Se connecter / S'enregistrer
Votre question

Probleme au lancement de firefox [Resolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Octobre 2006 23:47:37

Bonsoir a tous,

y a t'il quelqu'un qui pourrait m'aider?

voila mon probleme:

quand je demarre firefox j'ai une fenetre qui me demande d'installer drivecleaner

comment faire pour m'en debarasser ainsi que des adwares.


j'ai installer trojan remover et voici mon log:


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.4.2. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 24/10/2006 22:47:13
Using Database v6371
Operating System: Microsoft Windows XP Version: 5.1 (Build: 2600 Service Pack 2)
-----------------------------------
22:47:13: Scanning ----------RUNNING PROCESSES-----------
C:\WINDOWS\System32\smss.exe
Filesize: 50688
Company Name: Microsoft Corporation
File Description: Gestionnaire de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: smss.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: smss.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\csrss.exe
Filesize: 6144
Company Name: Microsoft Corporation
File Description: Client Server Runtime Process
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CSRSS.Exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CSRSS.Exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\winlogon.exe
Filesize: 506368
Company Name: Microsoft Corporation
File Description: Application d'ouverture de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: winlogon
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: WINLOGON.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\services.exe
Filesize: 108544
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: services.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\lsass.exe
Filesize: 13312
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: lsass.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe
Filesize: 14032
Company Name: Microsoft Corporation
File Description: Service Executable
File Version: 1.1.1347.0
Internal Name: MsMpEng.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MsMpEng.exe
Product Name: Windows Defender
Product Version: 1.1.1347.0
--------------------
C:\WINDOWS\System32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
Running Processes check stopped at user request.
------------------------------
The shell\open registry entries were not checked.
The WIN.INI was not scanned.
The SYSTEM.INI was not scanned.
The Windows Registry was not scanned.
The ScreenSaver was not checked.
The Windows Registry Active Setup keys were not scanned.
The NT/XP Services registry keys were not scanned.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
Downloaded Program Files were not scanned.
The Windows Services file was not checked.
The AUTOEXEC.BAT file was not checked.
The scan for CAIN AND ABEL was not carried out.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.
------------------------------
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 24/10/2006 22:47:17
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.4.2. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 24/10/2006 22:46:33
Using Database v6371
Operating System: Microsoft Windows XP Version: 5.1 (Build: 2600 Service Pack 2)
-----------------------------------
22:46:33: Scanning ----------RUNNING PROCESSES-----------
C:\WINDOWS\System32\smss.exe
Filesize: 50688
Company Name: Microsoft Corporation
File Description: Gestionnaire de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: smss.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: smss.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\csrss.exe
Filesize: 6144
Company Name: Microsoft Corporation
File Description: Client Server Runtime Process
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CSRSS.Exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CSRSS.Exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\winlogon.exe
Filesize: 506368
Company Name: Microsoft Corporation
File Description: Application d'ouverture de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: winlogon
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: WINLOGON.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\services.exe
Filesize: 108544
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: services.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\lsass.exe
Filesize: 13312
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: lsass.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe
Filesize: 14032
Company Name: Microsoft Corporation
File Description: Service Executable
File Version: 1.1.1347.0
Internal Name: MsMpEng.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MsMpEng.exe
Product Name: Windows Defender
Product Version: 1.1.1347.0
--------------------
C:\WINDOWS\System32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\spoolsv.exe
Filesize: 57856
Company Name: Microsoft Corporation
File Description: Spooler SubSystem App
File Version: 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Internal Name: spoolsv.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: spoolsv.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2696
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
Filesize: 1135728
Company Name: America Online, Inc.
File Description: AOL Connectivity Service
File Version: 2.0.20.1.FR.213
Internal Name: AOLacsd
Copyright: Copyright © 2003 America Online, Inc.
Original Filename: AOLacsd.exe
Product Name: AOL Connectivity Service
Product Version: 2.0.20.1.FR.213
--------------------
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Filesize: 336896
Company Name: GRISOFT, s.r.o.
File Description: AVG Alert Manager
File Version: 7,1,0,365
Internal Name: avgamsvr
Copyright: Copyright © 2005, GRISOFT, s.r.o.
Original Filename: avgamsvr.EXE
Product Name: AVG Anti-Virus System
Product Version: 7.1.0.365
--------------------
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Filesize: 84480
Company Name: GRISOFT, s.r.o.
File Description: AVG Update Service
File Version: 7,1,0,349
Internal Name: avgupsvc
Copyright: Copyright © 2005, GRISOFT, s.r.o.
Original Filename: avgupdsvc.EXE
Product Name: AVG 7.0 Anti-Virus System
Product Version: 7.1.0.349
--------------------
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Filesize: 281088
Company Name: GRISOFT, s.r.o.
File Description: AVG E-Mail Scanner
File Version: 7,1,0,400
Internal Name: avgemc
Copyright: Copyright © 2006, GRISOFT, s.r.o.
Original Filename: avgemc.exe
Product Name: AVG Anti-Virus System
Product Version: 7.1.0.400
--------------------
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
Filesize: 221266
File Description: CLCapSvc Module
File Version: 4.00.1710
Internal Name: CLCapSvc
Copyright: Copyright 2004
Original Filename: CLCapSvc.EXE
Product Name: CLCapSvc Module
Product Version: 4.00.1710
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
Filesize: 61440
Company Name: Cyberlink
File Description: NT CLMLServer
File Version: 1, 1, 0, 1619
Internal Name: NT CLMLServer
Copyright: Copyright c 2004
Original Filename: CLMLServer.exe
Product Name: Cyberlink Media Library Server
Product Version: 1, 1, 0, 1619
--------------------
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
Filesize: 737381
Company Name: Cyberlink
File Description: Cyberlink MediaLibrary NT Service
File Version: 1, 1, 0, 1619
Internal Name: CLMLService
Copyright: Copyright c 2004
Original Filename: CLMLService.exe
Product Name: Cyberlink MediaLibrary NT Service
Product Version: 1, 1, 0, 1619
--------------------
c:\APPS\HIDSERVICE\HIDSERVICE.exe
Filesize: 49152
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
Filesize: 270336
Company Name: Microsoft Corporation
File Description: Machine Debug Manager
File Version: 7.00.9064.9150
Internal Name: mdm.exe
Copyright: Copyright (C) Microsoft Corp. 1997-2000
Original Filename: mdm.exe
Product Name: Microsoft Development Environment
Product Version: 7.00.9064.9150
--------------------
C:\WINDOWS\system32\o2flash.exe
Filesize: 36864
--------------------
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Filesize: 49152
Company Name: Ulead Systems, Inc.
File Description: ULCDRSvr
File Version: 1, 0, 0, 3
Internal Name: ULCDRSvr
Copyright: Copyright © 2002 Ulead Systems, Inc.
Original Filename: ULCDRSvr.exe
Product Name: Ulead Systems ULCDRSvr
Product Version: 1, 0, 0, 3
--------------------
C:\WINDOWS\system32\wdfmgr.exe
Filesize: 38912
Company Name: Microsoft Corporation
File Description: Windows User Mode Driver Manager
File Version: 5.2.3790.1230 built by: DNSRV(bld4act)
Internal Name: WdfMgr
