Infostealer

cdac Messages postés 48 Statut Membre -  
cdac Messages postés 48 Statut Membre -
Bonjour,
question à qui saurait m'aider.
suis infecté par : SPYWARE.INFOSTEALER_BZUP.BF_0X0000001E
ce virus m'empèche de me mettre à jour ave mcafee
que dois je faire pour ne pas devoir booté mon ordi.
merci de tout vos conseils. ne pas oublier, EASY je suis novice
Configuration: Windows XP
Internet Explorer 7.0

33 réponses

  • 1
  • 2
Résumé de la discussion

Infection par SPYWARE.INFOSTEALER_BZUP.BF_0X0000001E empêche les mises à jour de McAfee sur Windows XP avec Internet Explorer 7, compliquant la situation d’un utilisateur novice. Plusieurs propositions consistent à désactiver temporairement l’antivirus, redémarrer le système et envisager une réinstallation, éventuellement après suppression des éléments Norton. D'autres conseils évoquent l'usage d'outils externes comme VirusTotal pour analyser un fichier suspect, ou l'examen de critères sensibles et de fichiers système. En complément, certaines suggestions recommandent des vérifications de points de restauration et la recherche de traces pertinentes, sans conclure sur une solution immédiate.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    Salut

    Mets ton hijackthis ici , stp
    et pà partir de la première ligne

    Y adu boulot dessus
    0
    1. cdac Messages postés 48 Statut Membre
       
      Voila, j'espère que ce ce que tu désire. sinon, eclaire moi. Au fait j'ai telechargé trend micro hijack this v2.2.
      que puis-je faire avec. bàt
      cdac
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\beuk.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
      O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
      O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
      O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwzh.exe] C:\WINDOWS\system32\kdwzh.exe
      O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\365_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\PRINT_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\WINK_U~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\AALLYZ75\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\366_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\COMMON~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\FR_YAH~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\BOTTOM~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\S78VXH00\WINK_U~2.SH! d:\DOCUME~1\sda\LOCALS~1\temp\WEREE0~1.SH!
      O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
      O17 - HKLM\System\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer = 85.255.112.12;85.255.112.173
      O17 - HKLM\System\CCS\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer = 85.255.112.12;85.255.112.173
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
      O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
      O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

      --
      0
  2. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    SAlut

    Non, la première ligne , ça commence par logfile....
    0
    1. cdac Messages postés 48 Statut Membre
       
      voila - sorry
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:02:01, on 4/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\WINDOWS\System32\alg.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\WINDOWS\Explorer.EXE
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\Apps\Softex\OmniPass\scureapp.exe
      C:\APPS\Powercinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Norton Ghost\Agent\GhostTray.exe
      C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\APPS\skype\Phone\Skype.exe
      C:\Program Files\FeedReader30\feedreader.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\msiconf.exe
      C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
      C:\APPS\SKYPE\Plugin Manager\skypePM.exe
      C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\SearchFilterHost.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\HiJackThis.exe
      C:\WINDOWS\system32\wuauclt.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\beuk.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
      O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
      O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
      O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwzh.exe] C:\WINDOWS\system32\kdwzh.exe
      O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\365_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\PRINT_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\WINK_U~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\AALLYZ75\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\366_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\COMMON~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\FR_YAH~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\BOTTOM~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\S78VXH00\WINK_U~2.SH! d:\DOCUME~1\sda\LOCALS~1\temp\WEREE0~1.SH!
      O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
      O17 - HKLM\System\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer = 85.255.112.12;85.255.112.173
      O17 - HKLM\System\CCS\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer = 85.255.112.12;85.255.112.173
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
      O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
      O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      0
    2. cdac Messages postés 48 Statut Membre
       
      j'ai sur ma machine ghost qui permet suivant recherche de restaurer à partir d'un point. suivant recherche le dernier point date du 04/08. Est ce utile de reprendre à partir de là
      0
    3. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875 > cdac Messages postés 48 Statut Membre
       
      ça pourrait mais tu perds tout entre temps, alors que ça doit etre possible de nettoyer simplement
      0
    4. cdac Messages postés 48 Statut Membre > noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention  
       
      ok ,je tente
      0
    5. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875 > cdac Messages postés 48 Statut Membre
       
      Si tu veux, mais tu refais un hijackthis une fois quetu as restauré , pour voir si c'est sain
      0
  3. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    ok

    c'est parti ;)

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.
    ----------------------------------------------------------------------------
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    0
    1. cdac Messages postés 48 Statut Membre
       
      il me dit que je dois telecharger l'ensemble du fichier car PROCESS .EXE absent....et puis quand je fait exe, mcafee bloc le programme. que faire
      0
  4. cdac Messages postés 48 Statut Membre
     
    voila j ai reussi
    SmitFraudFix v2.381

    Scan done at 12:52:57,21, Fri 05/12/2008
    Run from C:\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Apps\Softex\OmniPass\scureapp.exe
    C:\APPS\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\APPS\skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\msiconf.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\APPS\SKYPE\Plugin Manager\skypePM.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» D:\

    D:\resycled\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\msiconf.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\sda

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\sda\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\sda\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\sda\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"="kdwzh.exe"

    kdwzh.exe detected !

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
    DNS Server Search Order: 85.255.112.12;85.255.112.173

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer=85.255.112.12;85.255.112.173
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    tu fais l'option 2

    et ensuite l'option 5, et tu poste les 2rapports

    @+
    0
    1. cdac Messages postés 48 Statut Membre
       
      premier rapport
      option2
      merci déjà pour tout, je continue
      SmitFraudFix v2.381

      Scan done at 13:17:24,50, Fri 05/12/2008
      Run from C:\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      The filesystem type is NTFS
      Fix run in safe mode

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Killing process


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost
      192.168.1.41 HP000D9D0362E2

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

      C:\WINDOWS\system32\msiconf.exe Deleted
      D:\resycled\ Deleted

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, following keys are not inevitably infected!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"="kdwzh.exe"

      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

      Registry Cleaning done.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Reboot

      C:\WINDOWS\system32\kdwzh.exe Deleted

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» End
      0
    2. cdac Messages postés 48 Statut Membre
       
      Rapport 2 option 5
      SmitFraudFix v2.381

      Scan done at 13:38:21,76, Fri 05/12/2008
      Run from C:\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      The filesystem type is NTFS
      Fix run in normal mode

      »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

      Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

      Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
      DNS Server Search Order: 85.255.112.12;85.255.112.173

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{25FA997B-5BC6-4D1C-BA84-9F87E1CCC2CB}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{988210B5-4E39-4479-86AB-F5436F095619}: NameServer=85.255.112.12;85.255.112.173
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

      »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
      0
  7. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    ok, tu refais un nouvel hijackthis
    et tu le postes stp,
    @+
    0
    1. cdac Messages postés 48 Statut Membre
       
      voici, ps dois attendre pour reinstaller mcafee?? bàt
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:58:25, on 5/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\notepad.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\Apps\Softex\OmniPass\scureapp.exe
      C:\APPS\Powercinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Norton Ghost\Agent\GhostTray.exe
      C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\APPS\skype\Phone\Skype.exe
      C:\Program Files\FeedReader30\feedreader.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
      C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\APPS\SKYPE\Plugin Manager\skypePM.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\notepad.exe
      D:\DOCUME~1\sda\LOCALS~1\Temp\McInstallTemp\Install.exe
      C:\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
      O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
      O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
      O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwzh.exe] C:\WINDOWS\system32\kdwzh.exe
      O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\365_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\PRINT_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\WINK_U~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\AALLYZ75\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\366_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\COMMON~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\FR_YAH~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\BOTTOM~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\S78VXH00\WINK_U~2.SH! d:\DOCUME~1\sda\LOCALS~1\temp\WEREE0~1.SH!
      O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
      O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
      O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      0
  8. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    DEja tu va supprimer ce qui rste de norton, avant de reinstaller mcAfee

    Regarde là pour le faire
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/e1422b2508cec946882568c70062bbf8/1168d30686f6fdb080256fe3003757be?OpenDocument

    ensuite tu peux reinstaller

    et ensuite tu fais cela

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

    0
    1. cdac Messages postés 48 Statut Membre
       
      dis, c'est normal que ça dure si lontemps?? j'ai placé un icone sur mon bureau et ai cliqué deux fois. l'icone est winzip Self-extractor.
      0
  9. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    Ah! non

    normalement en doublecliquant sur l'icone, il doit s'executer et une fentre DOS doit apparaitre

    réessaie
    0
    1. cdac Messages postés 48 Statut Membre
       
      j'ai le fameu norton ghost. celui-ci sera egalement detruit??
      Pour l'instant ça ne veux pas fonctionner. il me dit qu 'un autre application de reparatio symNRTest en cours. dans les task je ne vois rien. quid??
      0
  10. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    pour Norton ne fait rien, je me renseigne.

    Pour toolbarSD, ça m'ennuie ça marche simplement, normalement.

    Tu as bien enregistrer le fichier sur ton bureau, pas juste fait executer ?
    0
    1. cdac Messages postés 48 Statut Membre
       
      oui,
      j'ai essayé en l'enregisrant sur c et en faisant l'extraction sur bureau. tjr rien et il continue à dire q'un programme est en cours
      0
    2. cdac Messages postés 48 Statut Membre
       
      pardons, je me suis arrete à norton et pas fais toolbar. je m'execute now. je dois partir et je reviens. j'espère que tu sera ecore jopingnable. +
      0
    3. cdac Messages postés 48 Statut Membre
       
      voici +
      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
      BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
      USER : sda ( Administrator )
      BOOT : Normal boot
      Antivirus : McAfee VirusScan (Activated)
      Firewall : McAfee Personal Firewall (Activated)
      C:\ (Local Disk) - NTFS - Total:29 Go (Free:11 Go)
      D:\ (Local Disk) - NTFS - Total:249 Go (Free:171 Go)
      E:\ (CD or DVD)
      F:\ (USB) - FAT32 - Total:7696 Mo (Free:6 Go)
      J:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [1] ( Fri 05/12/2008|15:34 )

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Url"="http://www.microsoft.com/athome/community/rss.xml"
      "Url"="http://www.microsoft.com/atwork/community/rss.xml"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      D:\DOCUME~1\sda\Local Settings\Application Data\ApplicationHistory\serial prevx csi 1.6.104.128 crack(no cd).exe.78c3ab84.ini



      1 - "C:\ToolBar SD\TB_1.txt" - Fri 05/12/2008|15:37 - Option : [1]

      -----------\\ Fin du rapport a 15:37:06,68
      0
  11. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    ça il faut le virer

    D:\DOCUME~1\sda\Local Settings\Application Data\ApplicationHistory\serial prevx csi 1.6.104.128 crack(no cd).exe.78c3ab84.ini

    ensuite relance l'otion 2 de toolbar S&D

    et faiis ceci ensuite
    Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    Lance l'installation avec les paramètres par défaut.

    Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

    Double-clique sur le raccourci UsbFix sur ton Bureau.

    Le PC va redémarrer.

    Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    0
  12. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    a , c'est à virer
    D:\DOCUME~1\sda\Local Settings\Application Data\ApplicationHistory\serial prevx csi 1.6.104.128 crack(no cd).exe.78c3ab84.ini

    relnce toolbar S&D, fait l'option 2

    et ensuite

    Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    Lance l'installation avec les paramètres par défaut.

    Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

    Double-clique sur le raccourci UsbFix sur ton Bureau.

    Le PC va redémarrer.

    Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    0
    1. cdac Messages postés 48 Statut Membre
       
      ok je fais cela. as tu des nouvelle pour norton. finalement pendant mon absence il a fait sont travail et attend que je confirlme la destruction de norton. PS tout y est ...meme ghost..alors,quid.ghost??
      0
    2. cdac Messages postés 48 Statut Membre
       
      voici

      -------------- UsbFix V2.413.2 ---------------

      * User : sda - SERGE
      * Outils mis a jours le 01/12/2008 par Chiquitine29 et Chimay8
      * Recherche effectuée à 18:09:16 le Fri 05/12/2008
      * Windows Xp - Internet Explorer 7.0.5730.13


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\SearchFilterHost.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      D:\DOCUME~1\sda\LOCALS~1\Temp\18.tmp\b2e.exe

      --------------- [ Informations lecteurs ] ----------------

      C: - Fixed Drive

      D: - Fixed Drive

      F: - Removable Drive


      --------------- [ Lecteur C ] ----------------

      C: - Fixed Drive


      +- Listing des fichiers présents :

      [23/10/2007 09:05][--a------] C:\AUTOEXEC.BAT
      [04/08/2004 14:00][--a------] C:\NTDETECT.COM
      [05/12/2008 13:54][--a------] C:\DMSetup.exe
      [05/12/2008 13:54][--a------] C:\HiJackThis.exe
      [05/12/2008 13:54][--a------] C:\Norton_Removal_Tool.exe
      [06/06/2007 13:37][-rahs----] C:\BOOT.INI
      [06/06/2007 13:37][-rahs----] C:\dirref.ini
      [04/03/2008 10:50][--a------] C:\ASLog.txt
      [04/03/2008 10:50][--a------] C:\DWNLOG.TXT
      [04/03/2008 10:50][--a------] C:\fabexlog.txt
      [04/03/2008 10:50][--a------] C:\MCDLOG.TXT
      [04/03/2008 10:50][--a------] C:\rapport.txt
      [04/03/2008 10:50][--a------] C:\SAUDIT.TXT
      [04/03/2008 10:50][--a------] C:\TB.txt
      [04/03/2008 10:50][--a------] C:\UsbFix.txt
      [04/03/2008 10:50][--a------] C:\YServer.txt
      [04/03/2008 10:50][--a------] C:\_Sid.txt
      [][] C:\hiberfil.sys
      [][] C:\IO.SYS
      [][] C:\MSDOS.SYS
      [][] C:\pagefile.sys

      --------------- [ Lecteur D ] ----------------

      D: - Fixed Drive


      +- Listing des fichiers présents :


      --------------- [ Lecteur F ] ----------------

      F: - Removable Drive


      +- Listing des fichiers présents :


      --------------- [ Registre / Startup ] ----------------

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
      H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      Skype="C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      feedreader.exe="C:\Program Files\FeedReader30\feedreader.exe"
      swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      Yahoo! Pager="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
      updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      DelayShred=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\365_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\PRINT_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\WINK_U~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\AALLYZ75\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\366_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\COMMON~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\FR_YAH~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\BOTTOM~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\S78VXH00\WINK_U~2.SH! d:\DOCUME~1\sda\LOCALS~1\temp\WEREE0~1.SH!
      msiexec.exe=msiconf.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      nwiz=nwiz.exe /install
      NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      High Definition Audio Property Page Shortcut=HDAShCut.exe
      RTHDCPL=RTHDCPL.EXE
      Alcmtr=ALCMTR.EXE
      Vade Retro Outlook Express="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      DetectorApp=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      OmniPass=C:\Apps\Softex\OmniPass\scureapp.exe
      PCMService="c:\APPS\Powercinema\PCMService.exe"
      McENUI=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
      HP Software Update="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      Norton Ghost 10.0="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
      HP Update Assistant=C:\WINDOWS\system32\HPAware.exe
      Adobe Photo Downloader="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      IdiomaX Office=C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
      mcagent_exe="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      C:\WINDOWS\system32\kdwzh.exe=C:\WINDOWS\system32\kdwzh.exe
      McAfee Backup="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
      Installed=1
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
      Installed=1
      NoChange=1
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
      Installed=1

      --------------- [ Registre / Mountpoint2 ] ----------------


      -> Recherche négative.

      --------------- [ Nettoyage des disques ] ----------------

      Supprimé ! - [05/12/2008 13:20][--a------] C:\WINDOWS\system32\tmp.reg
      Supprimé ! - [05/12/2008 13:20][--a------] C:\WINDOWS\system32\tmp.txt
      Supprimé ! - [01/12/2008 18:43][-r-hs----] C:\resycled\boot.com
      Supprimé ! - [05/12/2008 18:09][dr-hs----] C:\resycled

      --------------- [ Resumé ] ----------------

      -> /!\ Le resultat doit etre interprété par un spécialiste /!\

      [23/10/2007 09:05][--a------] C:\AUTOEXEC.BAT
      [04/08/2004 14:00][--a------] C:\NTDETECT.COM
      [05/12/2008 13:54][--a------] C:\DMSetup.exe
      [05/12/2008 13:54][--a------] C:\HiJackThis.exe
      [05/12/2008 13:54][--a------] C:\Norton_Removal_Tool.exe
      [06/06/2007 13:37][-rahs----] C:\BOOT.INI
      [06/06/2007 13:37][-rahs----] C:\dirref.ini

      --------------- ! Fin du rapport ! ----------------
      0
  13. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    tu as le rappport toolbar sd, option 2 egalement

    0
    1. cdac Messages postés 48 Statut Membre
       
      ok c'est ça je crois.
      j'ai pris ma becanne avec moi.
      donc ont poursuit si possible
      bàt
      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
      BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
      USER : sda ( Administrator )
      BOOT : Normal boot
      Antivirus : McAfee VirusScan (Activated)
      Firewall : McAfee Personal Firewall (Activated)
      C:\ (Local Disk) - NTFS - Total:29 Go (Free:11 Go)
      D:\ (Local Disk) - NTFS - Total:249 Go (Free:171 Go)
      E:\ (CD or DVD)
      F:\ (USB) - FAT32 - Total:7696 Mo (Free:6 Go)
      J:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [1] ( Fri 05/12/2008|15:34 )

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Url"="http://www.microsoft.com/athome/community/rss.xml"
      "Url"="http://www.microsoft.com/atwork/community/rss.xml"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      D:\DOCUME~1\sda\Local Settings\Application Data\ApplicationHistory\serial prevx csi 1.6.104.128 crack(no cd).exe.78c3ab84.ini



      1 - "C:\ToolBar SD\TB_1.txt" - Fri 05/12/2008|15:37 - Option : [1]

      -----------\\ Fin du rapport a 15:37:06,68
      0
  14. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    ça c'est l'option 1

    recommence ;))

    reboot ensuite

    et poste un nouvel hijackthis egalement
    0
    1. cdac Messages postés 48 Statut Membre
       
      voici
      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
      BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
      USER : sda ( Administrator )
      BOOT : Normal boot
      Antivirus : McAfee VirusScan (Activated)
      Firewall : McAfee Personal Firewall (Activated)
      C:\ (Local Disk) - NTFS - Total:29 Go (Free:11 Go)
      D:\ (Local Disk) - NTFS - Total:249 Go (Free:171 Go)
      E:\ (CD or DVD)
      J:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [2] ( Fri 05/12/2008|21:13 )

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Url"="http://www.microsoft.com/athome/community/rss.xml"
      "Url"="http://www.microsoft.com/atwork/community/rss.xml"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr/"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - Fri 05/12/2008|15:37 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - Fri 05/12/2008|21:16 - Option : [2]

      -----------\\ Fin du rapport a 21:16:53,46
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:19:39, on 5/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\Apps\Softex\OmniPass\scureapp.exe
      C:\APPS\Powercinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Norton Ghost\Agent\GhostTray.exe
      C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\APPS\skype\Phone\Skype.exe
      C:\Program Files\FeedReader30\feedreader.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
      C:\APPS\SKYPE\Plugin Manager\skypePM.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
      C:\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
      O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
      O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
      O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwzh.exe] C:\WINDOWS\system32\kdwzh.exe
      O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\365_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\PRINT_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\WINK_U~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\AALLYZ75\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\366_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\COMMON~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\FR_YAH~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\BOTTOM~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\S78VXH00\WINK_U~2.SH! d:\DOCUME~1\sda\LOCALS~1\temp\WEREE0~1.SH!
      O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
      O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
      O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      0
  15. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\kdwzh.exe
    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.
    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.
    0
    1. cdac Messages postés 48 Statut Membre
       
      je ne trouve pazs ds systeme32 le fichier. inexistant
      0
      1. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875 > cdac Messages postés 48 Statut Membre
         
        AS-tu affiché les fichiers cachés?

        sinon fait ceci

        Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
        http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
        Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
        • Redémarre ton ordinateur
        • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
        • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
        • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
        • Choisis ton compte.
        Déroule la liste des instructions ci-dessous :
        • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
        • Appuie sur Y pour commencer le processus de nettoyage.
        • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
        • Appuie sur une touche pour redémarrer le PC.
        • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
        • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
        • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
        • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
        • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

        lien de upload
        https://www.bleepingcomputer.com/submit-malware.php?channel=27
        0
      2. cdac > noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention  
         
        voila ce qui etait demandé. j'espère qu'on avance.

        Pour ma part après etre revenu l'ordi avait une fenetre bleue avec comme mesage d'erreur :
        0X0000008E (0XC0000005,0X80509D31,0XB225F29C,0X00000000). Sais pas si ça peut aider.
        bàt
        Norman Malware Cleaner
        Copyright © 1990 - 2008, Norman ASA. Built 2008/12/05 09:13:31

        Norman Scanner Engine Version: 5.93.01
        Nvcbin.def Version: 5.93.00, Date: 2008/12/05 09:13:31, Variants: 2281922

        Running pre-scan cleanup routine:
        Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 2
        Logged on user: SERGE\sda


        Scan started: 06/12/2008 13:51:56


        Scanning running processes and process memory...

