Pour analyse log Hijackthis svp

salut,


voila mon souci : la connexion internet est active comme si j'étais en téléchargement alors que ce n'est pas le cas.
je joint l'analyse hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 15:23:24, on 7/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mxs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\themeGold55\CursorXP\CursorXP.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Yunus\ANIME NEW\Liens rapides\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Logon] C:\WINDOWS\System32\winlogin.exe
O4 - HKLM\..\Run: [rundll] C:\Program Files\Common Files\rundll.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [Windows Logon] C:\WINDOWS\System32\winlogin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)





merci pour votre aide

j'ai fait comme tu m'as dit chercheurpca, cependant le probleme ne semble pas etre résolu :


rapport sdfix :


Stage One Complete

Rebooting!

Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
--------------------------

C:\WINDOWS\system32\install.exe

Backing Up and Removing any Files Found...

Final Check:

Remaining Services:
------------------

Remaining Files:
--------------



*Any removed Files are saved in the SDFix\backups Folder*

*FINISHED*






rapport hijackthis :



Logfile of HijackThis v1.99.1
Scan saved at 16:39:52, on 7/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mxs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\themeGold55\CursorXP\CursorXP.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
D:\Yunus\ANIME NEW\Liens rapides\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [rundll] C:\Program Files\Common Files\rundll.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

voici le rapport diaghelp :

chercher v1.0.1 par Malekal_morte
http://www.malekal.com


C:\WINDOWS\System32\mxs.exe -->6/10/2006 23:24:50
C:\WINDOWS\System32\divx_xx11.dll -->2/10/2006 21:04:40
C:\WINDOWS\System32\divx_xx0c.dll -->2/10/2006 21:04:40
C:\WINDOWS\System32\divx_xx07.dll -->2/10/2006 21:04:40
C:\WINDOWS\System32\DivX.dll -->2/10/2006 21:04:39
C:\WINDOWS\System32\nscompat.tlb -->28/09/2006 18:39:53
C:\WINDOWS\System32\amcompat.tlb -->28/09/2006 18:39:53
C:\WINDOWS\System32\RICHTX.DEP -->28/09/2006 12:11:44
C:\WINDOWS\System32\swing.mskn -->26/09/2006 16:41:52
C:\WINDOWS\System32\24-FR.scr -->26/09/2006 16:41:51
C:\WINDOWS\System32\SpoonUninstall.exe -->26/09/2006 15:12:42
C:\WINDOWS\System32\Uninstall.ico -->23/09/2006 18:37:37
C:\WINDOWS\System32\pavas.ico -->23/09/2006 18:37:37
C:\WINDOWS\System32\Help.ico -->23/09/2006 18:37:37
C:\WINDOWS\System32\peer.ini -->16/09/2006 15:42:47
C:\WINDOWS\System32\wpa.dbl -->4/09/2006 10:27:11
C:\WINDOWS\System32\QuickTime.qtp -->2/09/2006 19:07:47
C:\WINDOWS\System32\QuickTimeVR.qtx -->1/09/2006 16:14:54
C:\WINDOWS\System32\QuickTime.qts -->1/09/2006 16:14:48
C:\WINDOWS\System32\Booter.ocx -->23/08/2006 18:43:28
C:\WINDOWS\System32\CmdLineExt03.dll -->17/08/2006 16:54:38
C:\WINDOWS\System32\asfiles.txt -->13/08/2006 14:10:16
C:\WINDOWS\System32\56.tmp -->13/08/2006 5:14:54
C:\WINDOWS\System32\55.tmp -->13/08/2006 4:32:23
C:\WINDOWS\System32\30.tmp -->13/08/2006 1:36:54

C:\WINDOWS\wiaservc.log -->7/10/2006 16:36:27
C:\WINDOWS\0.log -->7/10/2006 16:36:27
C:\WINDOWS\wiadebug.log -->7/10/2006 16:36:24
C:\WINDOWS\bootstat.dat -->7/10/2006 16:36:10
C:\WINDOWS\ntbtlog.txt -->7/10/2006 16:32:08
C:\WINDOWS\wmsetup.log -->6/10/2006 0:04:42
C:\WINDOWS\NeroDigital.ini -->5/10/2006 23:19:49
C:\WINDOWS\QTFont.qfn -->2/10/2006 18:15:37
C:\WINDOWS\QTFont.for -->2/10/2006 18:15:37
C:\WINDOWS\psnetwork.ini -->1/10/2006 15:57:13
C:\WINDOWS\wmsetup10.log -->28/09/2006 18:40:27
C:\WINDOWS\setupapi.log -->28/09/2006 18:40:08
C:\WINDOWS\WMSysPr9.prx -->28/09/2006 18:39:27
C:\WINDOWS\Setup1.exe -->28/09/2006 13:19:19
C:\WINDOWS\ST6UNST.EXE -->28/09/2006 13:19:18

C:\WINDOWS\UninstallFirefox.exe |13/08/2006 18:50:45
C:\WINDOWS\~tmp1133.exe |27/09/2006 19:25:52
C:\WINDOWS\~tmp1285.exe |27/09/2006 21:00:58
C:\WINDOWS\~tmp1348.exe |26/09/2006 22:41:14
C:\WINDOWS\~tmp1935.exe |26/09/2006 18:15:42
C:\WINDOWS\~tmp199.exe |27/09/2006 22:36:22
C:\WINDOWS\~tmp2845.exe |27/09/2006 20:51:56
C:\WINDOWS\~tmp2989.exe |26/09/2006 22:41:56
C:\WINDOWS\~tmp374.exe |27/09/2006 19:22:43
C:\WINDOWS\~tmp4512.exe |27/09/2006 15:54:36
C:\WINDOWS\~tmp5125.exe |27/09/2006 23:01:50
C:\WINDOWS\~tmp5523.exe |26/09/2006 18:18:58
C:\WINDOWS\~tmp6141.exe |27/09/2006 22:07:10
C:\WINDOWS\~tmp6710.exe |27/09/2006 19:15:23
C:\WINDOWS\~tmp7243.exe |27/09/2006 22:00:45
C:\WINDOWS\~tmp7784.exe |27/09/2006 15:56:36
C:\WINDOWS\~tmp9423.exe |26/09/2006 18:12:05
C:\WINDOWS\system32\append.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\ati2evxx.exe |12/09/2003 16:33:38
C:\WINDOWS\system32\ati2sgag.exe |06/07/2006 11:47:03
C:\WINDOWS\system32\debug.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\DivXsm.exe |12/07/2006 01:40:17
C:\WINDOWS\system32\dosx.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34
C:\WINDOWS\system32\edlin.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\exe2bin.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\fastopen.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\mem.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\nw16.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\redir.exe |28/08/2002 23:24:18
C:\WINDOWS\system32\setver.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\share.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\SpoonUninstall.exe |26/09/2006 15:05:29
C:\WINDOWS\system32\vwipxspx.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\amstream.dll |06/07/2006 11:47:39
C:\WINDOWS\system32\ati2evxx.dll |12/09/2003 16:35:06
C:\WINDOWS\system32\CmdLineExt03.dll |17/08/2006 16:54:38
C:\WINDOWS\system32\compatUI.dll |29/08/2002 13:44:50
C:\WINDOWS\system32\cpuinf32.dll |17/09/2001 13:20:02
C:\WINDOWS\system32\DivXWMPExtType.dll |12/07/2006 00:33:49
C:\WINDOWS\system32\hdlayer.dll |06/07/2006 11:19:27
C:\WINDOWS\system32\ir32_32.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\mciqtz32.dll |06/07/2006 11:47:39
C:\WINDOWS\system32\msdmo.dll |06/07/2006 11:47:40
C:\WINDOWS\system32\msencode.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\MycAce551vc71.dll |12/06/2006 09:49:54
C:\WINDOWS\system32\ogg.dll |16/09/2003 17:41:44
C:\WINDOWS\system32\OpenQuicktimeLib.dll |18/11/2003 13:50:24
C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16
C:\WINDOWS\system32\pcast.dll |12/09/2006 13:22:20
C:\WINDOWS\system32\psisdecd.dll |06/07/2006 11:47:42
C:\WINDOWS\system32\qedwipes.dll |06/07/2006 11:47:41
C:\WINDOWS\system32\qt-dx331.dll |27/07/2006 19:28:42
C:\WINDOWS\system32\sbe.dll |29/08/2002 13:44:56
C:\WINDOWS\system32\scriptpw.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\tsd32.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\unrar.dll |16/10/2002 00:54:04
C:\WINDOWS\system32\vorbis.dll |16/09/2003 17:52:30
C:\WINDOWS\system32\win87em.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\xprouting.dll |06/07/2006 11:19:27
C:\WINDOWS\system32\xvid.dll |14/05/2003 16:54:02
C:\WINDOWS\system32\ZPORT4AS.dll |23/09/2006 14:52:25
C:\WINDOWS\UninstallFirefox.exe |13/08/2006 18:50:45
C:\WINDOWS\~tmp1133.exe |27/09/2006 19:25:52
C:\WINDOWS\~tmp1285.exe |27/09/2006 21:00:58
C:\WINDOWS\~tmp1348.exe |26/09/2006 22:41:14
C:\WINDOWS\~tmp1935.exe |26/09/2006 18:15:42
C:\WINDOWS\~tmp199.exe |27/09/2006 22:36:22
C:\WINDOWS\~tmp2845.exe |27/09/2006 20:51:56
C:\WINDOWS\~tmp2989.exe |26/09/2006 22:41:56
C:\WINDOWS\~tmp374.exe |27/09/2006 19:22:43
C:\WINDOWS\~tmp4512.exe |27/09/2006 15:54:36
C:\WINDOWS\~tmp5125.exe |27/09/2006 23:01:50
C:\WINDOWS\~tmp5523.exe |26/09/2006 18:18:58
C:\WINDOWS\~tmp6141.exe |27/09/2006 22:07:10
C:\WINDOWS\~tmp6710.exe |27/09/2006 19:15:23
C:\WINDOWS\~tmp7243.exe |27/09/2006 22:00:45
C:\WINDOWS\~tmp7784.exe |27/09/2006 15:56:36
C:\WINDOWS\~tmp9423.exe |26/09/2006 18:12:05
C:\WINDOWS\system32\append.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\ati2evxx.exe |12/09/2003 16:33:38
C:\WINDOWS\system32\debug.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\DivXsm.exe |12/07/2006 01:40:17
C:\WINDOWS\system32\dosx.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\edlin.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\exe2bin.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\fastopen.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\mem.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\nw16.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\redir.exe |28/08/2002 23:24:18
C:\WINDOWS\system32\setver.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\share.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\SpoonUninstall.exe |26/09/2006 15:05:29
C:\WINDOWS\system32\vwipxspx.exe |28/08/2001 16:00:00
C:\WINDOWS\system32\amstream.dll |06/07/2006 11:47:39
C:\WINDOWS\system32\ati2evxx.dll |12/09/2003 16:35:06
C:\WINDOWS\system32\CmdLineExt03.dll |17/08/2006 16:54:38
C:\WINDOWS\system32\cpuinf32.dll |17/09/2001 13:20:02
C:\WINDOWS\system32\DivXWMPExtType.dll |12/07/2006 00:33:49
C:\WINDOWS\system32\hdlayer.dll |06/07/2006 11:19:27
C:\WINDOWS\system32\ir32_32.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\mciqtz32.dll |06/07/2006 11:47:39
C:\WINDOWS\system32\msdmo.dll |06/07/2006 11:47:40
C:\WINDOWS\system32\msencode.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\ogg.dll |16/09/2003 17:41:44
C:\WINDOWS\system32\OpenQuicktimeLib.dll |18/11/2003 13:50:24
C:\WINDOWS\system32\pcast.dll |12/09/2006 13:22:20
C:\WINDOWS\system32\psisdecd.dll |06/07/2006 11:47:42
C:\WINDOWS\system32\qedwipes.dll |06/07/2006 11:47:41
C:\WINDOWS\system32\qt-dx331.dll |27/07/2006 19:28:42
C:\WINDOWS\system32\sbe.dll |29/08/2002 13:44:56
C:\WINDOWS\system32\tsd32.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\unrar.dll |16/10/2002 00:54:04
C:\WINDOWS\system32\vorbis.dll |16/09/2003 17:52:30
C:\WINDOWS\system32\win87em.dll |28/08/2001 16:00:00
C:\WINDOWS\system32\xprouting.dll |06/07/2006 11:19:27
C:\WINDOWS\system32\xvid.dll |14/05/2003 16:54:02
C:\WINDOWS\system32\ZPORT4AS.dll |23/09/2006 14:52:25

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est DCBF-0AA7

Répertoire de C:\WINDOWS\system32

28/08/2001 16:00 4.096 csrss.exe
1 fichier(s) 4.096 octets
0 Rép(s) 17.113.473.024 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est DCBF-0AA7

Répertoire de C:\WINDOWS\Downloaded Program Files

28/09/2006 13:58 <REP> .
28/09/2006 13:58 <REP> ..
24/08/2006 08:28 141.424 asinst.dll
22/08/2006 09:06 537 asinst.inf
06/07/2006 11:14 65 desktop.ini
12/09/2006 13:33 291.144 KooPlayer.ocx
20/01/2000 15:25 1.162 Microsoft XML Parser for Java.osd
22/06/2006 11:41 5.032 swflash.inf
6 fichier(s) 439.364 octets

Total des fichiers listés :
6 fichier(s) 439.364 octets
2 Rép(s) 17.113.473.024 octets libres


Recherche de rootkit (merci S!Ri !)



Liste des programmes installes

Ad-aware 6 Personal
Adaptateur USB Réseau Olitec
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1 - Français
Archiveur WinRAR
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
ATI HydraVision
AutoUpdate
BitTornado 0.3.15
Correctif pour le Lecteur Windows Media [Voir wm828026 pour plus d'informations]
Correctif Windows XP - KB810217
Correctif Windows XP - KB823182
Correctif Windows XP - KB824105
Correctif Windows XP - KB824141
Correctif Windows XP - KB825119
Correctif Windows XP - KB826942
Correctif Windows XP - KB828035
CursorXP
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ewido anti-spyware 4.0
FlashGet(JetCar)
Google Earth
Haali Media Splitter
HijackThis 1.99.1
Internet Explorer Q824145
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 2.20 Full
Kaspersky Anti-Virus Personal Pro
Lecteur Windows Media 10
LiveUpdate
LiveUpdate
Marvell Miniport Driver
Matroska Pack (remove only)
Microsoft Office XP Professional avec FrontPage
Microsoft Office XP Web Components
Mozilla Firefox (1.0.7)
Nero 6 Ultra Edition
NVIDIA nForce Drivers
Outlook Express Update Q330994
Pack réseau avancé pour Windows XP
Panda ActiveScan
PowerISO
PPLive 1.1.0.7
ppStream 1.0.0.127
Pro Evolution Soccer 4
Pro Evolution Soccer 4
QuickTime
QuickTime Alternative 1.11
Real Alternative
RealPlayer
Sandlot Games Client Services 1.2.2
Shockwave
SopCast 0.9.9
Spybot - Search & Destroy 1.2
Superbox Pro and Superbox
Synacast Plug-in 1.1.0.7
Time Adjuster STANDARD 3.0
TVAnts 1.0
TVUPlayer 2.2.0
VideoLAN VLC media player 0.8.5
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime




Liste des dossiers de C:\Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est DCBF-0AA7

Répertoire de C:\Program Files

01/10/2006 16:07 <REP> .
01/10/2006 16:07 <REP> ..
26/09/2006 16:41 <REP> 24-FR
28/09/2006 13:47 <REP> Acoustica Audio Converter Pro
06/07/2006 11:31 <REP> Adobe
19/12/2003 12:54 <REP> Ahead
06/07/2006 11:47 <REP> ATI Technologies
02/09/2006 20:21 <REP> Badongo
09/07/2006 10:00 <REP> BitTornado
28/09/2006 14:02 <REP> BonkEnc
07/10/2006 18:54 <REP> Common Files
06/07/2006 11:13 <REP> ComPlus Applications
06/07/2006 11:52 <REP> Conexant
26/09/2006 18:14 <REP> Coolstreaming
05/10/2006 15:27 <REP> DivX
23/07/2006 13:22 <REP> ewido anti-malware
07/10/2006 17:10 <REP> ewido anti-spyware 4.0
28/09/2006 12:42 <REP> Fichiers communs
07/10/2006 16:29 <REP> FlashGet
28/09/2006 13:59 <REP> Free Audio Pack
03/09/2006 09:45 <REP> Gabest
12/09/2006 02:04 <REP> GAOV
25/09/2006 12:43 <REP> Google
28/09/2006 12:29 <REP> GXTranscoder.net
28/09/2006 13:28 <REP> ImTOO
23/09/2006 18:54 <REP> Internet Explorer
30/07/2006 21:49 <REP> Java
06/07/2006 11:32 <REP> K-Lite Codec Pack
06/07/2006 11:54 <REP> Kaspersky Lab
06/07/2006 15:40 <REP> KONAMI
28/09/2006 13:12 <REP> Konvertor
06/07/2006 11:31 <REP> Lavasoft
23/09/2006 18:55 <REP> LiveUpdate
06/07/2006 11:44 <REP> Marvell
13/08/2006 15:22 <REP> Matroska Pack
20/08/2006 20:43 <REP> MaxSplitter
06/07/2006 11:32 <REP> Media Player Classic
06/07/2006 11:15 <REP> microsoft frontpage
08/07/2006 13:52 <REP> Microsoft Office
06/07/2006 11:15 <REP> movie maker
13/08/2006 18:50 <REP> Mozilla Firefox
28/09/2006 12:13 <REP> MP3 WAV Converter
23/09/2006 18:57 <REP> mplayer
02/10/2006 11:05 <REP> MSN Games
06/07/2006 11:15 <REP> msn gaming zone
23/09/2006 18:58 <REP> MSN Messenger
28/09/2006 13:58 <REP> Musicmatch
28/09/2006 13:59 <REP> NCH Swift Sound
06/07/2006 11:14 <REP> NetMeeting
13/08/2006 18:49 <REP> Opera
06/07/2006 11:26 <REP> Outlook Express
12/09/2006 13:22 <REP> pcast
23/09/2006 18:58 <REP> PowerISO
27/09/2006 22:54 <REP> PPLive TV
26/09/2006 18:24 <REP> ppStream
27/09/2006 11:38 <REP> QuickTime
15/07/2006 14:15 <REP> Real
06/07/2006 11:32 <REP> Real Alternative
15/08/2006 12:06 <REP> RegCleaner
26/09/2006 15:27 <REP> RM to MP3 Converter
06/07/2006 11:14 <REP> Services en ligne
26/09/2006 18:39 <REP> SopCast
13/08/2006 15:52 <REP> Spybot - Search & Destroy
08/08/2006 01:52 <REP> TimeAdjuster
26/09/2006 17:55 <REP> tvants
01/10/2006 16:07 <REP> TVUPlayer
02/09/2006 18:52 <REP> URUSoft
08/07/2006 17:45 <REP> VideoLAN
06/07/2006 15:38 <REP> VID_0E8F&PID_1013
28/09/2006 18:40 <REP> windows media player
06/07/2006 11:13 <REP> Windows NT
23/09/2006 18:59 <REP> WinRAR
06/07/2006 11:15 <REP> xerox
0 fichier(s) 0 octets
73 Rép(s) 17.113.206.784 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est DCBF-0AA7

Répertoire de C:\Program Files\fichiers communs

28/09/2006 12:42 <REP> .
28/09/2006 12:42 <REP> ..
07/07/2006 22:40 <REP> Adobe
06/07/2006 11:30 <REP> Ahead
08/07/2006 13:53 <REP> Designer
06/07/2006 15:37 <REP> InstallShield
30/07/2006 21:47 <REP> Java
29/07/2006 17:47 <REP> Microsoft Shared
06/07/2006 11:13 <REP> MSSoap
06/07/2006 11:15 <REP> ODBC
15/07/2006 14:16 <REP> Real
23/09/2006 09:50 <REP> Sandlot Shared
06/07/2006 11:14 <REP> Services
06/07/2006 11:15 <REP> speechengines
12/09/2006 01:35 <REP> Synacast
08/07/2006 13:52 <REP> System
15/07/2006 14:16 <REP> xing shared
0 fichier(s) 0 octets
17 Rép(s) 17.113.206.784 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est DCBF-0AA7

Répertoire de C:\Program Files\common files

07/10/2006 23:19 <REP> .
07/10/2006 23:19 <REP> ..
06/07/2006 11:26 <REP> System
0 fichier(s) 0 octets
3 Rép(s) 17.113.202.688 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\Patches\patch_ppro_5.0.383_384_to_5.0.385.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\Patches\patch_ppro_5.0.388_390_to_5.0.391.exe
c:\Documents and Settings\ozler\Application Data\ppstream\update.exe
c:\Documents and Settings\ozler\Bureau\pes4online.exe
c:\Documents and Settings\ozler\Bureau\Xtremsplit.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\FilesInfoCmd.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\Fport.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\grep.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\LFiles.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\LISTDLLS.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\pslist.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\streams.exe
c:\Documents and Settings\ozler\Bureau\DiagHelp\diaghelp\swreg.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\Process.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\RegDACL.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\RestartIt!.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\swreg.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\swsc.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\zip.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\Replace\W2K.exe
c:\Documents and Settings\ozler\Bureau\SDFix\SDFix\apps\Replace\XP.exe
c:\Documents and Settings\ozler\Local Settings\Temp\aax14.tmp.exe
c:\Documents and Settings\ozler\Local Settings\Temp\boba2-updt-2.0.0.23.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl103421.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl105562.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl11088406.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl11100484.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl11159312.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl11174796.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl11710531.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl14750953.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl14767234.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl14820281.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl14836171.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl15377140.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl161093.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl161109.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl162156.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl164375.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl18411765.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl18428531.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl18480437.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl18497812.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl19042437.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl22073234.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl22090359.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl22140484.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl22166437.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl222578.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl225453.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl25733546.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl25827343.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl29395171.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl29487359.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl33147375.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl35609.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3764890.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3766890.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3822156.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3822171.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3823359.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3828937.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3883468.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl3888484.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl4376734.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl715046.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl7428046.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl7439937.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl7484359.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl7484500.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl7485875.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl7507343.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl7545250.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl8039406.exe
c:\Documents and Settings\ozler\Local Settings\Temp\dl95343.exe
c:\Documents and Settings\ozler\Local Settings\Temp\Install_Messenger.exe
c:\Documents and Settings\ozler\Local Settings\Temp\uninst.exe
c:\Documents and Settings\ozler\Local Settings\Temp\Div7F.tmp\DivXInstaller.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\ffmpeg.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\jbig2dec.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\Kawd.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\Kenum.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\Kftp.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\Konvertor.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\Krip.exe
c:\Documents and Settings\ozler\Local Settings\Temp\konvertor\uninst.exe
c:\Documents and Settings\ozler\Local Settings\Temp\Leadtek\Setup.exe
c:\Documents and Settings\ozler\Local Settings\Temp\Leadtek\WinXP_2K\nvudisp.exe
c:\Documents and Settings\ozler\Local Settings\Temp\Leadtek\WinXP_2K\setup.exe
c:\Documents and Settings\ozler\Local Settings\Temp\WMDM\setup.exe
c:\Documents and Settings\ozler\Local Settings\Temporary Internet Files\Content.IE5\7JP7B9CW\wpsetup[1].exe
c:\Documents and Settings\ozler\Local Settings\Temporary Internet Files\Content.IE5\SJJZM4D1\rpsetup[1].exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\avcmhk4.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\ozler\Application Data\ppstream\1.0.0.1386\psnetwork.dll
c:\Documents and Settings\ozler\Application Data\ppstream\1.0.0.1398\psnetwork.dll

Voici le rapport combofix :

ozler - 06-10-08 12:54:52,64 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\ozler\Bureau"

((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))


2006-10-06 23:24 164,864 --a------ C:\WINDOWS\system32\mxs.exe
2006-10-02 21:04 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 21:04 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 21:04 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 21:04 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-28 13:19 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-28 13:19 253,952 --a------ C:\WINDOWS\Setup1.exe
2006-09-28 13:15 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2006-09-28 13:13 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-09-28 13:13 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2006-09-28 12:49 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2006-09-28 12:23 159,744 --a------ C:\WINDOWS\system32\la-core.dll
2006-09-28 12:06 1,269,760 --a------ C:\WINDOWS\system32\ASTAudioFile.dll
2006-09-28 12:06 1,200,128 --a------ C:\WINDOWS\system32\ASTAudioInformation.dll
2006-09-27 23:01 163,061 --a------ C:\WINDOWS\~tmp5125.exe
2006-09-27 22:36 163,061 --a------ C:\WINDOWS\~tmp199.exe
2006-09-27 22:07 163,061 --a------ C:\WINDOWS\~tmp6141.exe
2006-09-27 22:00 163,061 --a------ C:\WINDOWS\~tmp7243.exe
2006-09-27 21:00 163,061 --a------ C:\WINDOWS\~tmp1285.exe
2006-09-27 20:51 163,061 --a------ C:\WINDOWS\~tmp2845.exe
2006-09-27 19:25 163,061 --a------ C:\WINDOWS\~tmp1133.exe
2006-09-27 19:22 163,061 --a------ C:\WINDOWS\~tmp374.exe
2006-09-27 19:15 163,061 --a------ C:\WINDOWS\~tmp6710.exe
2006-09-27 15:56 163,061 --a------ C:\WINDOWS\~tmp7784.exe
2006-09-27 15:54 163,061 --a------ C:\WINDOWS\~tmp4512.exe
2006-09-27 13:36 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2006-09-27 13:36 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2006-09-27 13:36 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2006-09-27 13:36 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2006-09-27 13:36 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2006-09-27 13:36 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2006-09-27 11:26 303,616 --a------ C:\WINDOWS\IsUninst.exe
2006-09-26 22:41 163,061 --a------ C:\WINDOWS\~tmp2989.exe
2006-09-26 22:41 163,061 --a------ C:\WINDOWS\~tmp1348.exe
2006-09-26 18:18 163,061 --a------ C:\WINDOWS\~tmp5523.exe
2006-09-26 18:15 163,061 --a------ C:\WINDOWS\~tmp1935.exe
2006-09-26 18:12 163,061 --a------ C:\WINDOWS\~tmp9423.exe
2006-09-26 16:41 494,248 --a------ C:\WINDOWS\system32\24-FR.scr
2006-09-26 15:05 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-09-16 18:08 44,032 -ra------ C:\WINDOWS\system32\msxml3r.dll
2006-09-12 13:23 274,432 --a------ C:\WINDOWS\system32\PodcastBarWeb.dll
2006-09-12 13:22 565,248 --a------ C:\WINDOWS\system32\pcast.dll
2006-09-11 21:26 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-09-11 21:26 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-09-11 21:26 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-09-11 21:26 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-09-11 21:26 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-09-11 21:26 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-09 13:15 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2006-09-09 13:15 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-09 13:15 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-09-09 13:15 32,123 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys
2006-09-09 13:15 24,382 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-07 23:19 -------- d-------- C:\Program Files\Common Files
2006-10-07 17:10 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-07 16:29 -------- d-------- C:\Program Files\FlashGet
2006-10-05 15:27 -------- d-------- C:\Program Files\DivX
2006-10-02 11:05 -------- d-------- C:\Program Files\MSN Games
2006-10-01 16:07 -------- d-------- C:\Program Files\TVUPlayer
2006-10-01 15:57 -------- d-------- C:\Documents and Settings\ozler\Application Data\ppstream
2006-09-28 18:40 -------- d-------- C:\Program Files\windows media player
2006-09-28 14:02 -------- d-------- C:\Program Files\BonkEnc
2006-09-28 13:59 -------- d-------- C:\Program Files\NCH Swift Sound
2006-09-28 13:59 -------- d-------- C:\Program Files\Free Audio Pack
2006-09-28 13:58 -------- d-------- C:\Program Files\Musicmatch
2006-09-28 13:47 -------- d-------- C:\Program Files\Acoustica Audio Converter Pro
2006-09-28 13:28 -------- d-------- C:\Program Files\ImTOO
2006-09-28 13:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-28 13:13 -------- d-------- C:\Documents and Settings\ozler\Application Data\Musicmatch
2006-09-28 13:12 -------- d-------- C:\Program Files\Konvertor
2006-09-28 12:47 -------- d-------- C:\Documents and Settings\ozler\Application Data\COWON
2006-09-28 12:42 -------- d-------- C:\Program Files\Fichiers communs
2006-09-28 12:29 -------- d-------- C:\Program Files\GXTranscoder.net
2006-09-28 12:13 -------- d-------- C:\Program Files\MP3 WAV Converter
2006-09-28 11:59 -------- d-------- C:\Documents and Settings\ozler\Application Data\NCH Swift Sound
2006-09-28 11:52 -------- d-------- C:\Documents and Settings\ozler\Application Data\RecordPad
2006-09-27 23:01 163061 --a------ C:\WINDOWS\~tmp5125.exe
2006-09-27 22:54 -------- d-------- C:\Program Files\PPLive TV
2006-09-27 22:36 163061 --a------ C:\WINDOWS\~tmp199.exe
2006-09-27 22:07 163061 --a------ C:\WINDOWS\~tmp6141.exe
2006-09-27 22:00 163061 --a------ C:\WINDOWS\~tmp7243.exe
2006-09-27 21:00 163061 --a------ C:\WINDOWS\~tmp1285.exe
2006-09-27 20:51 163061 --a------ C:\WINDOWS\~tmp2845.exe
2006-09-27 19:25 163061 --a------ C:\WINDOWS\~tmp1133.exe
2006-09-27 19:22 163061 --a------ C:\WINDOWS\~tmp374.exe
2006-09-27 19:15 163061 --a------ C:\WINDOWS\~tmp6710.exe
2006-09-27 15:56 163061 --a------ C:\WINDOWS\~tmp7784.exe
2006-09-27 15:54 163061 --a------ C:\WINDOWS\~tmp4512.exe
2006-09-27 11:39 -------- d-------- C:\Documents and Settings\ozler\Application Data\Apple Computer
2006-09-27 11:38 -------- d-------- C:\Program Files\QuickTime
2006-09-26 22:41 163061 --a------ C:\WINDOWS\~tmp2989.exe
2006-09-26 22:41 163061 --a------ C:\WINDOWS\~tmp1348.exe
2006-09-26 18:40 -------- d-------- C:\Documents and Settings\ozler\Application Data\SopCast
2006-09-26 18:39 -------- d-------- C:\Program Files\SopCast
2006-09-26 18:24 -------- d-------- C:\Program Files\ppStream
2006-09-26 18:18 163061 --a------ C:\WINDOWS\~tmp5523.exe
2006-09-26 18:15 163061 --a------ C:\WINDOWS\~tmp1935.exe
2006-09-26 18:14 -------- d-------- C:\Program Files\Coolstreaming
2006-09-26 18:12 163061 --a------ C:\WINDOWS\~tmp9423.exe
2006-09-26 17:55 -------- d-------- C:\Program Files\tvants
2006-09-26 16:41 -------- d-------- C:\Program Files\24-FR
2006-09-26 15:27 -------- d-------- C:\Program Files\RM to MP3 Converter
2006-09-25 12:43 -------- d-------- C:\Program Files\Google
2006-09-25 12:43 -------- d-------- C:\Documents and Settings\ozler\Application Data\Google
2006-09-23 18:59 -------- d-------- C:\Program Files\WinRAR
2006-09-23 18:58 -------- d-------- C:\Program Files\PowerISO
2006-09-23 18:58 -------- d-------- C:\Program Files\MSN Messenger
2006-09-23 18:57 -------- d-------- C:\Program Files\mplayer
2006-09-23 18:55 -------- d-------- C:\Program Files\LiveUpdate
2006-09-23 18:54 -------- d-------- C:\Program Files\Internet Explorer
2006-09-23 09:50 -------- d-------- C:\Program Files\Fichiers communs\Sandlot Shared
2006-09-16 12:04 -------- d-------- C:\Documents and Settings\ozler\Application Data\EA
2006-09-12 13:23 -------- d-------- C:\Documents and Settings\ozler\Application Data\Podcast
2006-09-12 13:22 -------- d-------- C:\Program Files\pcast
2006-09-12 02:04 -------- d-------- C:\Program Files\GAOV
2006-09-12 01:35 -------- d-------- C:\Program Files\Fichiers communs\Synacast
2006-09-03 09:45 -------- d-------- C:\Program Files\Gabest
2006-09-02 20:26 -------- d---s---- C:\Documents and Settings\ozler\Application Data\Microsoft
2006-09-02 20:21 -------- d-------- C:\Program Files\Badongo
2006-09-02 18:52 -------- d-------- C:\Program Files\URUSoft
2006-08-23 18:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-22 16:32 -------- d-------- C:\Documents and Settings\ozler\Application Data\Ahead
2006-08-20 20:43 -------- d-------- C:\Program Files\MaxSplitter
2006-08-17 16:54 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-08-15 12:06 -------- d-------- C:\Program Files\RegCleaner
2006-08-13 18:50 99970 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-08-13 18:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-13 18:50 -------- d-------- C:\Documents and Settings\ozler\Application Data\Mozilla
2006-08-13 18:49 -------- d-------- C:\Program Files\Opera
2006-08-13 15:22 -------- d-------- C:\Program Files\Matroska Pack
2006-08-11 01:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-08 01:52 -------- d-------- C:\Program Files\TimeAdjuster
2006-07-27 19:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 04:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-27 04:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-14 21:17 30 --a------ C:\AUTOEXEC.BAT
2006-07-14 21:17 0 --a------ C:\CONFIG.SYS
2006-07-12 01:40 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-07-12 01:40 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-07-12 01:40 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-07-12 00:54 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-07-12 00:54 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-07-12 00:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-07-12 00:54 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-07-12 00:54 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-07-12 00:54 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-07-12 00:33 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-07-12 00:33 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-06 12:08 62 --ahs---- C:\Documents and Settings\ozler\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"CursorXP"="C:\\themeGold55\\CursorXP\\CursorXP.exe -s"
@=""
"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nForce Tray Options"="sstray.exe /r"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e1,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b8,00,00,00,7c,00,00,00,71,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Windows Logon"="C:\\WINDOWS\\System32\\winlogin.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Windows Logon"="C:\\WINDOWS\\System32\\winlogin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoLowDiskSpaceCheck"=dword:00000001
"NoCDBurning"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoLowDiskSpaceCheck"=dword:00000001
"NoCDBurning"=dword:00000001

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoLowDiskSpaceCheck"=dword:00000001
"NoCDBurning"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Sun 08/10/2006 12:57:12.82
ComboFix.txt




et le rapport hijackthis :


Logfile of HijackThis v1.99.1
Scan saved at 12:59:51, on 8/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mxs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\themeGold55\CursorXP\CursorXP.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Yunus\ANIME NEW\Liens rapides\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

On continue.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\WINDOWS\System32\winlogin.exe

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

6 Lance le nettoyage avec CCleaner.

7 Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

8 Redémarre normalement et poste un nouveau log HijackThis avec le rapport qui se trouve ici C:\rapport_clean.txt .

On continue

Fais une analyse antivirus en ligne sur Panda
http://www.pandasoftware.com/activ [...] ncipal.htm
il faut utiliser Internet Explorer.
Colle son rapport ici.

Re

Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

Supprime les fichiers

C:\WINDOWS\~tmp1133.exe
C:\WINDOWS\~tmp1285.exe
C:\WINDOWS\~tmp1348.exe
C:\WINDOWS\~tmp1935.exe
C:\WINDOWS\~tmp199.exe
C:\WINDOWS\~tmp2845.exe
C:\WINDOWS\~tmp2989.exe
C:\WINDOWS\~tmp374.exe
C:\WINDOWS\~tmp4512.exe
C:\WINDOWS\~tmp5125.exe
C:\WINDOWS\~tmp5523.exe
C:\WINDOWS\~tmp6141.exe
C:\WINDOWS\~tmp6710.exe
C:\WINDOWS\~tmp7243.exe
C:\WINDOWS\~tmp7784.exe
C:\WINDOWS\~tmp9423.exe

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

Lance le nettoyage avec CCleaner.

Si les fichiers résistent, fais le en mode sans échec.

Precise si tu as encore ce dysfonctionnement.

Une autre idée?

J'ai suivi tes instructions dans l'ordre et je crois bien que le probleme est résolu.

En effet j'ai effectué un scan en ligne Bitdefender , il m'a trouvé 2 virus dont un qu'il n'a pu supprimer : Cwindows /system32/mxs.exe

J'ai alors redémarrer en mode sans echec et je l'ai supprimé manuellement.
Résultat : le probleme semble etre réglé !! c'est génial!!

Je n'ai pas réussi à avoir de rapport avec bitdefender, je réessaie et je te le poste ici.

En tout cas , merci infiniment !!!

BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Oct 09, 2006 - 15:32:20

Voie d'analyse: C:\;D:\;

Statistiques
Temps 00:48:14
Fichiers 219911
Directoires 3665
Secteurs de boot 3
Archives 1719
Paquets programmes 19892

Résultats
Virus identifiés 1
Fichiers infectés 1
Fichiers suspects 0
Avertissements 0
Désinfectés 0
Fichiers effacés 1

Info sur les moteurs
Définition virus 473631
Version des moteurs AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Analyse des plugins 13
Archive des plugins 38
Unpack des plugins 6
E-mail plugins 6
Système plugins 1

Paramètres d'analyse
Première action Désinfecté
Seconde Action Supprimé
Heuristique Oui
Acceptez les avertissements Oui
Extensions analysées *;
Excludez les extensions
Analyse d'emails Oui
Analyse des Archives Oui
Analyser paquets programmes Oui
Analyse des fichiers Oui
Analyse de boot Oui


Fichier analysé Statut
C:\System Volume Information\_restore{D1751268-2638-4199-91CC-5E358EADE283}\RP45\A0202970.exe Infecté par: GenPack:Generic.Sdbot.E49BFCE5
C:\System Volume Information\_restore{D1751268-2638-4199-91CC-5E358EADE283}\RP45\A0202970.exe Echec de la désinfection
C:\System Volume Information\_restore{D1751268-2638-4199-91CC-5E358EADE283}\RP45\A0202970.exe Supprimé

Logfile of HijackThis v1.99.1
Scan saved at 17:31:06, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vincent Mivielle\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Film 4 Sect Extra] C:\Documents and Settings\All Users\Application Data\Real Creative Film 4\EQDALE.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453774 14
O4 - HKCU\..\Run: [gpl win] C:\DOCUME~1\VINCEN~1\APPLIC~1\CHINDR~1\burn cool.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/adva [...] module.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://www.bobtv.fr/download/cfweb [...] module.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{87C5BC98-351C-45F5-8CDC-BDC4866CF50D}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Vs pouvez m'aidez?