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: WdfMgr.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.2.3790.1230
--------------------
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
Filesize: 110672
File Description: CLSched Module
File Version: 4.00.1710
Internal Name: CLSched
Copyright: Copyright 2004
Original Filename: CLSched.EXE
Product Name: CLSched Module
Product Version: 4.00.1710
--------------------
C:\WINDOWS\System32\alg.exe
Filesize: 44544
Company Name: Microsoft Corporation
File Description: Application Layer Gateway Service
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: ALG.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ALG.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Filesize: 98394
Company Name: Synaptics, Inc.
File Description: TouchPad Driver Helper Application
File Version: 7.14.0 10Mar05
Internal Name: SynTPLpr
Copyright: Copyright (C) Synaptics, Inc. 1996-2004
Original Filename: SynTPLpr.exe
Product Name: Synaptics Pointing Device Driver
Product Version: 7.14.0 10Mar05
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Filesize: 688218
Company Name: Synaptics, Inc.
File Description: Synaptics TouchPad Enhancements
File Version: 7.14.0 10Mar05
Internal Name: Synaptics Enhancements Application
Copyright: Copyright (C) Synaptics, Inc. 1996-2004
Original Filename: SynTPEnh.exe
Product Name: Synaptics Pointing Device Driver
Product Version: 7.14.0 10Mar05
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Filesize: 45056
Company Name: ATI Technologies Inc.
File Description: CLI Application (Command Line Interface)
File Version: 1.11.0.0
Internal Name: CLI.exe
Copyright: 2002-2005
Trademark:
Original Filename: CLI.exe
Product Name: Catalyst Control Centre
Product Version: 1.11.0.0
Comments: Command Line Interface application for all ACE Components
--------------------
C:\WINDOWS\RTHDCPL.EXE
Filesize: 15797248
Company Name: Realtek Semiconductor Corp.
File Description: Realtek HD Audio Control Panel
File Version: 2.0.3.4
Copyright: Copyright (c) 2004 Realtek Semiconductor Corp.
Original Filename: RTHDCPL.EXE
Product Name: Realtek HD Audio Sound Effect Manager
Product Version: 2.0.3.4
--------------------
C:\WINDOWS\system32\WLan.exe
Filesize: 221184
File Description: WLAN MFC Application
File Version: 1. 0. 0. 5
Internal Name: WLAN
Copyright: Copyright (C) 2005
Original Filename: WLAN.EXE
Product Name: WLAN Application
Product Version: 1. 0. 0. 5
--------------------
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Filesize: 36975
Company Name: Sun Microsystems, Inc.
File Description: Java(TM) 2 Platform Standard Edition binary
File Version: 5.0.60.5
Internal Name: Java(TM) Update Scheduler
Copyright: Copyright © 2004
Original Filename: jusched.exe
Product Name: Java(TM) 2 Platform Standard Edition 5.0 Update 6
Product Version: 5.0.60.5
--------------------
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
Filesize: 90112
Company Name: Ulead Systems, Inc.
File Description: AutoDetector
File Version: 2.0.0.0
Internal Name: AutoDetector
Copyright: Copyright (c)1992-2004. Ulead Systems, Inc. All rights reserved.
Trademark: Ulead Systems, MediaStudio and Ulead Photo Explorer are registered trademarks of Ulead Systems, Inc.
Original Filename: MONITOR.EXE
Product Name: Ulead AutoDetector
Product Version: 2.0.0.0
--------------------
C:\Apps\Powercinema\PCMService.exe
Filesize: 127118
Company Name: CyberLink Corp.
File Description: CyberLink PowerCinema Resident Program
File Version: 4.0.0.0000
Internal Name: CyberLink PowerCinema Resident Program
Copyright: Copyright (c) 2005 CyberLink Corp.
Original Filename: PCMService.exe
Product Name: Cyberlink PowerCinema
Product Version: 4.0.0.0000
--------------------
C:\Program Files\QuickTime\qttask.exe
Filesize: 282624
Company Name: Apple Computer, Inc.
File Description: QuickTime Task
File Version: 7.1.3
Internal Name: QuickTime Task
Copyright: Copyright Apple Computer, Inc. 1989-2006
Original Filename: QTTask.exe
Product Name: QuickTime
Product Version: QuickTime 7.1.3
--------------------
C:\Program Files\iTunes\iTunesHelper.exe
Filesize: 229952
Company Name: Apple Computer, Inc.
File Description: iTunesHelper Module
File Version: 7.0.1.8
Internal Name: iTunesHelper
Copyright: © 2003-2006 Apple Computer, Inc. All Rights Reserved.
Original Filename: iTunesHelper.exe
Product Name: iTunes
Product Version: 7.0.1.8
--------------------
C:\WINDOWS\system32\rundll32.exe
Filesize: 33792
Company Name: Microsoft Corporation
File Description: Exécuter une DLL en tant qu'application
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: rundll
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: RUNDLL.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
Filesize: 777424
Company Name: Microsoft Corporation
File Description: Windows Defender User Interface
File Version: 1.1.1347.0
Internal Name: MSASCUI
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MSASCUI.exe
Product Name: Windows Defender
Product Version: 1.1.1347.0
--------------------
C:\APPS\SMP\SmpSys.exe
Filesize: 975360
Company Name: Packard Bell BV
File Description: SmpSys.exe
File Version: 1.0.0.0
Internal Name: Setup my PC Systray
Copyright: Packard Bell BV
Trademark: Packard Bell BV
Original Filename: SmpSys.exe
Product Name: Setup my PC
Product Version: 1.0.0.0
--------------------
C:\WINDOWS\system32\ctfmon.exe
Filesize: 15360
Company Name: Microsoft Corporation
File Description: CTF Loader
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CTFMON
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CTFMON.EXE
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Filesize: 839680
File Description: ADIMON MFC Application
File Version: 1, 0, 0, 1
Internal Name: DSLMON
Copyright: Copyright (C) 2000
Original Filename: ADIMON.EXE
Product Name: DSLMON Application
Product Version: 1, 0, 0, 1
--------------------
C:\Program Files\iPod\bin\iPodService.exe
Filesize: 451136
Company Name: Apple Computer, Inc.
File Description: iPodService Module
File Version: 7.0.1.8
Internal Name: iPodService
Copyright: © 2003-2006 Apple Computer, Inc. All Rights Reserved.
Original Filename: iPodService.exe
Product Name: iTunes
Product Version: 7.0.1.8
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize: 7190637
Company Name: Mozilla Corporation
File Description: Firefox
File Version: 1.8.0.7: 2006090918
Internal Name: Firefox
Copyright: Mozilla Corporation
Trademark: Firefox is a Trademark of The Mozilla Foundation.
Original Filename: firefox.exe
Product Name: Firefox
Product Version: 1.5.0.7
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Filesize: 45056
Company Name: ATI Technologies Inc.
File Description: CLI Application (Command Line Interface)
File Version: 1.11.0.0
Internal Name: CLI.exe
Copyright: 2002-2005
Trademark:
Original Filename: CLI.exe
Product Name: Catalyst Control Centre
Product Version: 1.11.0.0
Comments: Command Line Interface application for all ACE Components
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
Filesize: 45056
Company Name: ATI Technologies Inc.
File Description: CLI Application (Command Line Interface)
File Version: 1.11.0.0
Internal Name: CLI.exe
Copyright: 2002-2005
Trademark:
Original Filename: CLI.exe
Product Name: Catalyst Control Centre
Product Version: 1.11.0.0
Comments: Command Line Interface application for all ACE Components
--------------------
C:\WINDOWS\explorer.exe
Filesize: 1036288
Company Name: Microsoft Corporation
File Description: Explorateur Windows
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: explorer
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: EXPLORER.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2900.2180
--------------------
C:\Documents and Settings\ludovic\Bureau\erasor.exe
Filesize: 163840
Company Name: Lionel Allorge
File Description: Application MFC Erasor
File Version: 2, 1, 0, 0
Internal Name: Erasor
Copyright: Copyright (C) 2000
Original Filename: Erasor.EXE
Product Name: Application Erasor
Product Version: 2, 1, 0, 0
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
Filesize: 93184
Company Name: Microsoft Corporation
File Description: Internet Explorer
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: iexplore
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: IEXPLORE.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2900.2180
--------------------
C:\Program Files\Gaim\gaim.exe
Filesize: 69793
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize: 7190637
Company Name: Mozilla Corporation
File Description: Firefox
File Version: 1.8.0.7: 2006090918
Internal Name: Firefox
Copyright: Mozilla Corporation
Trademark: Firefox is a Trademark of The Mozilla Foundation.
Original Filename: firefox.exe
Product Name: Firefox
Product Version: 1.5.0.7
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize: 7190637
Company Name: Mozilla Corporation
File Description: Firefox
File Version: 1.8.0.7: 2006090918
Internal Name: Firefox
Copyright: Mozilla Corporation
Trademark: Firefox is a Trademark of The Mozilla Foundation.
Original Filename: firefox.exe
Product Name: Firefox
Product Version: 1.5.0.7
--------------------
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications
------------------------------
22:46:38: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
------------------------------
22:46:38: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
------------------------------
22:46:38: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key does not contain a Shell value so nothing to check
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's Shell value calls the following program(s):
Explorer.exe - this program is expected and has been left in place
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = IMJPMIG8.1
Value Data = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - this command has been left in place
--------------------
Value Name = PHIME2002ASync
Value Data = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC - this command has been left in place
--------------------
Value Name = PHIME2002A
Value Data = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName - this command has been left in place
--------------------
Value Name = SynTPLpr
Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
--------------------
Value Name = SynTPEnh
Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
--------------------
Value Name = Raccourci vers la page des propriétés de High Definition Audio
Value Data = HDAShCut.exe - this command has been left in place
--------------------
Value Name = ATICCC
Value Data = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay - this command has been left in place
--------------------
Value Name = RTHDCPL
Value Data = RTHDCPL.EXE - this command has been left in place
--------------------
Value Name = Alcmtr
Value Data = ALCMTR.EXE - this command has been left in place
--------------------
Value Name = WLAN
Value Data = C:\WINDOWS\system32\WLan.exe - this command has been left in place
--------------------
Value Name = SunJavaUpdateSched
Value Data = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe - this command has been left in place
--------------------
Value Name = Ulead AutoDetector v2
Value Data = C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe - this command has been left in place
--------------------
Value Name = PCMService
Value Data = c:\Apps\Powercinema\PCMService.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = AVG7_CC
Value Data = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP - this command has been left in place
--------------------
Value Name = iTunesHelper
Value Data = C:\Program Files\iTunes\iTunesHelper.exe - this command has been left in place
--------------------
Value Name = atpcbbl.dll
Value Data = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd - this command has been left in place
--------------------
Value Name = PVModule
Value Data = C:\PROGRA~1\PRINTV~1\pvmodule.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = IpWins
Value Data = C:\Program Files\ipwins\ipwins.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = Windows Defender
Value Data = C:\Program Files\Windows Defender\MSASCui.exe" -hide - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = MSMSGS
Value Data = C:\Program Files\Messenger\msmsgs.exe" /background - this command has been left in place
--------------------
Value Name = SmpcSys
Value Data = C:\APPS\SMP\SmpSys.exe - this command has been left in place
--------------------
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
--------------------
Checking for an active ScreenSaver:
ScreenSaver=C:\WINDOWS\system32\logon.scr - this command has been left in place
--------------------
------------------------------
22:46:45: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
------------------------------
22:46:46: Scanning ----- NT/XP SERVICES REGISTRY KEYS -----
Checking files called from the NT/XP CurrentControlSet\Services Keys:
Key=abp480n5
ImagePath=system32\DRIVERS\ABP480N5.SYS - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=system32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=adpu160m
ImagePath=system32\DRIVERS\adpu160m.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=system32\DRIVERS\agp440.sys - this reference has been left in place
----------
Key=agpCPQ
ImagePath=system32\DRIVERS\agpCPQ.sys - this reference has been left in place
----------
Key=Aha154x
ImagePath=system32\DRIVERS\aha154x.sys - this reference has been left in place
----------
Key=aic78u2
ImagePath=system32\DRIVERS\aic78u2.sys - this reference has been left in place
----------
Key=aic78xx
ImagePath=system32\DRIVERS\aic78xx.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AliIde
ImagePath=system32\DRIVERS\aliide.sys - this reference has been left in place
----------
Key=alim1541
ImagePath=system32\DRIVERS\alim1541.sys - this reference has been left in place
----------
Key=amdagp
ImagePath=system32\DRIVERS\amdagp.sys - this reference has been left in place
----------
Key=amsint
ImagePath=system32\DRIVERS\amsint.sys - this reference has been left in place
----------
Key=AOL ACS
ImagePath=C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=asc
ImagePath=system32\DRIVERS\asc.sys - this reference has been left in place
----------
Key=asc3350p
ImagePath=system32\DRIVERS\asc3350p.sys - this reference has been left in place
----------
Key=asc3550
ImagePath=system32\DRIVERS\asc3550.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=Avg7Alrt
ImagePath=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe - this reference has been left in place
----------
Key=Avg7Core
ImagePath=\SystemRoot\System32\Drivers\avg7core.sys - this reference has been left in place
----------
Key=Avg7RsW
ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place
----------
Key=Avg7RsXP
ImagePath=\SystemRoot\System32\Drivers\avg7rsxp.sys - this reference has been left in place
----------
Key=Avg7UpdSvc
ImagePath=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe - this reference has been left in place
----------
Key=AVGEMS
ImagePath=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe - this reference has been left in place
----------
Key=AvgTdi
ImagePath=\SystemRoot\System32\Drivers\avgtdi.sys - this reference has been left in place
----------
Key=cbidf
ImagePath=system32\DRIVERS\cbidf2k.sys - this reference has been left in place
----------
Key=cd20xrnt
ImagePath=system32\DRIVERS\cd20xrnt.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CIR
ImagePath=system32\DRIVERS\CIR.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=CLCapSvc
ImagePath="c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CLSched
ImagePath="c:\APPS\Powercinema\Kernel\TV\CLSched.exe" - this reference has been left in place
----------
Key=CmBatt
ImagePath=system32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=CmdIde
ImagePath=system32\DRIVERS\cmdide.sys - this reference has been left in place
----------
Key=Compbatt
ImagePath=system32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Cpqarray
ImagePath=system32\DRIVERS\cpqarray.sys - this reference has been left in place
----------
Key=CyberLink Media Library Service
ImagePath="C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" - this reference has been left in place
----------
Key=dac2w2k
ImagePath=system32\DRIVERS\dac2w2k.sys - this reference has been left in place
----------
Key=dac960nt
ImagePath=system32\DRIVERS\dac960nt.sys - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=dpti2o
ImagePath=system32\DRIVERS\dpti2o.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=E100B
ImagePath=system32\DRIVERS\e100b325.sys - this reference has been left in place
----------
Key=e4usbaw
ImagePath=system32\DRIVERS\e4usbaw.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=GEARAspiWDM
ImagePath=System32\Drivers\GEARAspiWDM.sys - this reference has been left in place
----------
Key=GenericHidService
ImagePath=c:\APPS\HIDSERVICE\HIDSERVICE.exe - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=HdAudAddService
ImagePath=system32\drivers\HdAudio.sys - this reference has been left in place
----------
Key=HDAudBus
ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=hpn
ImagePath=system32\DRIVERS\hpn.sys - this reference has been left in place
----------
Key=HSF_DPV
ImagePath=system32\DRIVERS\HSX_DPV.sys - this reference has been left in place
----------
Key=HSXHWAZL
ImagePath=system32\DRIVERS\HSXHWAZL.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i2omp
ImagePath=system32\DRIVERS\i2omp.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=IKANLOADER2
ImagePath=System32\Drivers\e4ldr.sys - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=ini910u
ImagePath=system32\DRIVERS\ini910u.sys - this reference has been left in place
----------
Key=IntcAzAudAddService
ImagePath=system32\drivers\RtkHDAud.sys - this reference has been left in place
----------
Key=IntelIde
ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=kbd
ImagePath=system32\DRIVERS\kbd.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kioport
ImagePath=System32\drivers\kioport.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=MDM
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" - this reference has been left in place
----------
Key=mdmxsdk
ImagePath=system32\DRIVERS\mdmxsdk.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=mraid35x
ImagePath=system32\DRIVERS\mraid35x.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MySqlInventime
ImagePath=c:\mysql\bin\mysqld-max-nt MySqlInventime - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=O2Flash
ImagePath=C:\WINDOWS\system32\o2flash.exe - this reference has been left in place
----------
Key=O2MDRDR
ImagePath=system32\DRIVERS\o2media.sys - this reference has been left in place
----------
Key=O2SDRDR
ImagePath=system32\DRIVERS\o2sd.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=perc2
ImagePath=system32\DRIVERS\perc2.sys - this reference has been left in place
----------
Key=perc2hib
ImagePath=system32\DRIVERS\perc2hib.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=system32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=ql1080
ImagePath=system32\DRIVERS\ql1080.sys - this reference has been left in place
----------
Key=Ql10wnt
ImagePath=system32\DRIVERS\ql10wnt.sys - this reference has been left in place
----------
Key=ql12160
ImagePath=system32\DRIVERS\ql12160.sys - this reference has been left in place
----------
Key=ql1240
ImagePath=system32\DRIVERS\ql1240.sys - this reference has been left in place
----------
Key=ql1280
ImagePath=system32\DRIVERS\ql1280.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=system32\DRIVERS\sisagp.sys - this reference has been left in place
----------
Key=Sparrow
ImagePath=system32\DRIVERS\sparrow.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{4F20079B-9003-46EB-AFC3-0037ECFBBC7A} - this reference has been left in place
----------
Key=symc810
ImagePath=system32\DRIVERS\symc810.sys - this reference has been left in place
----------
Key=symc8xx
ImagePath=system32\DRIVERS\symc8xx.sys - this reference has been left in place
----------
Key=sym_hi
ImagePath=system32\DRIVERS\sym_hi.sys - this reference has been left in place
----------
Key=sym_u3
ImagePath=system32\DRIVERS\sym_u3.sys - this reference has been left in place
----------
Key=SynTP
ImagePath=system32\DRIVERS\SynTP.sys - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TosIde
ImagePath=system32\DRIVERS\toside.sys - this reference has been left in place
----------
Key=UleadBurningHelper
ImagePath=C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe - this reference has been left in place
----------
Key=ultra
ImagePath=system32\DRIVERS\ultra.sys - this reference has been left in place
----------
Key=UMWdf
ImagePath=C:\WINDOWS\system32\wdfmgr.exe - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp
ImagePath=system32\DRIVERS\viaagp.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=w39n51
ImagePath=system32\DRIVERS\w39n51.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wanatw
ImagePath=system32\DRIVERS\wanatw4.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=system32\DRIVERS\HSX_CNXT.sys - this reference has been left in place
----------
Key=WinDefend
ImagePath="C:\Program Files\Windows Defender\MsMpEng.exe" - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
------------------------------
22:47:05: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded
------------------------------
22:47:05: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=AtiExtEvent
DLLName=Ati2evxx.dll - this reference has been left in place
----------
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=vtutt
DLLName=C:\WINDOWS\system32\vtutt.dll - this reference has been left in place
----------
Key=wingdm32
DLLName=wingdm32.dll - this reference has been left in place [file not found to scan]
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------
------------------------------
22:47:05: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443}
C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL - this Browser Helper Object has been left in place
----------
Key = {26166ECA-5121-6013-E66E-0A089755BB38}
C:\WINDOWS\system32\jsmbqml.dll - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {84504923-AF48-4A05-AD25-75857665F26E}
C:\WINDOWS\system32\vtutt.dll - this Browser Helper Object has been left in place
----------
Key = {a43385f0-7113-496d-96d7-b9b550e3fcca}
C:\WINDOWS\system32\ixt0.dll - this Browser Helper Object has been left in place [file not found to scan]
----------
Key = {D4E0C464-30CE-4075-9A10-71FD106C2847}
C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL - this Browser Helper Object has been left in place
----------
------------------------------
22:47:06: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
%SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
------------------------------
22:47:06: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
------------------------------
22:47:06: Scanning ------ COMMON STARTUP GROUP ------
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
DSLMON.lnk - this links to C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe and has been left in place
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place
------------------------------
No User Startup Groups were located to check
------------------------------
22:47:06: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
------------------------------
22:47:06: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
------------------------------
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
file://C:\APPS\IE\offline\fr.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
------------------------------
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 24/10/2006 22:47:06
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.4.2. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 24/10/2006 22:44:55
Using Database v6371
Operating System: Microsoft Windows XP Version: 5.1 (Build: 2600 Service Pack 2)
-----------------------------------
22:44:55: Scanning ----------RUNNING PROCESSES-----------
C:\WINDOWS\System32\smss.exe
Filesize: 50688
Company Name: Microsoft Corporation
File Description: Gestionnaire de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: smss.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: smss.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\csrss.exe
Filesize: 6144
Company Name: Microsoft Corporation
File Description: Client Server Runtime Process
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: CSRSS.Exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CSRSS.Exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\winlogon.exe
Filesize: 506368
Company Name: Microsoft Corporation
File Description: Application d'ouverture de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: winlogon
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: WINLOGON.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\services.exe
Filesize: 108544
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: services.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\lsass.exe
Filesize: 13312
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: lsass.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Filesize: 405504
Company Name: ATI Technologies Inc.
File Description: ATI External Event Utility EXE Module
File Version: 6.14.10.4129
Internal Name: ATI2EVXX.EXE
Copyright: Copyright © 1999-2004 ATI Technologies Inc.
Original Filename: ATI2EVXX.EXE
Product Name: ATI External Event Utility for WindowsNT and Windows9X
Product Version: 6.14.10.4129.01
--------------------
C:\WINDOWS\system32\svchost.exe
Filesize: 14336
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
-------