        C:\WINDOWS\Explorer.EXE(3896) (C:\WINDOWS\system32\HPDirecter.dll!0x02D90000) (Infected with W32/BHO.BGA)
        File marked for defered cleaning (reboot required)

        C:\Program Files\Internet Explorer\iexplore.exe(5540) (C:\WINDOWS\system32\HPDirecter.dll!0x03460000) (Infected with W32/BHO.BGA)
        File marked for defered cleaning (reboot required)

        C:\WINDOWS\System32\drivers\3672251a.sys (Error opening file: Not found)

        Number of processes/threads found: 4712
        Number of processes/threads scanned: 4711
        Number of processes/threads not scanned: 1
        Number of infected processes/threads terminated: 0
        Total scanning time: 1m 48s


        Scanning file system...

        Scanning: C:\*.*

        C:\SmitfraudFix.zip/SmitfraudFix/VACFix.exe (Infected with W32/Smalldrp.APNN)
        Deleted file

        HIJACK :

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 15:52:18, on 6/12/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16735)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
        C:\WINDOWS\System32\GEARSec.exe
        C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
        C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\program files\common files\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\Norton Ghost\Agent\VProSvc.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Apps\Softex\OmniPass\Omniserv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
        C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
        C:\Program Files\RealVNC\WinVNC\WinVNC.exe
        C:\WINDOWS\system32\SearchIndexer.exe
        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        C:\Apps\Softex\OmniPass\OPXPApp.exe
        c:\PROGRA~1\mcafee.com\agent\mcagent.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
        C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
        C:\Apps\Softex\OmniPass\scureapp.exe
        C:\APPS\Powercinema\PCMService.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Norton Ghost\Agent\GhostTray.exe
        C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Microsoft ActiveSync\wcescomm.exe
        C:\PROGRA~1\MICROS~4\rapimgr.exe
        C:\APPS\skype\Phone\Skype.exe
        C:\Program Files\FeedReader30\feedreader.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
        C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
        C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
        C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
        C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
        C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\APPS\SKYPE\Plugin Manager\skypePM.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\WINDOWS\system32\SearchProtocolHost.exe
        C:\HiJackThis.exe

        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
        O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
        O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll (file missing)
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
        O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
        O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
        O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
        O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
        O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
        O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
        O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
        O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
        O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwzh.exe] C:\WINDOWS\system32\kdwzh.exe
        O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
        O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
        O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\365_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\PRINT_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\WINK_U~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\AALLYZ75\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\366_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\COMMON~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\FR_YAH~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\BOTTOM~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\S78VXH00\WINK_U~2.SH! d:\DOCUME~1\sda\LOCALS~1\temp\WEREE0~1.SH!
        O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
        O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
        O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
        O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
        O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
        O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
        O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
        O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
        O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
        O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
        O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
        O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
        O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
        0
      3. cdac > noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention  
         
        vor message avant celui de 15h59
        0
  16. cdac Messages postés 48 Statut Membre
     
    bjr,
    je ne sais si j'ai bien fait, mais suis arrive sur page bleu avec option 1 hard drive. j'ai fait enter et ensuite j'ai fait SDFIX et runthis bat.
    à nouveau page bleu et pas de y. donc j'ai choisi option 2 nettoyaer malware et norman malware s'est mis en route et poursuit ses recherche. est ce bon.
    bàt
    0
  17. cdac
     
    voir message precedent. bizarre, je reçoit mes propres message envoyé
    0
  18. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    C'est bon

    tu as rebooter depuis ?

    sinon fait le ,

    <et reposte un nouvel hijackthis ensuite
    @+
    0
    1. cdac Messages postés 48 Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:23:33, on 6/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\WINDOWS\system32\wuauclt.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\Apps\Softex\OmniPass\scureapp.exe
      C:\APPS\Powercinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Norton Ghost\Agent\GhostTray.exe
      C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\APPS\skype\Phone\Skype.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
      C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
      C:\APPS\SKYPE\Plugin Manager\skypePM.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll (file missing)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
      O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
      O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IdiomaX Office] C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
      O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwzh.exe] C:\WINDOWS\system32\kdwzh.exe
      O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
      O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\365_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\PRINT_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\WINK_U~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\AALLYZ75\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ASY1S2TG\366_1_~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\COMMON~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\ARIGXBFP\FR_YAH~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\MEMBER~1.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\8XD4789M\BOTTOM~2.SH! D:\DOCUME~1\sda\LOCALS~1\TEMPOR~1\Content.IE5\S78VXH00\WINK_U~2.SH! d:\DOCUME~1\sda\LOCALS~1\temp\WEREE0~1.SH!
      O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
      O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
      O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
      O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\RAMaint.exe (file missing)
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
      0
  19. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    tu peux afficher le fichier cachés , et reverifie si tu trouve ce fichier

    C:\WINDOWS\system32\kdwzh.exe
    et si tu le trouve depose le ici

    https://www.broadcom.com/

    0
    1. cdac Messages postés 48 Statut Membre
       
      tjr pas trouve le fichier dans systeme 32. voici le rapport demande. merci encore

      ComboFix 08-12-05.06 - sda 2008-12-06 17:28:09.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1238 [GMT 1:00]
      Running from: d:\documents and settings\sda\Desktop\ComboFix.exe
      * Created a new restore point
      * Resident AV is active

      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\qtoprtuq.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_qtoprtuq
      -------\Service_qtoprtuq


      ((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
      .

      2008-12-06 10:06 . 2008-12-06 13:47 <DIR> d-------- C:\SDFix
      2008-12-05 17:57 . 2008-12-05 18:10 <DIR> d-------- c:\program files\UsbFix
      2008-12-05 15:33 . 2008-12-05 21:16 <DIR> d-------- C:\ToolBar SD
      2008-12-05 15:20 . 2008-12-05 15:20 2,404,352 --a------ C:\Norton_Removal_Tool.exe
      2008-12-05 15:16 . 2008-12-05 15:16 <DIR> d-------- c:\windows\system32\Temp
      2008-12-05 13:53 . 2008-12-05 13:54 1,226,248 --a------ C:\DMSetup.exe
      2008-12-05 13:14 . 2008-12-05 13:14 552 --a------ c:\windows\system32\d3d8caps.dat
      2008-12-05 12:52 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
      2008-12-05 12:52 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
      2008-12-05 12:52 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
      2008-12-05 12:52 . 2008-12-05 12:29 53,248 --a------ c:\windows\system32\Process.exe
      2008-12-05 12:52 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
      2008-12-05 12:52 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
      2008-12-05 12:29 . 2008-12-05 13:39 <DIR> d-------- C:\SmitfraudFix
      2008-12-05 12:19 . 2008-12-06 13:53 1,435,761 --a------ C:\SmitfraudFix.zip
      2008-12-04 20:00 . 2008-12-04 20:01 401,720 --a------ C:\HiJackThis.exe
      2008-12-01 19:41 . 2008-12-01 19:41 30,601 --a------ d:\documents and settings\sda\x.exe
      2008-12-01 18:43 . 2008-12-01 18:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
      2008-12-01 18:05 . 2008-12-01 18:05 <DIR> d-------- d:\documents and settings\sda\dsc
      2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\vw
      2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\VisualRoute
      2008-12-01 18:01 . 2008-12-01 20:07 <DIR> d-------- c:\program files\VisualRoute 2008
      2008-11-27 17:23 . 2008-11-27 17:23 29 --a------ c:\windows\system32\uwrqdspa.tmp
      2008-11-27 17:20 . 2008-11-27 17:20 188,416 --a------ c:\windows\JJACRBNV.exe
      2008-11-27 17:20 . 2008-12-06 16:16 0 --a------ c:\windows\system32\drivers\3672251a.sys
      2008-11-27 17:19 . 2008-11-27 17:19 2 --a------ C:\1815657427

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-06 17:56 --------- d-----w d:\documents and settings\sda\Application Data\Skype
      2008-12-06 17:55 --------- d-----w d:\documents and settings\sda\Application Data\skypePM
      2008-12-01 19:07 --------- d-----w c:\program files\SUPERAntiSpyware
      2008-12-01 18:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
      2008-12-01 18:03 --------- d-----w d:\documents and settings\sda\Application Data\LimeWire
      2008-12-01 11:06 --------- d-----w c:\program files\ZikiTranslator
      2008-11-28 10:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.001\Application Data\SACore
      2008-11-27 13:27 --------- d-----w c:\program files\e-bat
      2008-11-17 12:59 --------- d-----w c:\program files\McAfee
      2008-11-12 02:07 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
      2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
      2008-10-20 16:25 --------- d-----w d:\documents and settings\sda\Application Data\Ulead Systems
      2008-10-20 10:41 --------- d-----w d:\documents and settings\sda\Application Data\Sprite Software
      2008-10-20 10:40 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-10-20 10:40 --------- d-----w c:\program files\Sprite Software
      2008-10-20 10:34 --------- d-----w c:\program files\Microsoft ActiveSync
      2008-10-20 10:12 --------- d-----w c:\program files\Ressources Windows Mobile
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
      2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
      2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
      2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
      2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
      2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
      2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
      2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
      2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
      2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
      2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
      2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
      2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
      2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
      2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
      2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
      2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
      2008-10-10 18:06 --------- d-----w c:\program files\Common Files\HP
      2008-10-10 18:04 --------- d-----w c:\program files\Common Files\Symantec Shared
      2008-10-10 16:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
      2008-10-09 16:34 --------- d-----w c:\program files\HP
      2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
      2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
      2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
      2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
      2008-04-04 09:49 32 ----a-w d:\documents and settings\All Users\Application Data\ezsid.dat
      2007-10-30 08:54 100,680 ----a-w d:\documents and settings\sda\Application Data\GDIPFONTCACHEV1.DAT
      2007-08-01 14:48 9,644 ----a-w c:\program files\uninstal.log
      2007-06-07 10:46 81,920 ----a-w d:\documents and settings\sda\Application Data\ezpinst.exe
      2007-06-07 10:46 47,360 ----a-w d:\documents and settings\sda\Application Data\pcouffin.sys
      2005-09-09 17:55 7,155,864 ----a-w c:\program files\NGhost10.msi
      2005-09-09 17:55 4,588,454 ----a-w c:\program files\setup.exe
      2005-09-09 17:55 37,766,164 ----a-w c:\program files\Data1.cab
      2005-09-09 17:55 35 ----a-w c:\program files\SCSSDist.ini
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
      2008-08-05 01:13 1610264 --a------ c:\program files\myBabylon\tbmyBa.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
      "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
      "Skype"="c:\apps\skype\Phone\Skype.exe" [2008-02-01 21974824]
      "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-03-16 1186304]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
      "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
      "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
      "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
      "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
      "OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
      "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-06 98304]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
      "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
      "Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 1537648]
      "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
      "IdiomaX Office"="c:\program files\IdiomaX\Office Translator 4.0\IdxOffice.exe" [2007-01-18 397872]
      "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
      "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
      "nwiz"="nwiz.exe" [2006-04-28 c:\windows\system32\nwiz.exe]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

      d:\documents and settings\sda\Start Menu\Programs\Startup\
      OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-06-06 49254]
      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
      HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
      SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-06 6379080]
      Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
      2006-01-30 08:53 49152 c:\apps\Softex\OmniPass\OPXPGina.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.I420"= vdrcodec.dll
      "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
      "msacm.mpegacm"= mpegacm.acm
      "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
      "msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
      "VIDC.MJPG"= Pvmjpg30.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\RealVNC\\vncviewer.exe"=
      "c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
      "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
      "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
      "d:\\film a graver\\emule.exe"=
      "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
      "c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
      "c:\\WINDOWS\\system32\\java.exe"=
      "d:\\Documents and Settings\\sda\\Desktop\\SymNRT.exe"=
      "c:\\APPS\\skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
      "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
      "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

      R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-10-01 203280]
      S1 3672251a;3672251a;c:\windows\system32\drivers\3672251a.sys [2008-11-27 0]
      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-18 1527900]
      S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
      S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-03-18 544768]
      .
      Contents of the 'Scheduled Tasks' folder

      2008-11-15 c:\windows\Tasks\McDefragTask.job
      - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

      2008-11-01 c:\windows\Tasks\McQcTask.job
      - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
      .
      - - - - ORPHANS REMOVED - - - -

      WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
      HKCU-Run-msiexec.exe - msiconf.exe
      HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
      HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
      HKLM-Run-HP Update Assistant - c:\windows\system32\HPAware.exe
      HKLM-Run-c:\windows\system32\kdwzh.exe - c:\windows\system32\kdwzh.exe
      Notify-dimsntfy - (no file)



      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-06 18:54:01
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(660)
      c:\apps\Softex\OmniPass\opxpgina.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
      c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\drivers\CDAC11BA.EXE
      c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      c:\windows\system32\gearsec.exe
      c:\program files\Nero\Nero8\InCD\InCDsrv.exe
      c:\progra~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\Common Files\McAfee\MNA\McNASvc.exe
      c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
      c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
      c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      c:\program files\McAfee\MPF\MpfSrv.exe
      c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
      c:\program files\Norton Ghost\Agent\VProSvc.exe
      c:\windows\system32\nvsvc32.exe
      c:\apps\Softex\OmniPass\OmniServ.exe
      c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      c:\program files\RealVNC\WinVNC\winvnc.exe
      c:\windows\system32\searchindexer.exe
      c:\apps\Powercinema\Kernel\TV\CLSched.exe
      c:\apps\Softex\OmniPass\OPXPApp.exe
      c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
      c:\progra~1\McAfee.com\Agent\mcagent.exe
      c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe
      c:\windows\system32\rundll32.exe
      c:\progra~1\MICROS~4\rapimgr.exe
      c:\apps\skype\Plugin Manager\skypePM.exe
      c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
      c:\program files\TechSmith\SnagIt 8\TscHelp.exe
      c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
      c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
      c:\windows\system32\searchprotocolhost.exe
      c:\windows\system32\searchfilterhost.exe
      .
      **************************************************************************
      .
      Completion time: 2008-12-06 19:00:04 - machine was rebooted [sda]
      ComboFix-quarantined-files.txt 2008-12-06 17:59:53

      Pre-Run: 12.217.450.496 bytes free
      Post-Run: 12,111,077,376 bytes free

      290 --- E O F --- 2008-12-01 18:53:21
      0
  20. Utilisateur anonyme
     
    Salut vous deux,

    cdac, peux tu faire ceci stp :

    > Rend toi sur ce site : http://secubox.gateweb.fr/mad.php
    - Clic sur parcourir et dépose ce fichier :

    C:\WINDOWS\system32\kdwzh.exe

    - Poste en temps que commentaire dans Veuillez indiquer ci-dessous le message destiné à notre équipe: le texte en italique suivant (fais un copier/coller) :

    Bonjour,
    Sur la discussion suivante : http://www.commentcamarche.net/forum/affich 9748094 infostealer des informations sont susceptibles de vous intéresser (notamment S!Ri).
    J'espère qu'elles vous seront utiles dans votre lutte antimalwares.
    Merci
    DllD


    Dis le nous quand tu l'auras fait stp.

    Bon courage pour la suite.

    Merci.
    0
    1. cdac Messages postés 48 Statut Membre
       
      j'ai fait ce que tu m'as demandé. cependant je ne trouve pas ce fichier
      C:\WINDOWS\system32\kdwzh.exe
      suivant conseil de noctembule voici le dernier rapport
      ComboFix 08-12-05.06 - sda 2008-12-06 17:28:09.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1238 [GMT 1:00]
      Running from: d:\documents and settings\sda\Desktop\ComboFix.exe
      * Created a new restore point
      * Resident AV is active

      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\qtoprtuq.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_qtoprtuq
      -------\Service_qtoprtuq


      ((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
      .

      2008-12-06 10:06 . 2008-12-06 13:47 <DIR> d-------- C:\SDFix
      2008-12-05 17:57 . 2008-12-05 18:10 <DIR> d-------- c:\program files\UsbFix
      2008-12-05 15:33 . 2008-12-05 21:16 <DIR> d-------- C:\ToolBar SD
      2008-12-05 15:20 . 2008-12-05 15:20 2,404,352 --a------ C:\Norton_Removal_Tool.exe
      2008-12-05 15:16 . 2008-12-05 15:16 <DIR> d-------- c:\windows\system32\Temp
      2008-12-05 13:53 . 2008-12-05 13:54 1,226,248 --a------ C:\DMSetup.exe
      2008-12-05 13:14 . 2008-12-05 13:14 552 --a------ c:\windows\system32\d3d8caps.dat
      2008-12-05 12:52 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
      2008-12-05 12:52 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
      2008-12-05 12:52 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
      2008-12-05 12:52 . 2008-12-05 12:29 53,248 --a------ c:\windows\system32\Process.exe
      2008-12-05 12:52 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
      2008-12-05 12:52 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
      2008-12-05 12:29 . 2008-12-05 13:39 <DIR> d-------- C:\SmitfraudFix
      2008-12-05 12:19 . 2008-12-06 13:53 1,435,761 --a------ C:\SmitfraudFix.zip
      2008-12-04 20:00 . 2008-12-04 20:01 401,720 --a------ C:\HiJackThis.exe
      2008-12-01 19:41 . 2008-12-01 19:41 30,601 --a------ d:\documents and settings\sda\x.exe
      2008-12-01 18:43 . 2008-12-01 18:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
      2008-12-01 18:05 . 2008-12-01 18:05 <DIR> d-------- d:\documents and settings\sda\dsc
      2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\vw
      2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\VisualRoute
      2008-12-01 18:01 . 2008-12-01 20:07 <DIR> d-------- c:\program files\VisualRoute 2008
      2008-11-27 17:23 . 2008-11-27 17:23 29 --a------ c:\windows\system32\uwrqdspa.tmp
      2008-11-27 17:20 . 2008-11-27 17:20 188,416 --a------ c:\windows\JJACRBNV.exe
      2008-11-27 17:20 . 2008-12-06 16:16 0 --a------ c:\windows\system32\drivers\3672251a.sys
      2008-11-27 17:19 . 2008-11-27 17:19 2 --a------ C:\1815657427

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-06 17:56 --------- d-----w d:\documents and settings\sda\Application Data\Skype
      2008-12-06 17:55 --------- d-----w d:\documents and settings\sda\Application Data\skypePM
      2008-12-01 19:07 --------- d-----w c:\program files\SUPERAntiSpyware
      2008-12-01 18:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
      2008-12-01 18:03 --------- d-----w d:\documents and settings\sda\Application Data\LimeWire
      2008-12-01 11:06 --------- d-----w c:\program files\ZikiTranslator
      2008-11-28 10:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.001\Application Data\SACore
      2008-11-27 13:27 --------- d-----w c:\program files\e-bat
      2008-11-17 12:59 --------- d-----w c:\program files\McAfee
      2008-11-12 02:07 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
      2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
      2008-10-20 16:25 --------- d-----w d:\documents and settings\sda\Application Data\Ulead Systems
      2008-10-20 10:41 --------- d-----w d:\documents and settings\sda\Application Data\Sprite Software
      2008-10-20 10:40 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-10-20 10:40 --------- d-----w c:\program files\Sprite Software
      2008-10-20 10:34 --------- d-----w c:\program files\Microsoft ActiveSync
      2008-10-20 10:12 --------- d-----w c:\program files\Ressources Windows Mobile
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
      2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
      2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
      2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
      2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
      2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
      2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
      2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
      2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
      2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
      2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
      2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
      2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
      2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
      2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
      2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
      2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
      2008-10-10 18:06 --------- d-----w c:\program files\Common Files\HP
      2008-10-10 18:04 --------- d-----w c:\program files\Common Files\Symantec Shared
      2008-10-10 16:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
      2008-10-09 16:34 --------- d-----w c:\program files\HP
      2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
      2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
      2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
      2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
      2008-04-04 09:49 32 ----a-w d:\documents and settings\All Users\Application Data\ezsid.dat
      2007-10-30 08:54 100,680 ----a-w d:\documents and settings\sda\Application Data\GDIPFONTCACHEV1.DAT
      2007-08-01 14:48 9,644 ----a-w c:\program files\uninstal.log
      2007-06-07 10:46 81,920 ----a-w d:\documents and settings\sda\Application Data\ezpinst.exe
      2007-06-07 10:46 47,360 ----a-w d:\documents and settings\sda\Application Data\pcouffin.sys
      2005-09-09 17:55 7,155,864 ----a-w c:\program files\NGhost10.msi
      2005-09-09 17:55 4,588,454 ----a-w c:\program files\setup.exe
      2005-09-09 17:55 37,766,164 ----a-w c:\program files\Data1.cab
      2005-09-09 17:55 35 ----a-w c:\program files\SCSSDist.ini
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
      2008-08-05 01:13 1610264 --a------ c:\program files\myBabylon\tbmyBa.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
      "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
      "Skype"="c:\apps\skype\Phone\Skype.exe" [2008-02-01 21974824]
      "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-03-16 1186304]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
      "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
      "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
      "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
      "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
      "OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
      "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-06 98304]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
      "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
      "Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 1537648]
      "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
      "IdiomaX Office"="c:\program files\IdiomaX\Office Translator 4.0\IdxOffice.exe" [2007-01-18 397872]
      "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
      "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
      "nwiz"="nwiz.exe" [2006-04-28 c:\windows\system32\nwiz.exe]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

      d:\documents and settings\sda\Start Menu\Programs\Startup\
      OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-06-06 49254]
      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
      HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
      SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-06 6379080]
      Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
      2006-01-30 08:53 49152 c:\apps\Softex\OmniPass\OPXPGina.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.I420"= vdrcodec.dll
      "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
      "msacm.mpegacm"= mpegacm.acm
      "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
      "msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
      "VIDC.MJPG"= Pvmjpg30.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\RealVNC\\vncviewer.exe"=
      "c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
      "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
      "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
      "d:\\film a graver\\emule.exe"=
      "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
      "c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
      "c:\\WINDOWS\\system32\\java.exe"=
      "d:\\Documents and Settings\\sda\\Desktop\\SymNRT.exe"=
      "c:\\APPS\\skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
      "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
      "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

      R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-10-01 203280]
      S1 3672251a;3672251a;c:\windows\system32\drivers\3672251a.sys [2008-11-27 0]
      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-18 1527900]
      S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
      S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-03-18 544768]
      .
      Contents of the 'Scheduled Tasks' folder

      2008-11-15 c:\windows\Tasks\McDefragTask.job
      - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

      2008-11-01 c:\windows\Tasks\McQcTask.job
      - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
      .
      - - - - ORPHANS REMOVED - - - -

      WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
      HKCU-Run-msiexec.exe - msiconf.exe
      HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
      HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
      HKLM-Run-HP Update Assistant - c:\windows\system32\HPAware.exe
      HKLM-Run-c:\windows\system32\kdwzh.exe - c:\windows\system32\kdwzh.exe
      Notify-dimsntfy - (no file)



      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-06 18:54:01
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(660)
      c:\apps\Softex\OmniPass\opxpgina.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
      c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\drivers\CDAC11BA.EXE
      c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      c:\windows\system32\gearsec.exe
      c:\program files\Nero\Nero8\InCD\InCDsrv.exe
      c:\progra~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\Common Files\McAfee\MNA\McNASvc.exe
      c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
      c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
      c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      c:\program files\McAfee\MPF\MpfSrv.exe
      c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
      c:\program files\Norton Ghost\Agent\VProSvc.exe
      c:\windows\system32\nvsvc32.exe
      c:\apps\Softex\OmniPass\OmniServ.exe
      c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      c:\program files\RealVNC\WinVNC\winvnc.exe
      c:\windows\system32\searchindexer.exe
      c:\apps\Powercinema\Kernel\TV\CLSched.exe
      c:\apps\Softex\OmniPass\OPXPApp.exe
      c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
      c:\progra~1\McAfee.com\Agent\mcagent.exe
      c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe
      c:\windows\system32\rundll32.exe
      c:\progra~1\MICROS~4\rapimgr.exe
      c:\apps\skype\Plugin Manager\skypePM.exe
      c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
      c:\program files\TechSmith\SnagIt 8\TscHelp.exe
      c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
      c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
      c:\windows\system32\searchprotocolhost.exe
      c:\windows\system32\searchfilterhost.exe
      .
      **************************************************************************
      .
      Completion time: 2008-12-06 19:00:04 - machine was rebooted [sda]
      ComboFix-quarantined-files.txt 2008-12-06 17:59:53

      Pre-Run: 12.217.450.496 bytes free
      Post-Run: 12,111,077,376 bytes free

      290 --- E O F --- 2008-12-01 18:53:21
      0
    2. cdac Messages postés 48 Statut Membre
       
      j'ai fait ce que tu m'as demandé. cependant je ne trouve pas ce fichier
      C:\WINDOWS\system32\kdwzh.exe
      suivant conseil de noctembule voici le dernier rapport
      ComboFix 08-12-05.06 - sda 2008-12-06 17:28:09.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1238 [GMT 1:00]
      Running from: d:\documents and settings\sda\Desktop\ComboFix.exe
      * Created a new restore point
      * Resident AV is active

      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\qtoprtuq.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_qtoprtuq
      -------\Service_qtoprtuq


      ((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
      .

      2008-12-06 10:06 . 2008-12-06 13:47 <DIR> d-------- C:\SDFix
      2008-12-05 17:57 . 2008-12-05 18:10 <DIR> d-------- c:\program files\UsbFix
      2008-12-05 15:33 . 2008-12-05 21:16 <DIR> d-------- C:\ToolBar SD
      2008-12-05 15:20 . 2008-12-05 15:20 2,404,352 --a------ C:\Norton_Removal_Tool.exe
      2008-12-05 15:16 . 2008-12-05 15:16 <DIR> d-------- c:\windows\system32\Temp
      2008-12-05 13:53 . 2008-12-05 13:54 1,226,248 --a------ C:\DMSetup.exe
      2008-12-05 13:14 . 2008-12-05 13:14 552 --a------ c:\windows\system32\d3d8caps.dat
      2008-12-05 12:52 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
      2008-12-05 12:52 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
      2008-12-05 12:52 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
      2008-12-05 12:52 . 2008-12-05 12:29 53,248 --a------ c:\windows\system32\Process.exe
      2008-12-05 12:52 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
      2008-12-05 12:52 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
      2008-12-05 12:29 . 2008-12-05 13:39 <DIR> d-------- C:\SmitfraudFix
      2008-12-05 12:19 . 2008-12-06 13:53 1,435,761 --a------ C:\SmitfraudFix.zip
      2008-12-04 20:00 . 2008-12-04 20:01 401,720 --a------ C:\HiJackThis.exe
      2008-12-01 19:41 . 2008-12-01 19:41 30,601 --a------ d:\documents and settings\sda\x.exe
      2008-12-01 18:43 . 2008-12-01 18:43 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
      2008-12-01 18:05 . 2008-12-01 18:05 <DIR> d-------- d:\documents and settings\sda\dsc
      2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\vw
      2008-12-01 18:02 . 2008-12-01 18:02 <DIR> d-------- d:\documents and settings\sda\VisualRoute
      2008-12-01 18:01 . 2008-12-01 20:07 <DIR> d-------- c:\program files\VisualRoute 2008
      2008-11-27 17:23 . 2008-11-27 17:23 29 --a------ c:\windows\system32\uwrqdspa.tmp
      2008-11-27 17:20 . 2008-11-27 17:20 188,416 --a------ c:\windows\JJACRBNV.exe
      2008-11-27 17:20 . 2008-12-06 16:16 0 --a------ c:\windows\system32\drivers\3672251a.sys
      2008-11-27 17:19 . 2008-11-27 17:19 2 --a------ C:\1815657427

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-06 17:56 --------- d-----w d:\documents and settings\sda\Application Data\Skype
      2008-12-06 17:55 --------- d-----w d:\documents and settings\sda\Application Data\skypePM
      2008-12-01 19:07 --------- d-----w c:\program files\SUPERAntiSpyware
      2008-12-01 18:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
      2008-12-01 18:03 --------- d-----w d:\documents and settings\sda\Application Data\LimeWire
      2008-12-01 11:06 --------- d-----w c:\program files\ZikiTranslator
      2008-11-28 10:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.001\Application Data\SACore
      2008-11-27 13:27 --------- d-----w c:\program files\e-bat
      2008-11-17 12:59 --------- d-----w c:\program files\McAfee
      2008-11-12 02:07 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
      2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
      2008-10-20 16:25 --------- d-----w d:\documents and settings\sda\Application Data\Ulead Systems
      2008-10-20 10:41 --------- d-----w d:\documents and settings\sda\Application Data\Sprite Software
      2008-10-20 10:40 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-10-20 10:40 --------- d-----w c:\program files\Sprite Software
      2008-10-20 10:34 --------- d-----w c:\program files\Microsoft ActiveSync
      2008-10-20 10:12 --------- d-----w c:\program files\Ressources Windows Mobile
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
      2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
      2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
      2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
      2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
      2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
      2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
      2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
      2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
      2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
      2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
      2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
      2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
      2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
      2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
      2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
      2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
      2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
      2008-10-10 18:06 --------- d-----w c:\program files\Common Files\HP
      2008-10-10 18:04 --------- d-----w c:\program files\Common Files\Symantec Shared
      2008-10-10 16:14 --------- d-----w d:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
      2008-10-09 16:34 --------- d-----w c:\program files\HP
      2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
      2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
      2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
      2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
      2008-04-04 09:49 32 ----a-w d:\documents and settings\All Users\Application Data\ezsid.dat
      2007-10-30 08:54 100,680 ----a-w d:\documents and settings\sda\Application Data\GDIPFONTCACHEV1.DAT
      2007-08-01 14:48 9,644 ----a-w c:\program files\uninstal.log
      2007-06-07 10:46 81,920 ----a-w d:\documents and settings\sda\Application Data\ezpinst.exe
      2007-06-07 10:46 47,360 ----a-w d:\documents and settings\sda\Application Data\pcouffin.sys
      2005-09-09 17:55 7,155,864 ----a-w c:\program files\NGhost10.msi
      2005-09-09 17:55 4,588,454 ----a-w c:\program files\setup.exe
      2005-09-09 17:55 37,766,164 ----a-w c:\program files\Data1.cab
      2005-09-09 17:55 35 ----a-w c:\program files\SCSSDist.ini
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
      2008-08-05 01:13 1610264 --a------ c:\program files\myBabylon\tbmyBa.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

      [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
      "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
      "Skype"="c:\apps\skype\Phone\Skype.exe" [2008-02-01 21974824]
      "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-03-16 1186304]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
      "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
      "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
      "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
      "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
      "OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
      "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-06 98304]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
      "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
      "Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 1537648]
      "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
      "IdiomaX Office"="c:\program files\IdiomaX\Office Translator 4.0\IdxOffice.exe" [2007-01-18 397872]
      "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
      "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
      "nwiz"="nwiz.exe" [2006-04-28 c:\windows\system32\nwiz.exe]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

      d:\documents and settings\sda\Start Menu\Programs\Startup\
      OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-06-06 49254]
      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
      HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
      SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-06 6379080]
      Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
      2006-01-30 08:53 49152 c:\apps\Softex\OmniPass\OPXPGina.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.I420"= vdrcodec.dll
      "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
      "msacm.mpegacm"= mpegacm.acm
      "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
      "msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
      "VIDC.MJPG"= Pvmjpg30.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
      "c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\RealVNC\\vncviewer.exe"=
      "c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
      "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
      "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
      "d:\\film a graver\\emule.exe"=
      "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
      "c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
      "c:\\WINDOWS\\system32\\java.exe"=
      "d:\\Documents and Settings\\sda\\Desktop\\SymNRT.exe"=
      "c:\\APPS\\skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
      "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
      "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
      "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

      R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-10-01 203280]
      S1 3672251a;3672251a;c:\windows\system32\drivers\3672251a.sys [2008-11-27 0]
      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-18 1527900]
      S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
      S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-03-18 544768]
      .
      Contents of the 'Scheduled Tasks' folder

      2008-11-15 c:\windows\Tasks\McDefragTask.job
      - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

      2008-11-01 c:\windows\Tasks\McQcTask.job
      - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
      .
      - - - - ORPHANS REMOVED - - - -

      WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
      HKCU-Run-msiexec.exe - msiconf.exe
      HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
      HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
      HKLM-Run-HP Update Assistant - c:\windows\system32\HPAware.exe
      HKLM-Run-c:\windows\system32\kdwzh.exe - c:\windows\system32\kdwzh.exe
      Notify-dimsntfy - (no file)



      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-06 18:54:01
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(660)
      c:\apps\Softex\OmniPass\opxpgina.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
      c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\drivers\CDAC11BA.EXE
      c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      c:\windows\system32\gearsec.exe
      c:\program files\Nero\Nero8\InCD\InCDsrv.exe
      c:\progra~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\Common Files\McAfee\MNA\McNASvc.exe
      c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
      c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
      c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      c:\program files\McAfee\MPF\MpfSrv.exe
      c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
      c:\program files\Norton Ghost\Agent\VProSvc.exe
      c:\windows\system32\nvsvc32.exe
      c:\apps\Softex\OmniPass\OmniServ.exe
      c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      c:\program files\RealVNC\WinVNC\winvnc.exe
      c:\windows\system32\searchindexer.exe
      c:\apps\Powercinema\Kernel\TV\CLSched.exe
      c:\apps\Softex\OmniPass\OPXPApp.exe
      c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
      c:\progra~1\McAfee.com\Agent\mcagent.exe
      c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe
      c:\windows\system32\rundll32.exe
      c:\progra~1\MICROS~4\rapimgr.exe
      c:\apps\skype\Plugin Manager\skypePM.exe
      c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
      c:\program files\TechSmith\SnagIt 8\TscHelp.exe
      c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
      c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
      c:\windows\system32\searchprotocolhost.exe
      c:\windows\system32\searchfilterhost.exe
      .
      **************************************************************************
      .
      Completion time: 2008-12-06 19:00:04 - machine was rebooted [sda]
      ComboFix-quarantined-files.txt 2008-12-06 17:59:53

      Pre-Run: 12.217.450.496 bytes free
      Post-Run: 12,111,077,376 bytes free

      290 --- E O F --- 2008-12-01 18:53:21
      0
    3. cdac
       
      crois pas que noctambule est branché...
      Peux tu m'aider en retournant en arrière et voir ce qui cloche.
      J'ai redemearer mon pc pour conclure l'effacement d'un prog malware et mainteant mon pc ne revient pas sur le bureau. je sais faire F5 ou F8, mais là je ne sais quoi choisir.
      0
  21. Utilisateur anonyme
     
    Re,

    j'ai fait ce que tu m'as demandé. cependant je ne trouve pas ce fichier ,

    C'est parce qu'il ne reste que la clé alors.

    Suis les conseils de noctambule stp.

    Bon chasse :)
    0
  • 1
  • 2