F8-B273AB5A44F2\index.htm
C:\Program Files\SopCast\adv\default\default.jpg
C:\Program Files\SopCast\adv\default\default_cn.jpg
C:\Program Files\SopCast\adv\default\home.html
C:\Program Files\SopCast\adv\default\index.html
C:\Program Files\SopCast\adv\sopadver.dat
C:\Program Files\SopCast\adv\SopAdver.exe
C:\Program Files\SopCast\channellist\chlist_adv.xml
C:\Program Files\SopCast\channellist\chlist_live.xml
C:\Program Files\SopCast\channellist\chlist_msg.xml
C:\Program Files\SopCast\channellist\chlist_vod.xml
C:\Program Files\SopCast\config.xml
C:\Program Files\SopCast\CrashReport\XCrashReport.exe
C:\Program Files\SopCast\data
C:\Program Files\SopCast\dbghelp.dll
C:\Program Files\SopCast\install.bat
C:\Program Files\SopCast\IPCamD.ocx
C:\Program Files\SopCast\languages\lang_cn_CH.xml
C:\Program Files\SopCast\languages\lang_cn_HK.xml
C:\Program Files\SopCast\languages\lang_de_DE.xml
C:\Program Files\SopCast\languages\lang_en_US.xml
C:\Program Files\SopCast\languages\lang_es_ES.xml
C:\Program Files\SopCast\languages\lang_fr_FR.xml
C:\Program Files\SopCast\languages\lang_gr_GR.xml
C:\Program Files\SopCast\languages\lang_it_IT.xml
C:\Program Files\SopCast\languages\lang_nl_NL.xml
C:\Program Files\SopCast\languages\lang_pl_PL.xml
C:\Program Files\SopCast\languages\lang_pt_BR.xml
C:\Program Files\SopCast\languages\lang_ro_RO.xml
C:\Program Files\SopCast\languages\lang_sl_SL.xml
C:\Program Files\SopCast\languages\sopcore\lang_en_US.xml
C:\Program Files\SopCast\languages\sopcore\lang_zh_CN.xml
C:\Program Files\SopCast\languages\sopcore\lang_zh_HK.xml
C:\Program Files\SopCast\License.txt
C:\Program Files\SopCast\skin\DURATION_SLIDER_HOVER.bmp
C:\Program Files\SopCast\skin\DURATION_SLIDER_NORMAL.bmp
C:\Program Files\SopCast\skin\DURATION_SLIDER_PRESSED.bmp
C:\Program Files\SopCast\skin\EXPLAYER_DISABLED.bmp
C:\Program Files\SopCast\skin\EXPLAYER_HOVER.bmp
C:\Program Files\SopCast\skin\EXPLAYER_NORMAL.bmp
C:\Program Files\SopCast\skin\EXPLAYER_PRESSED.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_DISABLED.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_HOVER.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_NORMAL.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_PRESSED.bmp
C:\Program Files\SopCast\skin\MAIN_DIALOG.bmp
C:\Program Files\SopCast\skin\MUTE_HOVER.bmp
C:\Program Files\SopCast\skin\MUTE_NORMAL.bmp
C:\Program Files\SopCast\skin\MUTE_PRESSED.bmp
C:\Program Files\SopCast\skin\PAUSE_HOVER.bmp
C:\Program Files\SopCast\skin\PAUSE_NORMAL.bmp
C:\Program Files\SopCast\skin\PAUSE_PRESSED.bmp
C:\Program Files\SopCast\skin\PLAY_HOVER.bmp
C:\Program Files\SopCast\skin\PLAY_NORMAL.bmp
C:\Program Files\SopCast\skin\PLAY_PRESSED.bmp
C:\Program Files\SopCast\skin\sopcore.xml
C:\Program Files\SopCast\skin\SOPLOGO_HOVER.bmp
C:\Program Files\SopCast\skin\SOPLOGO_NORMAL.bmp
C:\Program Files\SopCast\skin\SOPLOGO_PRESSED.bmp
C:\Program Files\SopCast\skin\SOPSTATUS_NORMAL.bmp
C:\Program Files\SopCast\skin\STOP_DISABLED.bmp
C:\Program Files\SopCast\skin\STOP_HOVER.bmp
C:\Program Files\SopCast\skin\STOP_NORMAL.bmp
C:\Program Files\SopCast\skin\STOP_PRESSED.bmp
C:\Program Files\SopCast\skin\UNMUTE_HOVER.bmp
C:\Program Files\SopCast\skin\UNMUTE_NORMAL.bmp
C:\Program Files\SopCast\skin\UNMUTE_PRESSED.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_HOVER.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_NORMAL.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_PRESSED.bmp
C:\Program Files\SopCast\SopCast.exe
C:\Program Files\SopCast\SopCast.url
C:\Program Files\SopCast\sopocx.ocx
C:\Program Files\SopCast\sopvod.exe
C:\Program Files\SopCast\StreamServer\msvcr71.dll
C:\Program Files\SopCast\StreamServer\plugins\libaccess_output_http_plugin.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_file.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_ftp.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_http.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_mms.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_asf.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_demuxdump.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_dummy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_hotkeys.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_ipv4.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_memcpy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_mux_asf.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_packetizer_copy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_rc.dll
C:\Program Files\SopCast\StreamServer\StreamServer.exe
C:\Program Files\SopCast\uninst.exe
C:\Program Files\SopCast\uninstall.bat
C:\Program Files\SopCast\update\SopChecker.exe
C:\Program Files\SopCast\update\UNZIP.EXE
C:\Program Files\SopCast\update\update.bat
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
.
---- Previous Run -------
.
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free\Logs\update.log
D:\Documents and Settings\david.115372460311\err.log
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc\console.html
D:\Documents and Settings\david.115372460311\ResErrors.log

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 11:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2007-12-29 16:18 . 2007-12-29 16:19 <REP> d-------- C:\Program Files\QuickTime
2007-12-26 17:35 . 2007-12-27 12:53 <REP> d-------- C:\Program Files\Fichiers communs\uusee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-18 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-02 17:53 --------- d-----w C:\Program Files\TvAnts
2007-12-27 14:06 --------- d-----w C:\Program Files\EasyBurning
2007-11-25 22:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-02-23 17:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_11.40.52,51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 10:38:09 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 14:24:55 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 10:38:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 14:24:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 10:38:09 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 14:24:56 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 10:38:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 14:24:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 10:38:09 5,222,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 14:24:56 5,222,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 10:38:09 114,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 14:24:56 114,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 20:04 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-20 08:41 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03 310272]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 13:11 143360]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:15 579072]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41 163840]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-23 18:49 20480]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-01 08:30 1836544]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 14:16 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 11:58 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 11:57 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-02 09:33 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 07:15 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S2 gNS;gNS;"C:\:bbz.exe" []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 13:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c507739b-16a9-11dc-aa72-000e50d2ca9e}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-19 16:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 14:00:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-01-23 14:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
"2008-01-18 14:14:34 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2006-06-10 10:26:25 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-23 10:39:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-01 05:30:09 C:\WINDOWS\Tasks\WebReg Photosmart C4100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 15:27:16
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gNS]
"ImagePath"="\"C:\:bbz.exe\""
.




et voici le rapport hijackthis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.609\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: gNS - Unknown owner - C:\:bbz.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 15:51
ok

fais la suite

et avec le rapport d´antivir post aussi un nouveau hijack this

@+
0
et pour ceci?

je continue après les rapports donnés et suis encore coincé!
je fais le 1 tapant cmd dans executer et tente de faire la deuxième opération sc stop "gNS" mais il me marque le service n'a pas été demarré! quand je passe cette opération et fais la suivante directement ça marche! mais par la suite comment fais je avec 2°- Redémarre MSE .Choisis ton compte usuel, et non Administrateur. je ne comprend pas! redemarre MSE? c'est quoi? et le compte usuel??
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 16:04
ok pour le 1
pour le deux et trois > MSE signifie "mode sans echec"
voici comment tu redemarre en mode sans echec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
tu choise juste ton compte, si tu es le seul a te servir du pc tu n´as pas a te soucier du compte administrateur...
je vais devoir m´absenter
j´espere avoir ete asser claire
@+
0
voici enfin les rapports obtenus! quel enfer pour tout obtenir!! le nombre de fois que j'a n'avias plus de connexions pour les envoyer et devoir tout refaire! la galère!

voici le rapport antivir..


AntiVir PersonalEdition Classic
Report file date: 2008-01-23 17:25

Scanning for 1036370 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: 115372460311

Version information:
BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 2008-01-23 17:25

Starting search for hidden objects.
'59504' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'backWeb-8876480.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOME.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'wcmdmgr.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'dragdiag.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
65 processes with 65 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
[DETECTION] Is the Trojan horse TR/Dldr.Winfixer.E.1
[INFO] The file was moved to '47e96c5d.qua'!
C:\Program Files\support.com\bin\sdcnetcheck.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47fa6ebe.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP596\A0063266.exe
[DETECTION] Is the Trojan horse TR/Dldr.Winfixer.E.1
[INFO] The file was moved to '47c76f4a.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP596\A0063267.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47c76f4d.qua'!
C:\WINDOWS\Installer\MSI17.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e0717b.qua'!
C:\WINDOWS\Installer\MSI18.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e0717e.qua'!
C:\WINDOWS\Installer\MSI19.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e07181.qua'!
C:\WINDOWS\Installer\MSI1A.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e07182.qua'!
C:\WINDOWS\Installer\MSI1B.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e07184.qua'!
C:\WINDOWS\Installer\MSI1C.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e07186.qua'!
C:\WINDOWS\Installer\MSI1D.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e07187.qua'!
C:\WINDOWS\Installer\MSI1E.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e07189.qua'!
C:\WINDOWS\Installer\MSI1F.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e0718b.qua'!
C:\WINDOWS\Installer\MSI20.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e0718c.qua'!
C:\WINDOWS\Installer\MSI21.tmp
[DETECTION] Contains suspicious code HEUR/Damaged
[INFO] The file was moved to '47e0718e.qua'!
Begin scan in 'D:\' <DATA>
D:\eMule\Incoming\[PC GAME NO CD]FIFA 2008 crack.zip
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[1] Archive type: ZIP SFX (self extracting)
[INFO] The file was moved to '47da76dd.qua'!


End of the scan: 2008-01-23 18:20
Used time: 54:28 min

The scan has been done completely.

10702 Scanning directories
370977 Files were scanned
3 viruses and/or unwanted programs were found
13 Files were classified as suspicious:
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
370974 Files not concerned
7982 Archives were scanned
2 Warnings
10 Notes
59504 Objects were scanned with rootkit scan
0 Hidden objects were found


ensuite le combofix
ComboFix 08-01-23.2 - david 2008-01-23 18:29:26.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.100 [GMT 1:00]
Endroit: D:\Documents and Settings\david.115372460311\Bureau\ComboFix(2).exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\ErreurChasseur
C:\Program Files\ErreurChasseur\swupd.log
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\Program Files\LinkOptimizer
C:\Program Files\LinkOptimizer\LinkOptimizer.dll
C:\Program Files\SopCast
C:\Program Files\SopCast\adv\clips\18CA426D-7B6D-2F41-FCE2-93B1157CCB67\index.htm
C:\Program Files\SopCast\adv\clips\EE067279-16A4-84A3-33F8-B273AB5A44F2\index.htm
C:\Program Files\SopCast\adv\default\default.jpg
C:\Program Files\SopCast\adv\default\default_cn.jpg
C:\Program Files\SopCast\adv\default\home.html
C:\Program Files\SopCast\adv\default\index.html
C:\Program Files\SopCast\adv\sopadver.dat
C:\Program Files\SopCast\adv\SopAdver.exe
C:\Program Files\SopCast\channellist\chlist_adv.xml
C:\Program Files\SopCast\channellist\chlist_live.xml
C:\Program Files\SopCast\channellist\chlist_msg.xml
C:\Program Files\SopCast\channellist\chlist_vod.xml
C:\Program Files\SopCast\config.xml
C:\Program Files\SopCast\CrashReport\XCrashReport.exe
C:\Program Files\SopCast\data
C:\Program Files\SopCast\dbghelp.dll
C:\Program Files\SopCast\install.bat
C:\Program Files\SopCast\IPCamD.ocx
C:\Program Files\SopCast\languages\lang_cn_CH.xml
C:\Program Files\SopCast\languages\lang_cn_HK.xml
C:\Program Files\SopCast\languages\lang_de_DE.xml
C:\Program Files\SopCast\languages\lang_en_US.xml
C:\Program Files\SopCast\languages\lang_es_ES.xml
C:\Program Files\SopCast\languages\lang_fr_FR.xml
C:\Program Files\SopCast\languages\lang_gr_GR.xml
C:\Program Files\SopCast\languages\lang_it_IT.xml
C:\Program Files\SopCast\languages\lang_nl_NL.xml
C:\Program Files\SopCast\languages\lang_pl_PL.xml
C:\Program Files\SopCast\languages\lang_pt_BR.xml
C:\Program Files\SopCast\languages\lang_ro_RO.xml
C:\Program Files\SopCast\languages\lang_sl_SL.xml
C:\Program Files\SopCast\languages\sopcore\lang_en_US.xml
C:\Program Files\SopCast\languages\sopcore\lang_zh_CN.xml
C:\Program Files\SopCast\languages\sopcore\lang_zh_HK.xml
C:\Program Files\SopCast\License.txt
C:\Program Files\SopCast\skin\DURATION_SLIDER_HOVER.bmp
C:\Program Files\SopCast\skin\DURATION_SLIDER_NORMAL.bmp
C:\Program Files\SopCast\skin\DURATION_SLIDER_PRESSED.bmp
C:\Program Files\SopCast\skin\EXPLAYER_DISABLED.bmp
C:\Program Files\SopCast\skin\EXPLAYER_HOVER.bmp
C:\Program Files\SopCast\skin\EXPLAYER_NORMAL.bmp
C:\Program Files\SopCast\skin\EXPLAYER_PRESSED.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_DISABLED.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_HOVER.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_NORMAL.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_PRESSED.bmp
C:\Program Files\SopCast\skin\MAIN_DIALOG.bmp
C:\Program Files\SopCast\skin\MUTE_HOVER.bmp
C:\Program Files\SopCast\skin\MUTE_NORMAL.bmp
C:\Program Files\SopCast\skin\MUTE_PRESSED.bmp
C:\Program Files\SopCast\skin\PAUSE_HOVER.bmp
C:\Program Files\SopCast\skin\PAUSE_NORMAL.bmp
C:\Program Files\SopCast\skin\PAUSE_PRESSED.bmp
C:\Program Files\SopCast\skin\PLAY_HOVER.bmp
C:\Program Files\SopCast\skin\PLAY_NORMAL.bmp
C:\Program Files\SopCast\skin\PLAY_PRESSED.bmp
C:\Program Files\SopCast\skin\sopcore.xml
C:\Program Files\SopCast\skin\SOPLOGO_HOVER.bmp
C:\Program Files\SopCast\skin\SOPLOGO_NORMAL.bmp
C:\Program Files\SopCast\skin\SOPLOGO_PRESSED.bmp
C:\Program Files\SopCast\skin\SOPSTATUS_NORMAL.bmp
C:\Program Files\SopCast\skin\STOP_DISABLED.bmp
C:\Program Files\SopCast\skin\STOP_HOVER.bmp
C:\Program Files\SopCast\skin\STOP_NORMAL.bmp
C:\Program Files\SopCast\skin\STOP_PRESSED.bmp
C:\Program Files\SopCast\skin\UNMUTE_HOVER.bmp
C:\Program Files\SopCast\skin\UNMUTE_NORMAL.bmp
C:\Program Files\SopCast\skin\UNMUTE_PRESSED.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_HOVER.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_NORMAL.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_PRESSED.bmp
C:\Program Files\SopCast\SopCast.exe
C:\Program Files\SopCast\SopCast.url
C:\Program Files\SopCast\sopocx.ocx
C:\Program Files\SopCast\sopvod.exe
C:\Program Files\SopCast\StreamServer\msvcr71.dll
C:\Program Files\SopCast\StreamServer\plugins\libaccess_output_http_plugin.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_file.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_ftp.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_http.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_mms.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_asf.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_demuxdump.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_dummy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_hotkeys.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_ipv4.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_memcpy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_mux_asf.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_packetizer_copy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_rc.dll
C:\Program Files\SopCast\StreamServer\StreamServer.exe
C:\Program Files\SopCast\uninst.exe
C:\Program Files\SopCast\uninstall.bat
C:\Program Files\SopCast\update\SopChecker.exe
C:\Program Files\SopCast\update\UNZIP.EXE
C:\Program Files\SopCast\update\update.bat
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free\Logs\update.log
D:\Documents and Settings\david.115372460311\err.log
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc\console.html
D:\Documents and Settings\david.115372460311\ResErrors.log

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 17:24 . 2008-01-23 17:24 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-23 17:08 . 2008-01-23 17:08 <REP> d-------- C:\Program Files\Avira
2008-01-23 15:31 . 2008-01-23 16:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 15:31 . 2008-01-23 15:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 11:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2007-12-29 16:18 . 2007-12-29 16:19 <REP> d-------- C:\Program Files\QuickTime
2007-12-26 17:35 . 2007-12-27 12:53 <REP> d-------- C:\Program Files\Fichiers communs\uusee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 16:32 --------- d-----w C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
2008-01-23 15:27 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-19 13:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-02 17:53 --------- d-----w C:\Program Files\TvAnts
2007-12-27 14:06 --------- d-----w C:\Program Files\EasyBurning
2007-11-25 22:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-02-23 17:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_11.40.52,51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 10:38:09 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 14:24:55 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 10:38:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 14:24:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 10:38:09 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 14:24:56 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 10:38:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 14:24:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 10:38:09 5,222,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 14:24:56 5,222,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 10:38:09 114,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 14:24:56 114,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 16:24:57 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-01-23 16:24:57 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-01-23 16:24:57 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 20:04 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-20 08:41 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03 310272]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 13:11 143360]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41 163840]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-23 18:49 20480]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-01 08:30 1836544]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 14:16 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 11:58 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 11:57 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-02 09:33 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 13:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c507739b-16a9-11dc-aa72-000e50d2ca9e}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-19 16:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 17:30:01 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-01-23 17:30:01 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
"2006-06-10 10:26:25 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-23 14:39:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-01 05:30:09 C:\WINDOWS\Tasks\WebReg Photosmart C4100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 18:31:40
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.


et le hijack...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.063\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
23 janv. 2008 à 19:04
on va reutiliser combofix

Copie le texte ci-dessous :

Folder::
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
voici les deux rapports

1/rapport combofix

ComboFix 08-01-23.2 - david 2008-01-23 19:24:21.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.247 [GMT 1:00]
Endroit: D:\Documents and Settings\david.115372460311\Bureau\ComboFix(2).exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\ErreurChasseur
C:\Program Files\ErreurChasseur\swupd.log
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\Program Files\LinkOptimizer
C:\Program Files\LinkOptimizer\LinkOptimizer.dll
C:\Program Files\SopCast
C:\Program Files\SopCast\adv\clips\18CA426D-7B6D-2F41-FCE2-93B1157CCB67\index.htm
C:\Program Files\SopCast\adv\clips\EE067279-16A4-84A3-33F8-B273AB5A44F2\index.htm
C:\Program Files\SopCast\adv\default\default.jpg
C:\Program Files\SopCast\adv\default\default_cn.jpg
C:\Program Files\SopCast\adv\default\home.html
C:\Program Files\SopCast\adv\default\index.html
C:\Program Files\SopCast\adv\sopadver.dat
C:\Program Files\SopCast\adv\SopAdver.exe
C:\Program Files\SopCast\channellist\chlist_adv.xml
C:\Program Files\SopCast\channellist\chlist_live.xml
C:\Program Files\SopCast\channellist\chlist_msg.xml
C:\Program Files\SopCast\channellist\chlist_vod.xml
C:\Program Files\SopCast\config.xml
C:\Program Files\SopCast\CrashReport\XCrashReport.exe
C:\Program Files\SopCast\data
C:\Program Files\SopCast\dbghelp.dll
C:\Program Files\SopCast\install.bat
C:\Program Files\SopCast\IPCamD.ocx
C:\Program Files\SopCast\languages\lang_cn_CH.xml
C:\Program Files\SopCast\languages\lang_cn_HK.xml
C:\Program Files\SopCast\languages\lang_de_DE.xml
C:\Program Files\SopCast\languages\lang_en_US.xml
C:\Program Files\SopCast\languages\lang_es_ES.xml
C:\Program Files\SopCast\languages\lang_fr_FR.xml
C:\Program Files\SopCast\languages\lang_gr_GR.xml
C:\Program Files\SopCast\languages\lang_it_IT.xml
C:\Program Files\SopCast\languages\lang_nl_NL.xml
C:\Program Files\SopCast\languages\lang_pl_PL.xml
C:\Program Files\SopCast\languages\lang_pt_BR.xml
C:\Program Files\SopCast\languages\lang_ro_RO.xml
C:\Program Files\SopCast\languages\lang_sl_SL.xml
C:\Program Files\SopCast\languages\sopcore\lang_en_US.xml
C:\Program Files\SopCast\languages\sopcore\lang_zh_CN.xml
C:\Program Files\SopCast\languages\sopcore\lang_zh_HK.xml
C:\Program Files\SopCast\License.txt
C:\Program Files\SopCast\skin\DURATION_SLIDER_HOVER.bmp
C:\Program Files\SopCast\skin\DURATION_SLIDER_NORMAL.bmp
C:\Program Files\SopCast\skin\DURATION_SLIDER_PRESSED.bmp
C:\Program Files\SopCast\skin\EXPLAYER_DISABLED.bmp
C:\Program Files\SopCast\skin\EXPLAYER_HOVER.bmp
C:\Program Files\SopCast\skin\EXPLAYER_NORMAL.bmp
C:\Program Files\SopCast\skin\EXPLAYER_PRESSED.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_DISABLED.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_HOVER.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_NORMAL.bmp
C:\Program Files\SopCast\skin\FULLSCREEN_PRESSED.bmp
C:\Program Files\SopCast\skin\MAIN_DIALOG.bmp
C:\Program Files\SopCast\skin\MUTE_HOVER.bmp
C:\Program Files\SopCast\skin\MUTE_NORMAL.bmp
C:\Program Files\SopCast\skin\MUTE_PRESSED.bmp
C:\Program Files\SopCast\skin\PAUSE_HOVER.bmp
C:\Program Files\SopCast\skin\PAUSE_NORMAL.bmp
C:\Program Files\SopCast\skin\PAUSE_PRESSED.bmp
C:\Program Files\SopCast\skin\PLAY_HOVER.bmp
C:\Program Files\SopCast\skin\PLAY_NORMAL.bmp
C:\Program Files\SopCast\skin\PLAY_PRESSED.bmp
C:\Program Files\SopCast\skin\sopcore.xml
C:\Program Files\SopCast\skin\SOPLOGO_HOVER.bmp
C:\Program Files\SopCast\skin\SOPLOGO_NORMAL.bmp
C:\Program Files\SopCast\skin\SOPLOGO_PRESSED.bmp
C:\Program Files\SopCast\skin\SOPSTATUS_NORMAL.bmp
C:\Program Files\SopCast\skin\STOP_DISABLED.bmp
C:\Program Files\SopCast\skin\STOP_HOVER.bmp
C:\Program Files\SopCast\skin\STOP_NORMAL.bmp
C:\Program Files\SopCast\skin\STOP_PRESSED.bmp
C:\Program Files\SopCast\skin\UNMUTE_HOVER.bmp
C:\Program Files\SopCast\skin\UNMUTE_NORMAL.bmp
C:\Program Files\SopCast\skin\UNMUTE_PRESSED.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_HOVER.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_NORMAL.bmp
C:\Program Files\SopCast\skin\VOLUME_SLIDER_PRESSED.bmp
C:\Program Files\SopCast\SopCast.exe
C:\Program Files\SopCast\SopCast.url
C:\Program Files\SopCast\sopocx.ocx
C:\Program Files\SopCast\sopvod.exe
C:\Program Files\SopCast\StreamServer\msvcr71.dll
C:\Program Files\SopCast\StreamServer\plugins\libaccess_output_http_plugin.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_file.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_ftp.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_http.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_access_mms.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_asf.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_demuxdump.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_dummy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_hotkeys.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_ipv4.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_memcpy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_mux_asf.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_packetizer_copy.dll
C:\Program Files\SopCast\StreamServer\plugins\plugin_rc.dll
C:\Program Files\SopCast\StreamServer\StreamServer.exe
C:\Program Files\SopCast\uninst.exe
C:\Program Files\SopCast\uninstall.bat
C:\Program Files\SopCast\update\SopChecker.exe
C:\Program Files\SopCast\update\UNZIP.EXE
C:\Program Files\SopCast\update\update.bat
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
D:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free
D:\Documents and Settings\david.115372460311\Application Data\DriveCleaner 2006 Free\Logs\update.log
D:\Documents and Settings\david.115372460311\err.log
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc
D:\Documents and Settings\david.115372460311\Local Settings\Temporary Internet Files\sc\console.html
D:\Documents and Settings\david.115372460311\ResErrors.log

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 18:47 . 2008-01-23 18:47 260 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-23 17:24 . 2008-01-23 17:24 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-23 17:08 . 2008-01-23 17:08 <REP> d-------- C:\Program Files\Avira
2008-01-23 15:31 . 2008-01-23 19:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 15:31 . 2008-01-23 15:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 11:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2007-12-29 16:18 . 2007-12-29 16:19 <REP> d-------- C:\Program Files\QuickTime
2007-12-26 17:35 . 2007-12-27 12:53 <REP> d-------- C:\Program Files\Fichiers communs\uusee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 15:27 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-19 13:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-02 17:53 --------- d-----w C:\Program Files\TvAnts
2007-12-27 14:06 --------- d-----w C:\Program Files\EasyBurning
2007-11-25 22:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-02-23 17:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_11.40.52,51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 10:38:09 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 18:09:50 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 10:38:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 18:09:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 10:38:09 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 18:09:50 688,128 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 10:38:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 18:09:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 10:38:09 5,222,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 18:09:50 5,222,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 10:38:09 114,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 18:09:50 114,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 16:24:57 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-01-23 16:24:57 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-01-23 16:24:57 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 20:04 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-20 08:41 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03 310272]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 13:11 143360]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41 163840]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-23 18:49 20480]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-01 08:30 1836544]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 14:16 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 11:58 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 11:57 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52 3770024]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-02 09:33 185632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 13:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c507739b-16a9-11dc-aa72-000e50d2ca9e}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-19 16:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 18:30:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-01-23 18:30:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
"2006-06-10 10:26:25 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-23 14:39:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-01 05:30:09 C:\WINDOWS\Tasks\WebReg Photosmart C4100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 19:28:55
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.


et rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
heeeeeeeelp
0
nobody to help me?
0
quelqun pour m'ader auj?
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
24 janv. 2008 à 09:38
bonjour daveke,

j´aimerais que tu fasse un scan en ligne a l´aide de bitdefender :

voici comment proceder :

Scan en ligne bitdefender :

https://www.bitdefender.com/toolbox/

Clicker sur " I agree " et suivre les indications

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

Post le rapport quand il aura terminé

@+
0
voila rapport! hé bien, je pensais que jamais cela ne se terminerait! :)

BitDefender Online Scanner







Scan report generated at: Thu, Jan 24, 2008 - 11:30:26









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;















Statistics

Time


01:17:47

Files


546235

Folders


10715

Boot Sectors


4

Archives


8056

Packed Files


24413







Results

Identified Viruses


6

Infected Files


11

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


11







Engines Info

Virus Definitions


976797

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\runner.exe


Detected with: Adware.Backweb.M

C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\runner.exe


Deleted

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe


Detected with: Adware.Backweb.M

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe


Deleted

C:\QooBox\Quarantine\C\Program Files\LinkOptimizer\LinkOptimizer.dll.vir


Infected with: Trojan.Downloader.Winshow.C

C:\QooBox\Quarantine\C\Program Files\LinkOptimizer\LinkOptimizer.dll.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe.vir


Infected with: Trojan.Downloader.CGW

C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe.vir


Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP592\A0063075.dll


Infected with: Trojan.Downloader.Winshow.C

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP592\A0063075.dll


Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0063454.exe


Detected with: Adware.Backweb.M

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0063454.exe


Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0063455.exe


Detected with: Adware.Backweb.M

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0063455.exe


Deleted

C:\WINDOWS\Downloaded Program Files\gsda.dll


Detected with: Application.Downloader.Spygame.A

C:\WINDOWS\Downloaded Program Files\gsda.dll


Deleted

C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll


Detected with: Adware.Wildtangent.B

C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll


Deleted

C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll


Detected with: Adware.Wildtangent.B

C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll


Deleted

D:\Documents and Settings\david.115372460311\Mes documents\Mes fichiers reçus\SetupPoker.exe


Detected with: Adware.TDI

D:\Documents and Settings\david.115372460311\Mes documents\Mes fichiers reçus\SetupPoker.exe


Deleted
0
il y avait encore ceci pour rapport que j'avais vu dans une autre page

BitDefender Online Scanner - Real Time Virus Report







Generated at: Thu, Jan 24, 2008 - 11:36:17









Scan Info







Scanned Files


557239

Infected Files


11















Virus Detected







Adware.TDI


1

Application.Downloader.Spygame.A


1

Adware.Backweb.M


4

Adware.Wildtangent.B


2

Trojan.Downloader.CGW


1

Trojan.Downloader.Winshow.C


2
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
24 janv. 2008 à 11:45
ok tres bien ;-)

post un nouveau hijack this stp

@+
0
rapport...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.157\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
24 janv. 2008 à 12:12
re,

A l´aide de hijack this coche et fix les lignes ci dessous:

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

puis

« Démarrer » > « Executer » > taper cmd > et valide par ok

et tape ceci avec les espaces dans la fenetre noir qui va apparaitre

sc stop "SAVScan" ==> [Enter]
sc config "SAVScan" start= disabled ==> [Enter]

sc delete "SAVScan" ==> [Enter]

et pareil pour : "Boonty Games"

puis

ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou foxit plus léger :

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

et

appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.5.0_10 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03

fais analyser ceci :

C:\WINDOWS\wt\updater\wcmdmgr.exe

sur ce site :

https://www.virustotal.com/gui/

et post le resultat ici avec un nouveau hijack this stp

@+
0
re,

voici le rapport pour le fichier exe.

MD5: 9a843eb5f27d0b9d043c4dbf91687853
Date 2008.01.18 22:18:38 (CET) [>5D]
Résultats 2/32
Permalink: analisis/d869f320da0ac3f5faeaad1d2bf474aa

et le rapport complet

Fichier wcmdmgr.exe reçu le 2008.01.18 22:12:21 (CET)
Situation actuelle: terminé
Résultat: 2/32 (6.25%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.1.19.10 2008.01.18 -
AntiVir 7.6.0.48 2008.01.18 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.18 -
AVG 7.5.0.516 2008.01.18 -
BitDefender 7.2 2008.01.18 -
CAT-QuickHeal 9.00 2008.01.18 -
ClamAV 0.91.2 2008.01.18 -
DrWeb 4.44.0.09170 2008.01.18 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5468 2008.01.18 -
Ewido 4.0 2008.01.18 -
FileAdvisor 1 2008.01.18 -
Fortinet 3.14.0.0 2008.01.18 -
F-Prot 4.4.2.54 2008.01.17 -
F-Secure 6.70.13260.0 2008.01.18 -
Ikarus T3.1.1.20 2008.01.18 AdWare.WildTangent
Kaspersky 7.0.0.125 2008.01.18 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.18 -
NOD32v2 2806 2008.01.18 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.18 -
Prevx1 V2 2008.01.18 -
Rising 20.27.42.00 2008.01.18 -
Sophos 4.24.0 2008.01.18 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.18 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 Adware.WildTangent
VirusBuster 4.3.26:9 2008.01.18 -
Webwasher-Gateway 6.6.2 2008.01.18 -
Information additionnelle
File size: 143360 bytes
MD5: 9a843eb5f27d0b9d043c4dbf91687853
SHA1: af18c1af18aac03eb4458968f0853578cb945786
PEiD: Armadillo v1.71

celui de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
24 janv. 2008 à 13:51
ok

fais ceci :

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\wt\updater\wcmdmgr.exe

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

post le rapport de ot move it et celui de avg

@+
0
je n'ai pas trouvé le rapport pour OTmoveit, je recherche dans le c mais ne trouve pas l'application! mais j'ai bien remover le lienb que tu m'as donné!

sinon voici le rapport d'avg...

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:56 2008-01-24

+ Résultat de l'analyse:



C:\WINDOWS\wt\backup\1.6.0.037\wcmdmgr.exe -> Adware.Wildtangent : Aucune action entreprise.
C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Aucune action entreprise.
:mozilla.146:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.169:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.181:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.75:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.76:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.133:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.134:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.135:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.136:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.137:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.138:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.82:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.83:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.84:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
D:\Documents and Settings\david.115372460311\Cookies\david@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.163:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
:mozilla.37:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
D:\Documents and Settings\david.115372460311\Cookies\david@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.36:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
D:\Documents and Settings\david.115372460311\Cookies\david@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.193:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.194:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.195:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.196:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.197:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.143:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Connextra : Aucune action entreprise.
:mozilla.144:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Connextra : Aucune action entreprise.
:mozilla.145:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Connextra : Aucune action entreprise.
:mozilla.24:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.105:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.155:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.157:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.158:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.159:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.160:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.161:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.112:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Hitslink : Aucune action entreprise.
:mozilla.102:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.103:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.52:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
D:\Documents and Settings\david.115372460311\Cookies\david@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
:mozilla.81:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.129:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.130:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.131:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.132:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.66:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.67:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.68:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.69:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.70:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.71:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.72:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
D:\Documents and Settings\david.115372460311\Cookies\david@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
D:\Documents and Settings\david.115372460311\Cookies\david@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.48:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.49:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.50:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.166:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.167:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.168:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.62:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.63:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.40:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Webtrends : Aucune action entreprise.
:mozilla.56:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.57:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.58:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
24 janv. 2008 à 16:03
re,

tu as supprimé tout ce qu´avg a trouvé? car la ca dis aucune action entreprise...

j´ai vu que dnas le lot il y a EvID4226Patch.exe, je crois que tu devras le reprendre...

comment va ton pc maintenant?

@+
0
oui en effet j'avais oublié de lancer l'application mais ensuite je l'ai fait sans conserver le lien que tu avais noté! arf!
mais en tout cas c'est tjrs aussi lent! :(

voici rapport avg final

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:06 2008-01-24

+ Résultat de l'analyse:



C:\WINDOWS\wt\backup\1.6.0.037\wcmdmgr.exe -> Adware.Wildtangent : Nettoyé.
C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Nettoyé.
:mozilla.146:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.169:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.181:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.75:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.76:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.133:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.134:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.135:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.136:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.137:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.138:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.82:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.83:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.84:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
D:\Documents and Settings\david.115372460311\Cookies\david@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.163:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.37:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
D:\Documents and Settings\david.115372460311\Cookies\david@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.36:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\david.115372460311\Cookies\david@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.193:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.194:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.195:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.196:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.197:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.143:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.144:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.145:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.24:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.105:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.155:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.157:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.158:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.159:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.160:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.161:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.112:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyé.
:mozilla.102:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.103:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.52:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
D:\Documents and Settings\david.115372460311\Cookies\david@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.81:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.129:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.130:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.131:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.132:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.66:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.67:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.68:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.69:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.70:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.71:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.72:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\david.115372460311\Cookies\david@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\david.115372460311\Cookies\david@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.48:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.49:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.50:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.166:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.167:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.168:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.62:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.63:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.40:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.56:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.57:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.58:D:\Documents and Settings\david.115372460311\Application Data\Mozilla\Firefox\Profiles\26qnzkem.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
24 janv. 2008 à 16:32
ok

tu peux reposter un hijack this stp

@+
0
voici le rapport..ça a l'air grave ou quoi? vu qu'il n'y a encore aucune ameliorations?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\DAVID~1.115\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.rsca.be/board.php?boardid=2&sid=d1fa07a6ae26b981c8f95c1e50123e0c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.rsca.be/en
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.fr.fr-be\msntb.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D999207-8832-433A-BE74-63213272BE1E}: NameServer = 195.238.2.22 195.238.2.21
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
24 janv. 2008 à 16:51
re,

C:\WINDOWS\wt\updater\wcmdmgr.exe

il est toujours la...

fais ceci

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

wcmdmgr.exe

- Type de recherche : sélectionne l'option 6 puis valide


OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

@+
0
voici le rapport, ça a encore été rapide! :)

2008-01-24 ---- 16:57:55.98

----------------------------------
§§§§§§ [C:\WINDOWS\wt\updater\wcmdmgr.exe ] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
tjrs pas d'ameliorations! :(((
0
personne?
0