Autres pages sur : probleme lancement firefox resolu

a b 8 Sécurité
25 Octobre 2006 12:35:04

Bonjour,

C:\WINDOWS\system32\atpcbbl.dll
-> ca ressemble a du Vundo

Fais bien TOUT ce qui suit.

- Télécharge Hijackthis de Merjin
- Mets le dans un dossier ou sur ton bureau
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide


- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier

- Colle le rapport ici.

Aide sur Hijackthis
25 Octobre 2006 18:36:16

voici mon rapport:

Logfile of HijackThis v1.99.1
Scan saved at 18:32:40, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ludovic\Bureau\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll
O2 - BHO: (no name) - {38AA0C82-72FF-4980-9CDB-3A0723563F3A} - C:\WINDOWS\system32\vtutt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Contenus similaires
a b 8 Sécurité
25 Octobre 2006 18:42:19

J'avais raison ^^

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    25 Octobre 2006 22:59:29

    Vundo rapport:


    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.4

    Java version is 1.5.0.6

    Scan started at 22:00:34 25/10/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\atpcbbl.dll
    C:\WINDOWS\system32\cbxvusp.dll
    C:\WINDOWS\system32\jsmbqml.dll
    C:\WINDOWS\system32\vtutt.dll
    C:\WINDOWS\system32\ttutv.ini
    C:\WINDOWS\system32\ttutv.bak1
    C:\WINDOWS\system32\ttutv.ini2
    C:\WINDOWS\system32\ttutv.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\atpcbbl.dll
    C:\WINDOWS\system32\atpcbbl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxvusp.dll
    C:\WINDOWS\system32\cbxvusp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jsmbqml.dll
    C:\WINDOWS\system32\jsmbqml.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtutt.dll
    C:\WINDOWS\system32\vtutt.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ttutv.ini
    C:\WINDOWS\system32\ttutv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ttutv.bak1
    C:\WINDOWS\system32\ttutv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ttutv.ini2
    C:\WINDOWS\system32\ttutv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ttutv.tmp
    C:\WINDOWS\system32\ttutv.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\vtutt.dll
    C:\WINDOWS\system32\vtutt.dll Has been deleted!

    Performing Repairs to the registry.
    Done!




    Rapport hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:17:49, on 25/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLan.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\APPS\SMP\SmpSys.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\ludovic\Bureau\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=h...{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
    O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {767BFDE7-9606-46E1-BB2B-A86231412F36} - C:\WINDOWS\system32\vtutt.dll (file missing)
    O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
    O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd
    O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    j'ai un probleme maintenant au demarrage de windows

    il me dit erreur de demarrage C:\WINDOWS\system32\atpcbbl.dll
    a b 8 Sécurité
    26 Octobre 2006 15:13:54

    il me dit erreur de demarrage C:\WINDOWS\system32\atpcbbl.dll
    --> normal ;) 
    On y s'occupera de ca apres.

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    26 Octobre 2006 19:53:20

    voici mon rapport:

    ludovic - 06-10-26 19:51:44,87 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\ludovic\Bureau\parus"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ismini.exe
    C:\WINDOWS\system32\issearch.exe
    C:\Program Files\PrintView
    C:\Program Files\Safety Bar
    C:\WINDOWS\system32\components
    C:\Program Files\Fichiers communs\{3415E6BF-0724-1036-0403-060330060021}
    C:\Program Files\Fichiers communs\{D415E6BF-0724-1036-0403-060330060021}


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))


    2006-10-23 20:38 67,604 --a------ C:\WINDOWS\system32\ijdkmgwb.exe
    2006-10-15 23:14 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2006-10-15 23:14 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
    2006-10-15 23:14 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
    2006-10-15 23:14 26,088 --a------ C:\WINDOWS\system32\xmlinst.exe
    2006-10-15 23:14 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2006-10-15 23:13 185,344 --a------ C:\WINDOWS\patchw32.dll
    2006-10-14 08:29 173,056 --a------ C:\WINDOWS\system32\cncs32.dll
    2006-10-02 19:13 1,270,912 --a------ C:\WINDOWS\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe
    2006-10-02 06:35 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-10-02 06:35 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-10-02 06:35 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-10-02 06:35 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-10-02 06:35 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
    2006-10-02 06:11 63,555 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys
    2006-10-02 06:11 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys
    2006-10-02 06:11 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL
    2006-10-02 06:11 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL
    2006-10-02 06:11 24,576 --a------ C:\WINDOWS\enddisk32.exe
    2006-10-02 06:11 176,128 --a------ C:\WINDOWS\autoclk.exe
    2006-10-02 06:11 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
    2006-10-02 06:11 143,360 --a------ C:\WINDOWS\adiras.exe
    2006-10-02 06:11 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe
    2006-10-02 06:11 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE
    2006-10-02 06:11 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
    2006-10-02 06:11 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys
    2006-10-02 06:11 114,616 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys
    2006-10-02 00:48 36,864 --a------ C:\WINDOWS\jRegistryKey.dll
    2006-10-02 00:47 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
    2006-10-02 00:47 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2006-10-02 00:47 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
    2006-10-02 00:47 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
    2006-10-02 00:47 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-02 00:40 98,304 -ra------ C:\WINDOWS\system32\unzip32.dll
    2006-10-02 00:40 114,688 --a------ C:\WINDOWS\system32\showtime.scr
    2006-10-02 00:35 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
    2006-10-02 00:34 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
    2006-10-02 00:34 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
    2006-10-02 00:34 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
    2006-10-02 00:34 225,280 --a------ C:\WINDOWS\system32\AOLDial.dll
    2006-10-02 00:34 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
    2006-10-02 00:34 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
    2006-10-02 00:34 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
    2006-10-02 00:32 0 -rahs---- C:\MSDOS.SYS
    2006-10-02 00:32 0 -rahs---- C:\IO.SYS
    2006-10-02 00:31 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2006-10-02 00:25 3,968 --a------ C:\WINDOWS\system32\drivers\kioport.sys
    2006-10-02 00:25 221,184 --a------ C:\WINDOWS\system32\WLAN.exe
    2006-10-02 00:24 935,424 --a------ C:\WINDOWS\system32\drivers\HSX_DPV.sys
    2006-10-02 00:24 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
    2006-10-02 00:24 672,256 --a------ C:\WINDOWS\system32\drivers\HSX_CNXT.sys
    2006-10-02 00:24 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
    2006-10-02 00:24 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2006-10-02 00:24 196,608 --a------ C:\WINDOWS\system32\drivers\HSXHWAZL.sys
    2006-10-02 00:24 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
    2006-10-02 00:24 12,544 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
    2006-10-02 00:24 114,688 --a------ C:\WINDOWS\system32\Uci32104.dll
    2006-10-02 00:23 9,710,592 --a------ C:\WINDOWS\RTLCPL.exe
    2006-10-02 00:23 86,016 --a------ C:\WINDOWS\SoundMan.exe
    2006-10-02 00:23 69,632 --a------ C:\WINDOWS\Alcmtr.exe
    2006-10-02 00:23 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
    2006-10-02 00:23 4,127,232 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys
    2006-10-02 00:23 356,352 --a------ C:\WINDOWS\RtlUpd.exe
    2006-10-02 00:23 2,809,856 --a------ C:\WINDOWS\alcwzrd.exe
    2006-10-02 00:23 2,142,208 --a------ C:\WINDOWS\MicCal.exe
    2006-10-02 00:23 15,797,248 --a------ C:\WINDOWS\RTHDCPL.exe
    2006-10-02 00:22 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-10-02 00:22 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-10-02 00:22 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-10-02 00:22 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-10-02 00:22 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-10-02 00:22 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-10-02 00:22 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-10-02 00:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-10-02 00:21 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2006-10-02 00:21 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-10-02 00:21 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2006-10-02 00:21 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
    2006-10-02 00:21 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-10-02 00:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-10-02 00:10 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
    2006-10-02 00:10 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
    2006-10-02 00:10 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
    2006-10-02 00:09 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
    2006-10-02 00:09 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
    2006-10-02 00:09 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2006-10-02 00:09 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
    2006-10-02 00:09 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
    2006-10-02 00:09 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-26 19:52 -------- d-------- C:\Program Files\Fichiers communs
    2006-10-26 19:49 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-10-26 19:48 -------- d-------- C:\Program Files\Trojan Remover
    2006-10-26 07:00 -------- d-------- C:\Program Files\Mozilla Thunderbird
    2006-10-25 23:04 -------- d-------- C:\Documents and Settings\ludovic\Application Data\.gaim
    2006-10-24 22:48 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Simply Super Software
    2006-10-24 22:24 -------- d-------- C:\Program Files\GIMPshop
    2006-10-24 21:20 -------- d-------- C:\Program Files\Adobe
    2006-10-24 20:17 -------- d-------- C:\Program Files\Fichiers communs\Adobe
    2006-10-24 20:17 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Adobe
    2006-10-24 19:38 -------- d-------- C:\Documents and Settings\ludovic\Application Data\AVG7
    2006-10-23 23:12 -------- d-------- C:\Program Files\Windows Defender
    2006-10-23 20:55 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Opera
    2006-10-22 19:52 -------- d-------- C:\Program Files\VideoLAN
    2006-10-22 19:21 -------- d-------- C:\Program Files\Xi
    2006-10-22 18:43 -------- d-------- C:\Documents and Settings\ludovic\Application Data\vlc
    2006-10-22 18:31 -------- d-------- C:\Program Files\Java
    2006-10-15 23:14 -------- d-------- C:\Program Files\Ubi Soft
    2006-10-15 23:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-15 23:13 -------- d-------- C:\Program Files\ubi.com
    2006-10-15 23:13 -------- d-------- C:\Program Files\Fichiers communs\PocketSoft
    2006-10-15 23:13 -------- d-------- C:\Documents and Settings\ludovic\Application Data\ubi.com
    2006-10-14 21:58 -------- d-------- C:\Documents and Settings\ludovic\Application Data\AdobeUM
    2006-10-14 15:44 -------- d-------- C:\Program Files\Fichiers communs\Vitalize
    2006-10-14 09:50 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Sun
    2006-10-14 08:33 -------- d-------- C:\Program Files\ZC2.10
    2006-10-13 22:38 -------- d-------- C:\Program Files\ScummVM
    2006-10-10 23:56 -------- d-------- C:\Program Files\Gaim
    2006-10-07 03:30 -------- d-------- C:\Program Files\Yetisports
    2006-10-07 01:42 -------- d-------- C:\Program Files\DivXCodec
    2006-10-07 01:06 -------- d-------- C:\Program Files\WinRAR
    2006-10-07 01:06 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Help
    2006-10-06 20:18 -------- d-------- C:\Documents and Settings\ludovic\Application Data\OD2
    2006-10-05 20:16 -------- d---s---- C:\Documents and Settings\ludovic\Application Data\Microsoft
    2006-10-03 23:30 -------- d-------- C:\Program Files\Common Files
    2006-10-03 23:29 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Mozilla
    2006-10-03 23:28 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Thunderbird
    2006-10-03 23:28 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Talkback
    2006-10-03 19:56 -------- d-------- C:\Program Files\iTunes
    2006-10-03 19:56 -------- d-------- C:\Program Files\iPod
    2006-10-02 21:29 -------- d-------- C:\Program Files\PC Inspector File Recovery
    2006-10-02 19:17 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2006-10-02 06:59 -------- d-------- C:\Program Files\Internet Explorer
    2006-10-02 06:56 -------- d-------- C:\Program Files\Outlook Express
    2006-10-02 06:56 -------- d-------- C:\Program Files\Fichiers communs\System
    2006-10-02 06:35 -------- d-------- C:\Program Files\Grisoft
    2006-10-02 06:31 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Apple Computer
    2006-10-02 06:30 -------- d-------- C:\Program Files\QuickTime
    2006-10-02 06:30 -------- d-------- C:\Program Files\Apple Software Update
    2006-10-02 06:24 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Macromedia
    2006-10-02 06:11 -------- d-------- C:\Program Files\SAGEM
    2006-10-02 00:49 -------- d-------- C:\Program Files\Sonic
    2006-10-02 00:49 -------- d-------- C:\Program Files\Fichiers communs\Sonic Shared
    2006-10-02 00:49 -------- d-------- C:\Documents and Settings\ludovic\Application Data\AOL
    2006-10-02 00:47 -------- d-------- C:\Program Files\CyberLink
    2006-10-02 00:46 -------- d-------- C:\Program Files\Microsoft Visual Studio
    2006-10-02 00:46 -------- d-------- C:\Program Files\microsoft office
    2006-10-02 00:46 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
    2006-10-02 00:46 -------- d-------- C:\Program Files\Fichiers communs\Designer
    2006-10-02 00:45 -------- d-------- C:\Program Files\Ulead Systems
    2006-10-02 00:43 -------- d-------- C:\Program Files\Windows Media Components
    2006-10-02 00:43 -------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
    2006-10-02 00:42 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
    2006-10-02 00:41 -------- d-------- C:\Program Files\Fichiers communs\SureThing Shared
    2006-10-02 00:40 -------- d-------- C:\Program Files\ShowTime
    2006-10-02 00:37 -------- d-------- C:\Documents and Settings\ludovic\Application Data\Symantec
    2006-10-02 00:36 -------- d-------- C:\Program Files\Norman
    2006-10-02 00:35 -------- d-------- C:\Program Files\Viewpoint
    2006-10-02 00:35 -------- d-------- C:\Program Files\Learn2.com
    2006-10-02 00:35 -------- d-------- C:\Program Files\Fichiers communs\Nullsoft
    2006-10-02 00:35 -------- d-------- C:\Program Files\Fichiers communs\aolshare
    2006-10-02 00:35 -------- d-------- C:\Program Files\Fichiers communs\AOL
    2006-10-02 00:35 -------- d-------- C:\Program Files\AOL Compagnon
    2006-10-02 00:35 -------- d-------- C:\Program Files\AOL 9.0
    2006-10-02 00:35 -------- d-------- C:\Documents and Settings\ludovic\Application Data\You've Got Pictures Screensaver
    2006-10-02 00:34 -------- d-------- C:\Program Files\Real
    2006-10-02 00:34 -------- d-------- C:\Program Files\Fichiers communs\Real
    2006-10-02 00:32 -------- d-------- C:\Documents and Settings\ludovic\Application Data\ATI
    2006-10-02 00:31 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-02 00:29 -------- d-------- C:\Program Files\Fichiers communs\Java
    2006-10-02 00:25 -------- d-------- C:\Program Files\MiTAC
    2006-10-02 00:25 -------- d-------- C:\Program Files\Messenger
    2006-10-02 00:24 -------- d-------- C:\Program Files\CONEXANT
    2006-10-02 00:23 -------- d-------- C:\Program Files\Realtek
    2006-10-02 00:22 -------- d-------- C:\Program Files\ATI Technologies
    2006-10-02 00:19 -------- d-------- C:\Program Files\Intel
    2006-10-02 00:09 -------- d-------- C:\Program Files\Synaptics
    2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
    2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "SmpcSys"="C:\\APPS\\SMP\\SmpSys.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "WLAN"="C:\\WINDOWS\\system32\\WLan.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "Ulead AutoDetector v2"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
    "PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "atpcbbl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\atpcbbl.dll,vvjkqcd"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Extension de garantie.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-10-26 19:52:16.62
    C:\ComboFix.txt ... 06-10-26 19:52
    a b 8 Sécurité
    26 Octobre 2006 21:02:15

    Re,

    Télécharge Smitfraudfix
    Dézippe-le sur le Bureau.
    Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    NOTE :
    process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    26 Octobre 2006 21:25:56

    mon rapport:

    SmitFraudFix v2.113

    Rapport fait à 21:24:27,62, 26/10/2006
    Executé à partir de C:\Documents and Settings\ludovic\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ot.ico PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ludovic


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ludovic\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ludovic\Favoris

    C:\DOCUME~1\ludovic\Favoris\Antivirus Test Online.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    j'ai aussi un soucis avec Gaim je ne peux pas me connecter

    a b 8 Sécurité
    26 Octobre 2006 22:43:18

    Re,

    Redémarre en mode sans échec

    Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à la ou les questions
    Sauvegarde puis poste le rapport.
    27 Octobre 2006 06:22:35

    rapport :

    SmitFraudFix v2.113

    Rapport fait à 6:13:29,79, 27/10/2006
    Executé à partir de C:\Documents and Settings\ludovic\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\ot.ico supprimé
    C:\DOCUME~1\ludovic\Favoris\Antivirus Test Online.url supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    27 Octobre 2006 11:22:03

    Bonjour,

    Reposte un nouveau rapport HijackThis (enfin scanner).
    27 Octobre 2006 21:22:19

    mon rapport:



    Logfile of HijackThis v1.99.1
    Scan saved at 21:21:48, on 27/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLan.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\APPS\SMP\SmpSys.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\ludovic\Bureau\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
    O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {767BFDE7-9606-46E1-BB2B-A86231412F36} - C:\WINDOWS\system32\vtutt.dll (file missing)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    a b 8 Sécurité
    27 Octobre 2006 21:50:05

    Re,

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {26166ECA-5121-6013-E66E-0A089755BB38} - C:\WINDOWS\system32\jsmbqml.dll (file missing)
    O2 - BHO: (no name) - {767BFDE7-9606-46E1-BB2B-A86231412F36} - C:\WINDOWS\system32\vtutt.dll (file missing)
    O4 - HKLM\..\Run: [atpcbbl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\atpcbbl.dll,vvjkqcd

    Clique sur Fix checked (en bas à gauche)

    D'autres problèmes ?
    27 Octobre 2006 22:15:57

    tout a l'air d'etre OK.

    je tiens a remercier toutes les personnes qui m'ont aidé a resoudre mon probleme.

    si je rencontres des problemes je les mettrez ici

    Et encore merci
    a b 8 Sécurité
    27 Octobre 2006 22:22:10

    Dénonce ton infection (VUNDO) pour faire condamner les auteurs, ça serait sympa.
    Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
    AIDE : Comment rapporter son infection sur Malware-Complaints ?

    Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.

    :hello: 
    27 Octobre 2006 23:19:28

    merci de ton aide precieuse.

    :jap: 
    28 Octobre 2006 00:19:39

    j'observe un ralentissement du traffic sur internet. est ce normal?
    comment y remedier
    a b 8 Sécurité
    28 Octobre 2006 13:20:27

    Re,

    Je ne pense as à un virus.
    Poste un rapport Hijackthis.
    28 Octobre 2006 14:16:15

    mon rapport:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:15:54, on 28/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLan.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\APPS\SMP\SmpSys.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\ludovic\Bureau\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8E781CD1-5C63-4BFC-ADA9-3C2911B8A025}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    a b 8 Sécurité
    28 Octobre 2006 14:24:53

    Re,

    On peux fixer ces lignes inutiles.

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    Clique sur Fix checked (en bas à gauche)

    Sinon ca ne semble pas lié à un virus.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS