Probleme au lancement de firefox [Resolu]

duocore

24 Octobre 2006 21:47:37

Bonsoir a tous,

y a t'il quelqu'un qui pourrait m'aider?

voila mon probleme:

quand je demarre firefox j'ai une fenetre qui me demande d'installer drivecleaner

comment faire pour m'en debarasser ainsi que des adwares.

j'ai installer trojan remover et voici mon log:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.4.2. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 24/10/2006 22:47:13
Using Database v6371
Operating System: Microsoft Windows XP Version: 5.1 (Build: 2600 Service Pack 2)
-----------------------------------
22:47:13: Scanning ----------RUNNING PROCESSES-----------
C:\WINDOWS\System32\smss.exe
Filesize: 50688
Company Name: Microsoft Corporation
File Description: Gestionnaire de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: smss.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: smss.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\csrss.exe
Filesize: 6144
Company Name: Microsoft Corporation
File Description: Client Server Runtime Process
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CSRSS.Exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CSRSS.Exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\winlogon.exe
Filesize: 506368
Company Name: Microsoft Corporation
File Description: Application d'ouverture de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: winlogon
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: WINLOGON.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\services.exe
Filesize: 108544
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: services.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\lsass.exe
Filesize: 13312
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: lsass.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe
Filesize: 14032
Company Name: Microsoft Corporation
File Description: Service Executable
File Version: 1.1.1347.0
Internal Name: MsMpEng.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MsMpEng.exe
Product Name: Windows Defender
Product Version: 1.1.1347.0
--------------------
C:\WINDOWS\System32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
Running Processes check stopped at user request.
------------------------------
The shell\open registry entries were not checked.
The WIN.INI was not scanned.
The SYSTEM.INI was not scanned.
The Windows Registry was not scanned.
The ScreenSaver was not checked.
The Windows Registry Active Setup keys were not scanned.
The NT/XP Services registry keys were not scanned.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
Downloaded Program Files were not scanned.
The Windows Services file was not checked.
The AUTOEXEC.BAT file was not checked.
The scan for CAIN AND ABEL was not carried out.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.
------------------------------
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 24/10/2006 22:47:17
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.4.2. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 24/10/2006 22:46:33
Using Database v6371
Operating System: Microsoft Windows XP Version: 5.1 (Build: 2600 Service Pack 2)
-----------------------------------
22:46:33: Scanning ----------RUNNING PROCESSES-----------
C:\WINDOWS\System32\smss.exe
Filesize: 50688
Company Name: Microsoft Corporation
File Description: Gestionnaire de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: smss.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: smss.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\csrss.exe
Filesize: 6144
Company Name: Microsoft Corporation
File Description: Client Server Runtime Process
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CSRSS.Exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CSRSS.Exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\winlogon.exe
Filesize: 506368
Company Name: Microsoft Corporation
File Description: Application d'ouverture de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: winlogon
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: WINLOGON.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\services.exe
Filesize: 108544
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: services.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\lsass.exe
Filesize: 13312
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: lsass.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe
Filesize: 14032
Company Name: Microsoft Corporation
File Description: Service Executable
File Version: 1.1.1347.0
Internal Name: MsMpEng.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MsMpEng.exe
Product Name: Windows Defender
Product Version: 1.1.1347.0
--------------------
C:\WINDOWS\System32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\spoolsv.exe
Filesize: 57856
Company Name: Microsoft Corporation
File Description: Spooler SubSystem App
File Version: 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Internal Name: spoolsv.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: spoolsv.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2696
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
Filesize: 1135728
Company Name: America Online, Inc.
File Description: AOL Connectivity Service
File Version: 2.0.20.1.FR.213
Internal Name: AOLacsd
Copyright: Copyright © 2003 America Online, Inc.
Original Filename: AOLacsd.exe
Product Name: AOL Connectivity Service
Product Version: 2.0.20.1.FR.213
--------------------
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Filesize: 336896
Company Name: GRISOFT, s.r.o.
File Description: AVG Alert Manager
File Version: 7,1,0,365
Internal Name: avgamsvr
Copyright: Copyright © 2005, GRISOFT, s.r.o.
Original Filename: avgamsvr.EXE
Product Name: AVG Anti-Virus System
Product Version: 7.1.0.365
--------------------
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Filesize: 84480
Company Name: GRISOFT, s.r.o.
File Description: AVG Update Service
File Version: 7,1,0,349
Internal Name: avgupsvc
Copyright: Copyright © 2005, GRISOFT, s.r.o.
Original Filename: avgupdsvc.EXE
Product Name: AVG 7.0 Anti-Virus System
Product Version: 7.1.0.349
--------------------
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Filesize: 281088
Company Name: GRISOFT, s.r.o.
File Description: AVG E-Mail Scanner
File Version: 7,1,0,400
Internal Name: avgemc
Copyright: Copyright © 2006, GRISOFT, s.r.o.
Original Filename: avgemc.exe
Product Name: AVG Anti-Virus System
Product Version: 7.1.0.400
--------------------
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
Filesize: 221266
File Description: CLCapSvc Module
File Version: 4.00.1710
Internal Name: CLCapSvc
Copyright: Copyright 2004
Original Filename: CLCapSvc.EXE
Product Name: CLCapSvc Module
Product Version: 4.00.1710
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
Filesize: 61440
Company Name: Cyberlink
File Description: NT CLMLServer
File Version: 1, 1, 0, 1619
Internal Name: NT CLMLServer
Copyright: Copyright c 2004
Original Filename: CLMLServer.exe
Product Name: Cyberlink Media Library Server
Product Version: 1, 1, 0, 1619
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
Filesize: 737381
Company Name: Cyberlink
File Description: Cyberlink MediaLibrary NT Service
File Version: 1, 1, 0, 1619
Internal Name: CLMLService
Copyright: Copyright c 2004
Original Filename: CLMLService.exe
Product Name: Cyberlink MediaLibrary NT Service
Product Version: 1, 1, 0, 1619
--------------------
c:\APPS\HIDSERVICE\HIDSERVICE.exe
Filesize: 49152
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
Filesize: 270336
Company Name: Microsoft Corporation
File Description: Machine Debug Manager
File Version: 7.00.9064.9150
Internal Name: mdm.exe
Copyright: Copyright (C) Microsoft Corp. 1997-2000
Original Filename: mdm.exe
Product Name: Microsoft Development Environment
Product Version: 7.00.9064.9150
--------------------
C:\WINDOWS\system32\o2flash.exe
Filesize: 36864
--------------------
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Filesize: 49152
Company Name: Ulead Systems, Inc.
File Description: ULCDRSvr
File Version: 1, 0, 0, 3
Internal Name: ULCDRSvr
Copyright: Copyright © 2002 Ulead Systems, Inc.
Original Filename: ULCDRSvr.exe
Product Name: Ulead Systems ULCDRSvr
Product Version: 1, 0, 0, 3
--------------------
C:\WINDOWS\system32\wdfmgr.exe
Filesize: 38912
Company Name: Microsoft Corporation
File Description: Windows User Mode Driver Manager
File Version: 5.2.3790.1230 built by: DNSRV(bld4act)
Internal Name: WdfMgr
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: WdfMgr.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.2.3790.1230
--------------------
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
Filesize: 110672
File Description: CLSched Module
File Version: 4.00.1710
Internal Name: CLSched
Copyright: Copyright 2004
Original Filename: CLSched.EXE
Product Name: CLSched Module
Product Version: 4.00.1710
--------------------
C:\WINDOWS\System32\alg.exe
Filesize: 44544
Company Name: Microsoft Corporation
File Description: Application Layer Gateway Service
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: ALG.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ALG.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Filesize: 98394
Company Name: Synaptics, Inc.
File Description: TouchPad Driver Helper Application
File Version: 7.14.0 10Mar05
Internal Name: SynTPLpr
Copyright: Copyright (C) Synaptics, Inc. 1996-2004
Original Filename: SynTPLpr.exe
Product Name: Synaptics Pointing Device Driver
Product Version: 7.14.0 10Mar05
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Filesize: 688218
Company Name: Synaptics, Inc.
File Description: Synaptics TouchPad Enhancements
File Version: 7.14.0 10Mar05
Internal Name: Synaptics Enhancements Application
Copyright: Copyright (C) Synaptics, Inc. 1996-2004
Original Filename: SynTPEnh.exe
Product Name: Synaptics Pointing Device Driver
Product Version: 7.14.0 10Mar05
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Filesize: 45056
Company Name: ATI Technologies Inc.
File Description: CLI Application (Command Line Interface)
File Version: 1.11.0.0
Internal Name: CLI.exe
Copyright: 2002-2005
Trademark:
Original Filename: CLI.exe
Product Name: Catalyst Control Centre
Product Version: 1.11.0.0
Comments: Command Line Interface application for all ACE Components
--------------------
C:\WINDOWS\RTHDCPL.EXE
Filesize: 15797248
Company Name: Realtek Semiconductor Corp.
File Description: Realtek HD Audio Control Panel
File Version: 2.0.3.4
Copyright: Copyright (c) 2004 Realtek Semiconductor Corp.
Original Filename: RTHDCPL.EXE
Product Name: Realtek HD Audio Sound Effect Manager
Product Version: 2.0.3.4
--------------------
C:\WINDOWS\system32\WLan.exe
Filesize: 221184
File Description: WLAN MFC Application
File Version: 1. 0. 0. 5
Internal Name: WLAN
Copyright: Copyright (C) 2005
Original Filename: WLAN.EXE
Product Name: WLAN Application
Product Version: 1. 0. 0. 5
--------------------
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Filesize: 36975
Company Name: Sun Microsystems, Inc.
File Description: Java(TM) 2 Platform Standard Edition binary
File Version: 5.0.60.5
Internal Name: Java(TM) Update Scheduler
Copyright: Copyright © 2004
Original Filename: jusched.exe
Product Name: Java(TM) 2 Platform Standard Edition 5.0 Update 6
Product Version: 5.0.60.5
--------------------
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
Filesize: 90112
Company Name: Ulead Systems, Inc.
File Description: AutoDetector
File Version: 2.0.0.0
Internal Name: AutoDetector
Copyright: Copyright (c)1992-2004. Ulead Systems, Inc. All rights reserved.
Trademark: Ulead Systems, MediaStudio and Ulead Photo Explorer are registered trademarks of Ulead Systems, Inc.
Original Filename: MONITOR.EXE
Product Name: Ulead AutoDetector
Product Version: 2.0.0.0
--------------------
C:\Apps\Powercinema\PCMService.exe
Filesize: 127118
Company Name: CyberLink Corp.
File Description: CyberLink PowerCinema Resident Program
File Version: 4.0.0.0000
Internal Name: CyberLink PowerCinema Resident Program
Copyright: Copyright (c) 2005 CyberLink Corp.
Original Filename: PCMService.exe
Product Name: Cyberlink PowerCinema
Product Version: 4.0.0.0000
--------------------
C:\Program Files\QuickTime\qttask.exe
Filesize: 282624
Company Name: Apple Computer, Inc.
File Description: QuickTime Task
File Version: 7.1.3
Internal Name: QuickTime Task
Copyright: Copyright Apple Computer, Inc. 1989-2006
Original Filename: QTTask.exe
Product Name: QuickTime
Product Version: QuickTime 7.1.3
--------------------
C:\Program Files\iTunes\iTunesHelper.exe
Filesize: 229952
Company Name: Apple Computer, Inc.
File Description: iTunesHelper Module
File Version: 7.0.1.8
Internal Name: iTunesHelper
Copyright: © 2003-2006 Apple Computer, Inc. All Rights Reserved.
Original Filename: iTunesHelper.exe
Product Name: iTunes
Product Version: 7.0.1.8
--------------------
C:\WINDOWS\system32\rundll32.exe
Filesize: 33792
Company Name: Microsoft Corporation
File Description: Exécuter une DLL en tant qu'application
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: rundll
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: RUNDLL.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
Filesize: 777424
Company Name: Microsoft Corporation
File Description: Windows Defender User Interface
File Version: 1.1.1347.0
Internal Name: MSASCUI
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MSASCUI.exe
Product Name: Windows Defender
Product Version: 1.1.1347.0
--------------------
C:\APPS\SMP\SmpSys.exe
Filesize: 975360
Company Name: Packard Bell BV
File Description: SmpSys.exe
File Version: 1.0.0.0
Internal Name: Setup my PC Systray
Copyright: Packard Bell BV
Trademark: Packard Bell BV
Original Filename: SmpSys.exe
Product Name: Setup my PC
Product Version: 1.0.0.0
--------------------
C:\WINDOWS\system32\ctfmon.exe
Filesize: 15360
Company Name: Microsoft Corporation
File Description: CTF Loader
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CTFMON
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CTFMON.EXE
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Filesize: 839680
File Description: ADIMON MFC Application
File Version: 1, 0, 0, 1
Internal Name: DSLMON
Copyright: Copyright (C) 2000
Original Filename: ADIMON.EXE
Product Name: DSLMON Application
Product Version: 1, 0, 0, 1
--------------------
C:\Program Files\iPod\bin\iPodService.exe
Filesize: 451136
Company Name: Apple Computer, Inc.
File Description: iPodService Module
File Version: 7.0.1.8
Internal Name: iPodService
Copyright: © 2003-2006 Apple Computer, Inc. All Rights Reserved.
Original Filename: iPodService.exe
Product Name: iTunes
Product Version: 7.0.1.8
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize: 7190637
Company Name: Mozilla Corporation
File Description: Firefox
File Version: 1.8.0.7: 2006090918
Internal Name: Firefox
Copyright: Mozilla Corporation
Trademark: Firefox is a Trademark of The Mozilla Foundation.
Original Filename: firefox.exe
Product Name: Firefox
Product Version: 1.5.0.7
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Filesize: 45056
Company Name: ATI Technologies Inc.
File Description: CLI Application (Command Line Interface)
File Version: 1.11.0.0
Internal Name: CLI.exe
Copyright: 2002-2005
Trademark:
Original Filename: CLI.exe
Product Name: Catalyst Control Centre
Product Version: 1.11.0.0
Comments: Command Line Interface application for all ACE Components
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Filesize: 45056
Company Name: ATI Technologies Inc.
File Description: CLI Application (Command Line Interface)
File Version: 1.11.0.0
Internal Name: CLI.exe
Copyright: 2002-2005
Trademark:
Original Filename: CLI.exe
Product Name: Catalyst Control Centre
Product Version: 1.11.0.0
Comments: Command Line Interface application for all ACE Components
--------------------
C:\WINDOWS\explorer.exe
Filesize: 1036288
Company Name: Microsoft Corporation
File Description: Explorateur Windows
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: explorer
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: EXPLORER.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2900.2180
--------------------
C:\Documents and Settings\ludovic\Bureau\erasor.exe
Filesize: 163840
Company Name: Lionel Allorge
File Description: Application MFC Erasor
File Version: 2, 1, 0, 0
Internal Name: Erasor
Copyright: Copyright (C) 2000
Original Filename: Erasor.EXE
Product Name: Application Erasor
Product Version: 2, 1, 0, 0
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
Filesize: 93184
Company Name: Microsoft Corporation
File Description: Internet Explorer
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: iexplore
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: IEXPLORE.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2900.2180
--------------------
C:\Program Files\Gaim\gaim.exe
Filesize: 69793
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize: 7190637
Company Name: Mozilla Corporation
File Description: Firefox
File Version: 1.8.0.7: 2006090918
Internal Name: Firefox
Copyright: Mozilla Corporation
Trademark: Firefox is a Trademark of The Mozilla Foundation.
Original Filename: firefox.exe
Product Name: Firefox
Product Version: 1.5.0.7
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize: 7190637
Company Name: Mozilla Corporation
File Description: Firefox
File Version: 1.8.0.7: 2006090918
Internal Name: Firefox
Copyright: Mozilla Corporation
Trademark: Firefox is a Trademark of The Mozilla Foundation.
Original Filename: firefox.exe
Product Name: Firefox
Product Version: 1.5.0.7
--------------------
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications
------------------------------
22:46:38: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
------------------------------
22:46:38: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
------------------------------
22:46:38: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key does not contain a Shell value so nothing to check
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's Shell value calls the following program(s):
Explorer.exe - this program is expected and has been left in place
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = IMJPMIG8.1
Value Data = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - this command has been left in place
--------------------
Value Name = PHIME2002ASync
Value Data = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC - this command has been left in place
--------------------
Value Name = PHIME2002A
Value Data = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName - this command has been left in place
--------------------
Value Name = SynTPLpr
Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
--------------------
Value Name = SynTPEnh
Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
--------------------
Value Name = Raccourci vers la page des propriétés de High Definition Audio
Value Data = HDAShCut.exe - this command has been left in place
--------------------
Value Name = ATICCC
Value Data = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay - this command has been left in place
--------------------
Value Name = RTHDCPL
Value Data = RTHDCPL.EXE - this command has been left in place
--------------------
Value Name = Alcmtr
Value Data = ALCMTR.EXE - this command has been left in place
--------------------
Value Name = WLAN
Value Data = C:\WINDOWS\system32\WLan.exe - this command has been left in place
--------------------
Value Name = SunJavaUpdateSched
Value Data = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe - this command has been left in place
--------------------
Value Name = Ulead AutoDetector v2
Value Data = C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe - this command has been left in place
--------------------
Value Name = PCMService
Value Data = c:\Apps\Powercinema\PCMService.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = AVG7_CC
Value Data = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP - this command has been left in place
--------------------
Value Name = iTunesHelper
Value Data = C:\Program Files\iTunes\iTunesHelper.exe - this command has been left in place
--------------------
Value Name = atpcbbl.dll
Value Data = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd - this command has been left in place
--------------------
Value Name = PVModule
Value Data = C:\PROGRA~1\PRINTV~1\pvmodule.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = IpWins
Value Data = C:\Program Files\ipwins\ipwins.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = Windows Defender
Value Data = C:\Program Files\Windows Defender\MSASCui.exe" -hide - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = MSMSGS
Value Data = C:\Program Files\Messenger\msmsgs.exe" /background - this command has been left in place
--------------------
Value Name = SmpcSys
Value Data = C:\APPS\SMP\SmpSys.exe - this command has been left in place
--------------------
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
--------------------
Checking for an active ScreenSaver:
ScreenSaver=C:\WINDOWS\system32\logon.scr - this command has been left in place
--------------------
------------------------------
22:46:45: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
------------------------------
22:46:46: Scanning ----- NT/XP SERVICES REGISTRY KEYS -----
Checking files called from the NT/XP CurrentControlSet\Services Keys:
Key=abp480n5
ImagePath=system32\DRIVERS\ABP480N5.SYS - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=system32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=adpu160m
ImagePath=system32\DRIVERS\adpu160m.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=system32\DRIVERS\agp440.sys - this reference has been left in place
----------
Key=agpCPQ
ImagePath=system32\DRIVERS\agpCPQ.sys - this reference has been left in place
----------
Key=Aha154x
ImagePath=system32\DRIVERS\aha154x.sys - this reference has been left in place
----------
Key=aic78u2
ImagePath=system32\DRIVERS\aic78u2.sys - this reference has been left in place
----------
Key=aic78xx
ImagePath=system32\DRIVERS\aic78xx.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AliIde
ImagePath=system32\DRIVERS\aliide.sys - this reference has been left in place
----------
Key=alim1541
ImagePath=system32\DRIVERS\alim1541.sys - this reference has been left in place
----------
Key=amdagp
ImagePath=system32\DRIVERS\amdagp.sys - this reference has been left in place
----------
Key=amsint
ImagePath=system32\DRIVERS\amsint.sys - this reference has been left in place
----------
Key=AOL ACS
ImagePath=C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=asc
ImagePath=system32\DRIVERS\asc.sys - this reference has been left in place
----------
Key=asc3350p
ImagePath=system32\DRIVERS\asc3350p.sys - this reference has been left in place
----------
Key=asc3550
ImagePath=system32\DRIVERS\asc3550.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=Avg7Alrt
ImagePath=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe - this reference has been left in place
----------
Key=Avg7Core
ImagePath=\SystemRoot\System32\Drivers\avg7core.sys - this reference has been left in place
----------
Key=Avg7RsW
ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place
----------
Key=Avg7RsXP
ImagePath=\SystemRoot\System32\Drivers\avg7rsxp.sys - this reference has been left in place
----------
Key=Avg7UpdSvc
ImagePath=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe - this reference has been left in place
----------
Key=AVGEMS
ImagePath=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe - this reference has been left in place
----------
Key=AvgTdi
ImagePath=\SystemRoot\System32\Drivers\avgtdi.sys - this reference has been left in place
----------
Key=cbidf
ImagePath=system32\DRIVERS\cbidf2k.sys - this reference has been left in place
----------
Key=cd20xrnt
ImagePath=system32\DRIVERS\cd20xrnt.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CIR
ImagePath=system32\DRIVERS\CIR.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=CLCapSvc
ImagePath="c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CLSched
ImagePath="c:\APPS\Powercinema\Kernel\TV\CLSched.exe" - this reference has been left in place
----------
Key=CmBatt
ImagePath=system32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=CmdIde
ImagePath=system32\DRIVERS\cmdide.sys - this reference has been left in place
----------
Key=Compbatt
ImagePath=system32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Cpqarray
ImagePath=system32\DRIVERS\cpqarray.sys - this reference has been left in place
----------
Key=CyberLink Media Library Service
ImagePath="C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" - this reference has been left in place
----------
Key=dac2w2k
ImagePath=system32\DRIVERS\dac2w2k.sys - this reference has been left in place
----------
Key=dac960nt
ImagePath=system32\DRIVERS\dac960nt.sys - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=dpti2o
ImagePath=system32\DRIVERS\dpti2o.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=E100B
ImagePath=system32\DRIVERS\e100b325.sys - this reference has been left in place
----------
Key=e4usbaw
ImagePath=system32\DRIVERS\e4usbaw.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=GEARAspiWDM
ImagePath=System32\Drivers\GEARAspiWDM.sys - this reference has been left in place
----------
Key=GenericHidService
ImagePath=c:\APPS\HIDSERVICE\HIDSERVICE.exe - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=HdAudAddService
ImagePath=system32\drivers\HdAudio.sys - this reference has been left in place
----------
Key=HDAudBus
ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=hpn
ImagePath=system32\DRIVERS\hpn.sys - this reference has been left in place
----------
Key=HSF_DPV
ImagePath=system32\DRIVERS\HSX_DPV.sys - this reference has been left in place
----------
Key=HSXHWAZL
ImagePath=system32\DRIVERS\HSXHWAZL.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i2omp
ImagePath=system32\DRIVERS\i2omp.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=IKANLOADER2
ImagePath=System32\Drivers\e4ldr.sys - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=ini910u
ImagePath=system32\DRIVERS\ini910u.sys - this reference has been left in place
----------
Key=IntcAzAudAddService
ImagePath=system32\drivers\RtkHDAud.sys - this reference has been left in place
----------
Key=IntelIde
ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=kbd
ImagePath=system32\DRIVERS\kbd.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kioport
ImagePath=System32\drivers\kioport.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=MDM
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" - this reference has been left in place
----------
Key=mdmxsdk
ImagePath=system32\DRIVERS\mdmxsdk.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=mraid35x
ImagePath=system32\DRIVERS\mraid35x.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MySqlInventime
ImagePath=c:\mysql\bin\mysqld-max-nt MySqlInventime - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=O2Flash
ImagePath=C:\WINDOWS\system32\o2flash.exe - this reference has been left in place
----------
Key=O2MDRDR
ImagePath=system32\DRIVERS\o2media.sys - this reference has been left in place
----------
Key=O2SDRDR
ImagePath=system32\DRIVERS\o2sd.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=perc2
ImagePath=system32\DRIVERS\perc2.sys - this reference has been left in place
----------
Key=perc2hib
ImagePath=system32\DRIVERS\perc2hib.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=system32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=ql1080
ImagePath=system32\DRIVERS\ql1080.sys - this reference has been left in place
----------
Key=Ql10wnt
ImagePath=system32\DRIVERS\ql10wnt.sys - this reference has been left in place
----------
Key=ql12160
ImagePath=system32\DRIVERS\ql12160.sys - this reference has been left in place
----------
Key=ql1240
ImagePath=system32\DRIVERS\ql1240.sys - this reference has been left in place
----------
Key=ql1280
ImagePath=system32\DRIVERS\ql1280.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=system32\DRIVERS\sisagp.sys - this reference has been left in place
----------
Key=Sparrow
ImagePath=system32\DRIVERS\sparrow.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{4F20079B-9003-46EB-AFC3-0037ECFBBC7A} - this reference has been left in place
----------
Key=symc810
ImagePath=system32\DRIVERS\symc810.sys - this reference has been left in place
----------
Key=symc8xx
ImagePath=system32\DRIVERS\symc8xx.sys - this reference has been left in place
----------
Key=sym_hi
ImagePath=system32\DRIVERS\sym_hi.sys - this reference has been left in place
----------
Key=sym_u3
ImagePath=system32\DRIVERS\sym_u3.sys - this reference has been left in place
----------
Key=SynTP
ImagePath=system32\DRIVERS\SynTP.sys - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TosIde
ImagePath=system32\DRIVERS\toside.sys - this reference has been left in place
----------
Key=UleadBurningHelper
ImagePath=C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe - this reference has been left in place
----------
Key=ultra
ImagePath=system32\DRIVERS\ultra.sys - this reference has been left in place
----------
Key=UMWdf
ImagePath=C:\WINDOWS\system32\wdfmgr.exe - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp
ImagePath=system32\DRIVERS\viaagp.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=w39n51
ImagePath=system32\DRIVERS\w39n51.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wanatw
ImagePath=system32\DRIVERS\wanatw4.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=system32\DRIVERS\HSX_CNXT.sys - this reference has been left in place
----------
Key=WinDefend
ImagePath="C:\Program Files\Windows Defender\MsMpEng.exe" - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
------------------------------
22:47:05: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded
------------------------------
22:47:05: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=AtiExtEvent
DLLName=Ati2evxx.dll - this reference has been left in place
----------
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=vtutt
DLLName=C:\WINDOWS\system32\vtutt.dll - this reference has been left in place
----------
Key=wingdm32
DLLName=wingdm32.dll - this reference has been left in place [file not found to scan]
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------
------------------------------
22:47:05: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443}
C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL - this Browser Helper Object has been left in place
----------
Key = {26166ECA-5121-6013-E66E-0A089755BB38}
C:\WINDOWS\system32\jsmbqml.dll - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {84504923-AF48-4A05-AD25-75857665F26E}
C:\WINDOWS\system32\vtutt.dll - this Browser Helper Object has been left in place
----------
Key = {a43385f0-7113-496d-96d7-b9b550e3fcca}
C:\WINDOWS\system32\ixt0.dll - this Browser Helper Object has been left in place [file not found to scan]
----------
Key = {D4E0C464-30CE-4075-9A10-71FD106C2847}
C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL - this Browser Helper Object has been left in place
----------
------------------------------
22:47:06: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
%SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
------------------------------
22:47:06: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
------------------------------
22:47:06: Scanning ------ COMMON STARTUP GROUP ------
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
DSLMON.lnk - this links to C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe and has been left in place
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place
------------------------------
No User Startup Groups were located to check
------------------------------
22:47:06: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
------------------------------
22:47:06: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
------------------------------
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
file://C:\APPS\IE\offline\fr.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
------------------------------
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 24/10/2006 22:47:06
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.4.2. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 24/10/2006 22:44:55
Using Database v6371
Operating System: Microsoft Windows XP Version: 5.1 (Build: 2600 Service Pack 2)
-----------------------------------
22:44:55: Scanning ----------RUNNING PROCESSES-----------
C:\WINDOWS\System32\smss.exe
Filesize: 50688
Company Name: Microsoft Corporation
File Description: Gestionnaire de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: smss.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: smss.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\csrss.exe
Filesize: 6144
Company Name: Microsoft Corporation
File Description: Client Server Runtime Process
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CSRSS.Exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CSRSS.Exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\winlogon.exe
Filesize: 506368
Company Name: Microsoft Corporation
File Description: Application d'ouverture de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: winlogon
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: WINLOGON.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\services.exe
Filesize: 108544
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: services.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\lsass.exe
Filesize: 13312
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: lsass.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
-------

Autres pages sur : probleme lancement firefox resolu

| Etre averti des réponses
| Alerter

Répondre à duocore

Angeldark

25 Octobre 2006 10:35:04

Bonjour,

C:\WINDOWS\system32\atpcbbl.dll
-> ca ressemble a du Vundo

Fais bien TOUT ce qui suit.

- Télécharge Hijackthis de Merjin
- Mets le dans un dossier ou sur ton bureau
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide

- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.

Aide sur Hijackthis

| Alerter

Répondre à Angeldark

duocore

25 Octobre 2006 16:36:16

voici mon rapport:

Logfile of HijackThis v1.99.1
Scan saved at 18:32:40, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ludovic\Bureau\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll
O2 - BHO: (no name) - {38AA0C82-72FF-4980-9CDB-3A0723563F3A} - C:\WINDOWS\system32\vtutt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

| Alerter

Répondre à duocore

Angeldark

25 Octobre 2006 16:42:19

J'avais raison ^^

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

| Alerter

Répondre à Angeldark

duocore

25 Octobre 2006 20:59:29

Vundo rapport:

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 22:00:34 25/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\atpcbbl.dll
C:\WINDOWS\system32\cbxvusp.dll
C:\WINDOWS\system32\jsmbqml.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\atpcbbl.dll
C:\WINDOWS\system32\atpcbbl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvusp.dll
C:\WINDOWS\system32\cbxvusp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jsmbqml.dll
C:\WINDOWS\system32\jsmbqml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttutv.tmp
C:\WINDOWS\system32\ttutv.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Performing Repairs to the registry.
Done!

Rapport hijack:

Logfile of HijackThis v1.99.1
Scan saved at 22:17:49, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\ludovic\Bureau\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {767BFDE7-9606-46E1-BB2B-A86231412F36} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

j'ai un probleme maintenant au demarrage de windows

il me dit erreur de demarrage C:\WINDOWS\system32\atpcbbl.dll

| Alerter

Répondre à duocore

Angeldark

26 Octobre 2006 13:13:54

il me dit erreur de demarrage C:\WINDOWS\system32\atpcbbl.dll
--> normal

On y s'occupera de ca apres.

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

| Alerter

Répondre à Angeldark

duocore

26 Octobre 2006 17:53:20

voici mon rapport:

ludovic - 06-10-26 19:51:44,87 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\ludovic\Bureau\parus"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\PrintView
C:\Program Files\Safety Bar
C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{3415E6BF-0724-1036-0403-060330060021}
C:\Program Files\Fichiers communs\{D415E6BF-0724-1036-0403-060330060021}

((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))

2006-10-23 20:38 67,604 --a------ C:\WINDOWS\system32\ijdkmgwb.exe
2006-10-15 23:14 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-10-15 23:14 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2006-10-15 23:14 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2006-10-15 23:14 26,088 --a------ C:\WINDOWS\system32\xmlinst.exe
2006-10-15 23:14 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-10-15 23:13 185,344 --a------ C:\WINDOWS\patchw32.dll
2006-10-14 08:29 173,056 --a------ C:\WINDOWS\system32\cncs32.dll
2006-10-02 19:13 1,270,912 --a------ C:\WINDOWS\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe
2006-10-02 06:35 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-02 06:35 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-02 06:35 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-02 06:35 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-02 06:35 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-02 06:11 63,555 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys
2006-10-02 06:11 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys
2006-10-02 06:11 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL
2006-10-02 06:11 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL
2006-10-02 06:11 24,576 --a------ C:\WINDOWS\enddisk32.exe
2006-10-02 06:11 176,128 --a------ C:\WINDOWS\autoclk.exe
2006-10-02 06:11 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
2006-10-02 06:11 143,360 --a------ C:\WINDOWS\adiras.exe
2006-10-02 06:11 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe
2006-10-02 06:11 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE
2006-10-02 06:11 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2006-10-02 06:11 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys
2006-10-02 06:11 114,616 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys
2006-10-02 00:48 36,864 --a------ C:\WINDOWS\jRegistryKey.dll
2006-10-02 00:47 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-10-02 00:47 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2006-10-02 00:47 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
2006-10-02 00:47 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2006-10-02 00:47 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-02 00:40 98,304 -ra------ C:\WINDOWS\system32\unzip32.dll
2006-10-02 00:40 114,688 --a------ C:\WINDOWS\system32\showtime.scr
2006-10-02 00:35 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2006-10-02 00:34 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-10-02 00:34 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2006-10-02 00:34 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
2006-10-02 00:34 225,280 --a------ C:\WINDOWS\system32\AOLDial.dll
2006-10-02 00:34 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2006-10-02 00:34 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2006-10-02 00:34 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2006-10-02 00:32 0 -rahs---- C:\MSDOS.SYS
2006-10-02 00:32 0 -rahs---- C:\IO.SYS
2006-10-02 00:31 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-02 00:25 3,968 --a------ C:\WINDOWS\system32\drivers\kioport.sys
2006-10-02 00:25 221,184 --a------ C:\WINDOWS\system32\WLAN.exe
2006-10-02 00:24 935,424 --a------ C:\WINDOWS\system32\drivers\HSX_DPV.sys
2006-10-02 00:24 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-10-02 00:24 672,256 --a------ C:\WINDOWS\system32\drivers\HSX_CNXT.sys
2006-10-02 00:24 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2006-10-02 00:24 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-10-02 00:24 196,608 --a------ C:\WINDOWS\system32\drivers\HSXHWAZL.sys
2006-10-02 00:24 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2006-10-02 00:24 12,544 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-10-02 00:24 114,688 --a------ C:\WINDOWS\system32\Uci32104.dll
2006-10-02 00:23 9,710,592 --a------ C:\WINDOWS\RTLCPL.exe
2006-10-02 00:23 86,016 --a------ C:\WINDOWS\SoundMan.exe
2006-10-02 00:23 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2006-10-02 00:23 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2006-10-02 00:23 4,127,232 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-10-02 00:23 356,352 --a------ C:\WINDOWS\RtlUpd.exe
2006-10-02 00:23 2,809,856 --a------ C:\WINDOWS\alcwzrd.exe
2006-10-02 00:23 2,142,208 --a------ C:\WINDOWS\MicCal.exe
2006-10-02 00:23 15,797,248 --a------ C:\WINDOWS\RTHDCPL.exe
2006-10-02 00:22 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-02 00:22 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-02 00:22 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-02 00:22 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-02 00:22 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-02 00:22 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-02 00:22 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-02 00:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-02 00:21 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-02 00:21 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-02 00:21 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-02 00:21 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-02 00:21 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-02 00:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-02 00:10 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2006-10-02 00:10 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-02 00:10 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2006-10-02 00:09 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2006-10-02 00:09 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2006-10-02 00:09 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-02 00:09 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2006-10-02 00:09 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2006-10-02 00:09 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-26 19:52 -------- d-------- C:\Program Files\Fichiers communs
2006-10-26 19:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-26 19:48 -------- d-------- C:\Program Files\Trojan Remover
2006-10-26 07:00 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-25 23:04 -------- d-------- C:\Documents and Settings\ludovic\Application Data\.gaim
2006-10-24 22:48 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Simply Super Software
2006-10-24 22:24 -------- d-------- C:\Program Files\GIMPshop
2006-10-24 21:20 -------- d-------- C:\Program Files\Adobe
2006-10-24 20:17 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-24 20:17 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Adobe
2006-10-24 19:38 -------- d-------- C:\Documents and Settings\ludovic\Application Data\AVG7
2006-10-23 23:12 -------- d-------- C:\Program Files\Windows Defender
2006-10-23 20:55 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Opera
2006-10-22 19:52 -------- d-------- C:\Program Files\VideoLAN
2006-10-22 19:21 -------- d-------- C:\Program Files\Xi
2006-10-22 18:43 -------- d-------- C:\Documents and Settings\ludovic\Application Data\vlc
2006-10-22 18:31 -------- d-------- C:\Program Files\Java
2006-10-15 23:14 -------- d-------- C:\Program Files\Ubi Soft
2006-10-15 23:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-15 23:13 -------- d-------- C:\Program Files\ubi.com
2006-10-15 23:13 -------- d-------- C:\Program Files\Fichiers communs\PocketSoft
2006-10-15 23:13 -------- d-------- C:\Documents and Settings\ludovic\Application Data\ubi.com
2006-10-14 21:58 -------- d-------- C:\Documents and Settings\ludovic\Application Data\AdobeUM
2006-10-14 15:44 -------- d-------- C:\Program Files\Fichiers communs\Vitalize
2006-10-14 09:50 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Sun
2006-10-14 08:33 -------- d-------- C:\Program Files\ZC2.10
2006-10-13 22:38 -------- d-------- C:\Program Files\ScummVM
2006-10-10 23:56 -------- d-------- C:\Program Files\Gaim
2006-10-07 03:30 -------- d-------- C:\Program Files\Yetisports
2006-10-07 01:42 -------- d-------- C:\Program Files\DivXCodec
2006-10-07 01:06 -------- d-------- C:\Program Files\WinRAR
2006-10-07 01:06 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Help
2006-10-06 20:18 -------- d-------- C:\Documents and Settings\ludovic\Application Data\OD2
2006-10-05 20:16 -------- d---s---- C:\Documents and Settings\ludovic\Application Data\Microsoft
2006-10-03 23:30 -------- d-------- C:\Program Files\Common Files
2006-10-03 23:29 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Mozilla
2006-10-03 23:28 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Thunderbird
2006-10-03 23:28 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Talkback
2006-10-03 19:56 -------- d-------- C:\Program Files\iTunes
2006-10-03 19:56 -------- d-------- C:\Program Files\iPod
2006-10-02 21:29 -------- d-------- C:\Program Files\PC Inspector File Recovery
2006-10-02 19:17 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-02 06:59 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 06:56 -------- d-------- C:\Program Files\Outlook Express
2006-10-02 06:56 -------- d-------- C:\Program Files\Fichiers communs\System
2006-10-02 06:35 -------- d-------- C:\Program Files\Grisoft
2006-10-02 06:31 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Apple Computer
2006-10-02 06:30 -------- d-------- C:\Program Files\QuickTime
2006-10-02 06:30 -------- d-------- C:\Program Files\Apple Software Update
2006-10-02 06:24 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Macromedia
2006-10-02 06:11 -------- d-------- C:\Program Files\SAGEM
2006-10-02 00:49 -------- d-------- C:\Program Files\Sonic
2006-10-02 00:49 -------- d-------- C:\Program Files\Fichiers communs\Sonic Shared
2006-10-02 00:49 -------- d-------- C:\Documents and Settings\ludovic\Application Data\AOL
2006-10-02 00:47 -------- d-------- C:\Program Files\CyberLink
2006-10-02 00:46 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-02 00:46 -------- d-------- C:\Program Files\microsoft office
2006-10-02 00:46 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-02 00:46 -------- d-------- C:\Program Files\Fichiers communs\Designer
2006-10-02 00:45 -------- d-------- C:\Program Files\Ulead Systems
2006-10-02 00:43 -------- d-------- C:\Program Files\Windows Media Components
2006-10-02 00:43 -------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2006-10-02 00:42 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-02 00:41 -------- d-------- C:\Program Files\Fichiers communs\SureThing Shared
2006-10-02 00:40 -------- d-------- C:\Program Files\ShowTime
2006-10-02 00:37 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Symantec
2006-10-02 00:36 -------- d-------- C:\Program Files\Norman
2006-10-02 00:35 -------- d-------- C:\Program Files\Viewpoint
2006-10-02 00:35 -------- d-------- C:\Program Files\Learn2.com
2006-10-02 00:35 -------- d-------- C:\Program Files\Fichiers communs\Nullsoft
2006-10-02 00:35 -------- d-------- C:\Program Files\Fichiers communs\aolshare
2006-10-02 00:35 -------- d-------- C:\Program Files\Fichiers communs\AOL
2006-10-02 00:35 -------- d-------- C:\Program Files\AOL Compagnon
2006-10-02 00:35 -------- d-------- C:\Program Files\AOL 9.0
2006-10-02 00:35 -------- d-------- C:\Documents and Settings\ludovic\Application Data\You've Got Pictures Screensaver
2006-10-02 00:34 -------- d-------- C:\Program Files\Real
2006-10-02 00:34 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-10-02 00:32 -------- d-------- C:\Documents and Settings\ludovic\Application Data\ATI
2006-10-02 00:31 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 00:29 -------- d-------- C:\Program Files\Fichiers communs\Java
2006-10-02 00:25 -------- d-------- C:\Program Files\MiTAC
2006-10-02 00:25 -------- d-------- C:\Program Files\Messenger
2006-10-02 00:24 -------- d-------- C:\Program Files\CONEXANT
2006-10-02 00:23 -------- d-------- C:\Program Files\Realtek
2006-10-02 00:22 -------- d-------- C:\Program Files\ATI Technologies
2006-10-02 00:19 -------- d-------- C:\Program Files\Intel
2006-10-02 00:09 -------- d-------- C:\Program Files\Synaptics
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"WLAN"="C:\\WINDOWS\\system32\\WLan.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Ulead AutoDetector v2"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"atpcbbl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\atpcbbl.dll,vvjkqcd"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Extension de garantie.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-10-26 19:52:16.62
C:\ComboFix.txt ... 06-10-26 19:52

| Alerter

Répondre à duocore

Angeldark

26 Octobre 2006 19:02:15

Re,

Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

NOTE :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

| Alerter

Répondre à Angeldark

duocore

26 Octobre 2006 19:25:56

mon rapport:

SmitFraudFix v2.113

Rapport fait à 21:24:27,62, 26/10/2006
Executé à partir de C:\Documents and Settings\ludovic\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ludovic

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ludovic\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ludovic\Favoris

C:\DOCUME~1\ludovic\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

j'ai aussi un soucis avec Gaim je ne peux pas me connecter

| Alerter

Répondre à duocore

Angeldark

26 Octobre 2006 20:43:18

Re,

Redémarre en mode sans échec

Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à la ou les questions
Sauvegarde puis poste le rapport.

| Alerter

Répondre à Angeldark

duocore

27 Octobre 2006 04:22:35

rapport :

SmitFraudFix v2.113

Rapport fait à 6:13:29,79, 27/10/2006
Executé à partir de C:\Documents and Settings\ludovic\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ot.ico supprimé
C:\DOCUME~1\ludovic\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

| Alerter

Répondre à duocore

bob_

27 Octobre 2006 09:22:03

Bonjour,

Reposte un nouveau rapport HijackThis (enfin scanner).

| Alerter

Répondre à bob_

duocore

27 Octobre 2006 19:22:19

mon rapport:

Logfile of HijackThis v1.99.1
Scan saved at 21:21:48, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ludovic\Bureau\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {767BFDE7-9606-46E1-BB2B-A86231412F36} - C:\WINDOWS\system32\vtutt.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

| Alerter

Répondre à duocore

Angeldark

27 Octobre 2006 19:50:05

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll (file missing)
O2 - BHO: (no name) - {767BFDE7-9606-46E1-BB2B-A86231412F36} - C:\WINDOWS\system32\vtutt.dll (file missing)
O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd

Clique sur Fix checked (en bas à gauche)

D'autres problèmes ?

| Alerter

Répondre à Angeldark

duocore

27 Octobre 2006 20:15:57

tout a l'air d'etre OK.

je tiens a remercier toutes les personnes qui m'ont aidé a resoudre mon probleme.

si je rencontres des problemes je les mettrez ici

Et encore merci

| Alerter

Répondre à duocore

Angeldark

27 Octobre 2006 20:22:10

Dénonce ton infection (VUNDO) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?

Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.

:hello:

| Alerter

Répondre à Angeldark

duocore

27 Octobre 2006 21:19:28

merci de ton aide precieuse.

:jap:

| Alerter

Répondre à duocore

duocore

27 Octobre 2006 22:19:39

j'observe un ralentissement du traffic sur internet. est ce normal?
comment y remedier

| Alerter

Répondre à duocore

Angeldark

28 Octobre 2006 11:20:27

Re,

Je ne pense as à un virus.
Poste un rapport Hijackthis.

| Alerter

Répondre à Angeldark

duocore

28 Octobre 2006 12:16:15

mon rapport:

Logfile of HijackThis v1.99.1
Scan saved at 14:15:54, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ludovic\Bureau\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

| Alerter

Répondre à duocore

Angeldark

28 Octobre 2006 12:24:53

Re,

On peux fixer ces lignes inutiles.

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Clique sur Fix checked (en bas à gauche)

Sinon ca ne semble pas lié à un virus.

| Alerter

Répondre à Angeldark

Tom's guide dans le monde