Votre question

Virus windows live messenger

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Février 2008 23:45:37

bonjour
j'ai chopé un virus MSN
Sa envoi a plusieurs de mes contacts un lien
je voudrais donc que quelqu'un m'aide

Autres pages sur : virus windows live messenger

28 Février 2008 00:03:54

Salut,

Télécharge MsnFix (de !aur3n7) sur ton Bureau. (>>Tuto<<)
Dézippe-le sur ton bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)

Si tu dois redémarrer l’ordinateur fais le manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci
28 Février 2008 00:33:42

J'ai exactement le même problème. Le rapport MSNFIX est
MSNFix 1.673

C:\Jeux\MSNFix
Fix exécuté le 27/02/2008 - 23:33:11,96 By DE KERROS
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\Setup.exe
... C:\log.txt
... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\DE KERROS\??????.exe
... C:\Documents and Settings\DE KERROS\????????.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\Setup.exe
.. OK ... C:\log.txt
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\DE KERROS\??????.exe
.. OK ... C:\Documents and Settings\DE KERROS\????????.exe



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\host.zip] F6856706BF083B907FEB6B81109A782F
[C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\azupdater_1.8.5.zip] 2AC49B3BF78D09BC78DCFE649BC337C0
[C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\azupnpav_0.1.7.zip] 9FFA8574D012893CCBE950761E0AD870
[C:\famwssg.exe] 8A56C75C99A8C8BF74227F832596C9CD

==> SVP merci d'envoyer le fichier C:\DOCUME~1\DEKERR~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 27022008_23370878.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------




J'ai fait aussi un rapport avec hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 00:21:21, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Jeux\Daemon\DAEMON Tools\daemon.exe
D:\Mes dossiers\Louis Jeux\Samsung\SMSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Jeux\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Jeux\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Jeux\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMSTray] D:\Mes dossiers\Louis Jeux\Samsung\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Jeux\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\DE KERROS\Local Settings\Temp\{6A19D6B7-9E2A-4A60-AF8D-693A0EA64CEC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\DE KERROS\Local Settings\Temp\{55674325-43FD-48E5-B2B1-421A20BA6C59}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Contenus similaires
28 Février 2008 00:46:12

Slt louloulepr o87 .
Comment t'a fait pour demarer MSNFix????
Il me mais "eror eror eror" le fichier n'estt pas un fichier executable !!!
Aide moi stp !!!
28 Février 2008 00:48:05

Ben je l'avais chopé sur un autre site d'aide pour virer c virus de merde. Cherche sur google msnfix
28 Février 2008 00:55:00

Bonjour XmichouX, dois je créer un nouveau sujet pour ce même virus ou je peux rester sur ce sujet ?
Merci
28 Février 2008 01:36:17

...
C'est le sujet de paulo ici .
28 Février 2008 14:05:14

merci pour l'aide
mais comment je vais faire pour savoir comment le virus a disparu ou pas?
28 Février 2008 14:52:23

Tu m'envoies le rapport d'msn fix déjà :o  :D 
28 Février 2008 17:31:08

a ok ok

MSNFix 1.673

C:\Documents and Settings\KHMER\Bureau\MSNFix\MSNFix
Fix exécuté le 28/02/2008 - 13:47:50,34 By KHMER
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe

************************ Recherche les dossiers présents

... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe


************************ Suppression des dossiers

/!\ ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\Install.zip] 184E4D33505C93BDC297E2CE5FF39893

==> SVP merci d'envoyer le fichier C:\DOCUME~1\KHMER\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28022008_13541835.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

28 Février 2008 17:43:48

Re,

SUpprime C:\Temp.

PUis Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
28 Février 2008 18:19:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:04, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\FlashGet\flashget.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Driver] C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/install...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 15118 bytes
28 Février 2008 19:33:46

Bien,

Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Driver] C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZW

Puis Fix Checked !

**********

Télécharge BTFix (de Bibi26)
Dézippe le sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, poste le ici.
28 Février 2008 20:55:37

BTFix 1.081 (par bibi26) - 28/02/2008 20:55:04 - Analyse
Lancé depuis D:\Mes documents\My Received Files\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
- C:\Program Files\MSN Messenger\RICHED20.dll
- C:\Documents and Settings\KHMER\Menu Démarrer\Programmes\WhenU\

---> Analyse terminée
28 Février 2008 20:59:10

yen a encore beaucoup a faire ou c'est le dernier?
Si le virus est partit dis le moi directement
28 Février 2008 22:26:30

Re,

1 : ne sois pas si hatif, on prend de notre temps libre pour t'aider.
2 : Non.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Btfix, clique sur nettoyer, poste le rapport généré.


Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
29 Février 2008 19:46:26

le rapport de Btfix :
BTFix 1.081 (par bibi26) - 29/02/2008 19:38:59 - Nettoyage - Mode sans échec
Lancé depuis D:\Mes documents\My Received Files\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés

---> Nettoyage terminé
29 Février 2008 19:56:41

j ai ce probleme mais il ne se manifeste pas exactement comme ca et je n ai aucune réponse depuis hier... je suis un peu désespérée pouvez vous m aider?
29 Février 2008 20:00:48

rapport de Clean :

29/02/2008 a 19:47:39,46

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
29 Février 2008 20:43:52

Tu as fait deux fois btfix ..?

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
2 Mars 2008 16:15:43

RAPPORT AVG ANTI SPYWARE :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:57:30 02/03/2008

+ Résultat de l'analyse:



HKU\S-1-5-21-1292428093-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.482:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.212:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.36:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.37:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.39:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.40:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.42:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.43:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.44:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.80:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.858:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.242:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.243:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.244:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.245:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.246:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.247:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.248:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.249:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.250:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.251:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.252:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.253:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.254:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.255:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.256:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.257:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.258:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.259:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.260:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.261:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.262:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.263:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.264:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.265:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.266:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.267:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.268:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.269:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.270:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.271:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.272:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.273:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.274:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.275:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.276:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.277:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.278:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.279:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.280:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.281:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.282:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.283:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.284:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.285:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.286:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.287:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.189:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.190:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.881:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.882:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.883:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.884:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.885:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.886:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.887:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.888:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.119:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.237:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.238:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.239:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.240:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.241:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.545:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.51:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.364:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.365:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.366:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.367:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.470:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.400:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.401:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.402:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.403:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.404:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.405:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.406:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.407:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.408:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.409:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.778:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.
:mozilla.117:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.118:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.121:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.122:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.123:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.779:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Cqcounter : Nettoyé.
:mozilla.854:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.34:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.111:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\KHMER\Local Settings\Temp\Cookies\khmer@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.525:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.526:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.527:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.528:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.529:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.530:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.445:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.446:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.447:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.448:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.449:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.450:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.209:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.210:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.47:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.157:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.158:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.159:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.290:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.33:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.32:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.288:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.289:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.96:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.97:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.98:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@france.real[2].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@real[2].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\KHMER\Local Settings\Temp\Cookies\khmer@real[2].txt -> TrackingCookie.Real : Nettoyé.
:mozilla.457:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.458:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.459:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.460:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.461:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.462:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.194:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.195:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.196:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.197:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.198:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.199:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.200:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.323:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.617:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.618:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.620:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.635:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.643:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.22:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.25:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.485:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.487:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.488:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.489:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.490:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.491:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.492:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.493:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.103:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.104:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.105:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.106:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.107:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.422:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.423:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.424:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.425:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.100:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.101:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.102:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.99:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@bnpparibas.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.890:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.634:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.177:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.178:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.179:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.180:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.181:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.410:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.411:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.412:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.421:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
D:\Mes documents\Fichiers téléchargés\Downgrade PSP 1.5\MPHDowngrader.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Nettoyé et sauvegardé (mise en quarantaine).
D:\Mes documents\Fichiers téléchargés\Downgrade PSP 1.5\MPHDowngrader\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Nettoyé et sauvegardé (mise en quarantaine).
D:\Mes documents\Fichiers téléchargés\downgrade.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

2 Mars 2008 16:25:02

RAPPORT CLEAN :


Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 02/03/2008 a 16:17:03,95

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !


2 Mars 2008 19:11:44

Reposte un HijackThis.
2 Mars 2008 19:58:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:04, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Flash Driver] C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/install...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 13581 bytes
2 Mars 2008 20:19:10

Apparemment, tu n'as pas coché les lignes comme je te l'avais demandé avant..

Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe

  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
    3 Mars 2008 18:17:22

    c'est quoi la colonne droite de l'outil
    3 Mars 2008 18:41:37

    Tout est bien expliqué.
    3 Mars 2008 19:29:22

    C'est quoi la colonne droite de l'outil?

    Quand j'ouvre le bloc note du dossier Moved files le message me dit :" File move failed" donc je dois faire copier coller sur la colonne droite de l'outil.
    Mais elle est ou cette colonne?
    3 Mars 2008 19:49:47

    Fais ça ..

    Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
    3 Mars 2008 20:47:08

    File move failed. C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe scheduled to be moved on reboot.

    OTMoveIt2 v1.0.20 log created on 03032008_204649
    3 Mars 2008 20:48:28

    et meme kan j'ai reboot le bloc note de moved files sa me fait pareil sa m'écrit file move failed
    3 Mars 2008 23:19:29

    Sélectionne le contenu du cadre ci-dessous :
    Files to delete:
    C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe

    Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
    Il ne doit manquer aucune ligne !

    Enregistre ce fichier sur ton bureau que tu renommeras remove.txt

    Télécharge The Avenger (de Swandog46)

    Dézippe le sur ton bureau.
    Lance le en double cliquant sur l’exe puis fais ok.
    Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
    Sélectionne ton fichier remove.txt se trouvant sur le bureau.

    Clique sur le feu vert puis sur oui.

    Le programme va te demander de redémarrer ton pc, accepte.

    Poste le rapport qui se trouve ici >>C:\avenger.txt<<
    4 Mars 2008 14:05:10

    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:52:27 2008

    13:52:27: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:52:48 2008

    13:52:48: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:52:56 2008

    13:52:56: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:54:05 2008

    13:54:05: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:54:34 2008

    13:54:34: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:54:51 2008

    13:54:51: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:55:09 2008

    13:55:09: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:55:24 2008

    13:55:24: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:55:43 2008

    13:55:43: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    //////////////////////////////////////////
    Avenger Pre-Processor log
    //////////////////////////////////////////

    Platform: Windows XP (build 2600, Service Pack 2)
    Tue Mar 04 13:56:01 2008

    13:56:01: Error: Invalid script. A valid script must begin with a command directive.
    Aborting execution!


    //////////////////////////////////////////


    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
    4 Mars 2008 21:50:16

    Reposte un HijackThis.
    5 Mars 2008 00:06:35

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:05:26, on 05/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\FlashGet\flashget.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
    O4 - HKLM\..\Run: [Flash Driver] C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: SATARAID5.lnk = ?
    O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/install...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 13734 bytes
    5 Mars 2008 16:02:30

    Re,

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS