Infecté par TROJAN
jeannette_m
Messages postés
3
Statut
Membre
-
l'abruti... -
l'abruti... -
BONJOUR
Mon anti-vius a dedecté un trojan. Voici le rapport de WINLOGON
Process PID CPU Description Company Name
System Idle Process 0 94.03
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 632 Gestionnaire de session Windows NT Microsoft Corporation
csrss.exe 712 Client Server Runtime Process Microsoft Corporation
winlogon.exe 736 Application d'ouverture de session Windows NT Microsoft Corporation
services.exe 780 1.49 Applications Services et Contrôleur Microsoft Corporation
svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1140 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 496 Windows Security Center Notification App Microsoft Corporation
svchost.exe 1188 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1556 Spooler SubSystem App Microsoft Corporation
kavsvc.exe 1984 Anti-Virus Service Kaspersky Labs Ltd.
klswd.exe 368 Anti-Virus Service Watchdog Kaspersky Labs Ltd.
LSSrvc.exe 220 Hewlett-Packard Company
MDM.EXE 240 Machine Debug Manager Microsoft Corporation
poweroff.exe 312 poweroff Jorgen Bosman
ServUDaemon.exe 504
svchost.exe 568 Generic Host Process for Win32 Services Microsoft Corporation
ULCDRSvr.exe 588 ULCDRSvr Ulead Systems, Inc.
wdfmgr.exe 608 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 328 Application Layer Gateway Service Microsoft Corporation
lsass.exe 792 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1884 Explorateur Windows Microsoft Corporation
procexp.exe 2740 4.48 Sysinternals Process Explorer Sysinternals
Process: winlogon.exe Pid: 736
Name Description Company Name Version
activeds.dll DLL de la couche de routage AD Microsoft Corporation 5.01.2600.2180
adsldpc.dll DLL C du fournisseur LDAP AD Microsoft Corporation 5.01.2600.2180
advapi32.dll API avancées Windows 32 Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
authz.dll Authorization Framework Microsoft Corporation 5.01.2600.2622
awtqomm.dll
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982
comdlg32.dll DLL commune de boîtes de dialogues Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cscdll.dll Agent réseau hors connexion Microsoft Corporation 5.01.2600.2180
cscui.dll IU de cache côté client Microsoft Corporation 5.01.2600.2180
ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938
fastprox.dll WMI Microsoft Corporation 5.01.2600.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3099
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16414
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
iphlpapi.dll API de l'application d'assistance IP Microsoft Corporation 5.01.2600.2912
kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation 5.01.2600.2945
locale.nls
midimap.dll Mappeur MIDI Microsoft Microsoft Corporation 5.01.2600.2180
mljjj.dll
mpr.dll DLL de routeur de fournisseurs multiples Microsoft Corporation 5.01.2600.2180
mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180
msacm32.dll Filtre audio ACM Microsoft Microsoft Corporation 5.01.2600.2180
msacm32.drv Mappeur de sons Microsoft Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
MSCTFIME.IME Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180
msgina.dll Ouverture de session Windows NT GINA DLL Microsoft Corporation 5.01.2600.2180
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
msvcp60.dll Microsoft (R) C++ Runtime Library Microsoft Corporation 6.02.3104.0000
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
nddeapi.dll APIs de gestion du partage DDE réseau Microsoft Corporation 5.01.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976
normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000
ntdll.dll DLL Couche NT Microsoft Corporation 5.01.2600.2180
ntdsapi.dll NT5DS Microsoft Corporation 5.01.2600.2180
ntmarta.dll Fournisseur MARTA Windows NT Microsoft Corporation 5.01.2600.2180
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - Ressources ODBC Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE pour Windows Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
opnmllk.dll
profmap.dll Userenv Microsoft Corporation 5.01.2600.2180
psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.2180
regapi.dll Registry Configuration APIs Microsoft Corporation 5.01.2600.2180
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
setupapi.dll Installation de L'API Windows Microsoft Corporation 5.01.2600.2180
sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
sfc_os.dll Protection de fichiers Windows Microsoft Corporation 5.01.2600.2180
shell32.dll DLL commune du shell Windows Microsoft Corporation 6.00.2900.3051
shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180
shlwapi.dll Bibliothèque d'utilitaires légers du Shell Microsoft Corporation 6.00.2900.3020
shsvcs.dll Dll des services Windows Shell Microsoft Corporation 6.00.2900.3051
sortkey.nls
sorttbls.nls
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.3019
unicode.nls
user32.dll DLL client de l'API Utilisateur de Windows XP Microsoft Corporation 5.01.2600.3099
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wbemcomn.dll WMI Microsoft Corporation 5.01.2600.2180
wbemprox.dll WMI Microsoft Corporation 5.01.2600.2180
wbemsvc.dll WMI Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16414
winlogon.exe Application d'ouverture de session Windows NT Microsoft Corporation 5.01.2600.2180
winmm.dll DLL API MCI Microsoft Corporation 5.01.2600.2180
winscard.dll API Microsoft Smart Card Microsoft Corporation 5.01.2600.2180
winspool.drv Pilote de spouleur Windows Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll API Microsoft de vérification de la confiance Microsoft Corporation 5.131.2600.2180
wldap32.dll DLL API LDAP Win32 Microsoft Corporation 5.01.2600.2180
wlnotify.dll DLL commune de réception des notifications Winlogon Microsoft Corporation 5.01.2600.2180
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Application d'assistance de Windows Socket 2.0 pour Windows NT Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Messages Service Pack 2 Microsoft Corporation 5.01.2600.2180
ENSUITE RAPPORT DE HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 18:26:46, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\poweroff.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?ymbols\n?lookup.exe
C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\DOCUME~1\BRUNOE~1\LOCALS~1\Temp\Rar$EX00.063\procexp.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\opnmllk.dll
O2 - BHO: (no name) - {31B6F847-618B-1024-A53B-1DE33CEBA9EA} - C:\WINDOWS\system32\nyjashbz.dll
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\awtqomm.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ldmcvilb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF804502-483F-48D4-9454-FC1110DAFE87} - C:\WINDOWS\system32\ctrgamus.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC34FA97-CE87-4806-9377-78135CD77474} - C:\WINDOWS\system32\mljjj.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wpooiaec.dll",setvm
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Cocb] "C:\WINDOWS\system32\RACLE~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Vnrfsxvf] "C:\WINDOWS\?ymbols\n?lookup.exe" 99001162
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2abc8816300c4f0aab02441609a6153f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2abc8816300c4f0aab02441609a6153f
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtqomm - C:\WINDOWS\SYSTEM32\awtqomm.dll
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll
O20 - Winlogon Notify: opnmllk - C:\WINDOWS\SYSTEM32\opnmllk.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
ET ENFIN RAPPORT MAIN
Deckard's System Scanner v20070423.42
Run by BRUNO ET JEANNETTE on 2007-04-24 at 18:28:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-04-24 16:28:40 UTC - RP46 - Deckard's System Scanner Restore Point
3: 2007-04-23 18:33:09 UTC - RP45 - Point de vérification système
2: 2007-04-17 20:55:27 UTC - RP44 - Removed ACDSee 6.0 Standard
1: 2007-04-17 19:35:38 UTC - RP43 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as BRUNO ET JEANNETTE.exe) ----------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 18:31:40, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\poweroff.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?ymbols\n?lookup.exe
C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\DOCUME~1\BRUNOE~1\LOCALS~1\Temp\Rar$EX00.063\procexp.exe
C:\Documents and Settings\BRUNO ET JEANNETTE\Bureau\dss.exe
C:\PROGRA~1\HIJACK~1\BRUNO ET JEANNETTE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\opnmllk.dll
O2 - BHO: (no name) - {31B6F847-618B-1024-A53B-1DE33CEBA9EA} - C:\WINDOWS\system32\nyjashbz.dll
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\awtqomm.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ldmcvilb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF804502-483F-48D4-9454-FC1110DAFE87} - C:\WINDOWS\system32\ctrgamus.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC34FA97-CE87-4806-9377-78135CD77474} - C:\WINDOWS\system32\mljjj.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wpooiaec.dll",setvm
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Cocb] "C:\WINDOWS\system32\RACLE~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Vnrfsxvf] "C:\WINDOWS\?ymbols\n?lookup.exe" 99001162
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2abc8816300c4f0aab02441609a6153f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2abc8816300c4f0aab02441609a6153f
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtqomm - C:\WINDOWS\SYSTEM32\awtqomm.dll
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll
O20 - Winlogon Notify: opnmllk - C:\WINDOWS\SYSTEM32\opnmllk.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
-- File Associations -----------------------------------------------------------
[COLOR=red].js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2[/COLOR]
[COLOR=red].js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal; 5.0.527.0; 5.0.527.4>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools; 4, 3, 1, 0; 4, 3, 1, 1>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD; 3.9.4.1; 3.9.4.1>
R3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Verified; C-Media Inc; C-Media Audio Driver (WDM); 5.12.01.0051; 5.12.01.0051.3 (73)>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD; 5, 0, 0, 0; 5, 0, 0, 1>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools; 5, 0, 0, 0; 5, 0, 0, 1>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell; 2, 5, 0, 204; 2, 5, 0, 204>
R3 SISNIC (Pilote de carte Fast Ethernet PCI SiS) - c:\windows\system32\drivers\sisnic.sys <Verified; SiS Corporation; NDIS 5.1 NIC Driver; 1.16.00.05; 1.16.00.05 built by: WinDDK>
R3 snpstd2 (Trust WB-3400T Webcam) - c:\windows\system32\drivers\snpstd2.sys <Verified; ; PC Camera driver; 1, 1, 3, 2; 1, 1, 3, 2>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller; 4.1.0.7405; 4.1.0.7405>
S3 fbxusb (Carte réseau virtuelle FreeBox USB) - c:\windows\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP; 1.3.0.0; 1.3.0.0>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 kavsvc (Anti-Virus Service) - "c:\program files\micro application\sécurité internet\anti-virus\kavsvc.exe" <Not Verified; Kaspersky Labs Ltd.; Anti-Virus Personal; 5.0.527.0; 5.0.527.1>
R2 Poweroff - "c:\windows\system32\poweroff.exe" -service <Not Verified; Jorgen Bosman; Poweroff; 3, 0, 1, 3; 3, 0, 1, 3>
R2 Serv-U (Serv-U FTP Server) - c:\progra~1\serv-u\servudaemon.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-24 17:36:01 382 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-03-24 and 2007-04-24 -----------------------------
2007-04-24 16:26:44 123972 --a------ C:\WINDOWS\system32\vnnxoldt.dll
2007-04-24 16:22:42 494822 --a------ C:\Fixwareout.exe
2007-04-24 16:12:53 0 d-------- C:\Program Files\Hijackthis Version Française
2007-04-24 10:23:03 123972 --a------ C:\WINDOWS\system32\mwpummul.dll
2007-04-24 09:37:15 0 d-------- C:\Program Files\Kaspersky Lab
2007-04-24 08:58:01 123972 --a------ C:\WINDOWS\system32\rrdnuxuf.dll
2007-04-23 22:32:27 123972 --a------ C:\WINDOWS\system32\ifwpbuca.dll
2007-04-23 19:07:05 26714 --a------ C:\WINDOWS\system32\awtqomm.dll
2007-04-23 18:58:39 123972 --a------ C:\WINDOWS\system32\oujaqpmy.dll
2007-04-22 20:28:38 123972 --a------ C:\WINDOWS\system32\lesibxho.dll
2007-04-22 11:26:33 123972 --a------ C:\WINDOWS\system32\iasqdtvl.dll
2007-04-20 07:30:50 123972 --a------ C:\WINDOWS\system32\llasuyor.dll
2007-04-18 17:03:43 123972 --a------ C:\WINDOWS\system32\dayowvba.dll
2007-04-17 21:00:43 123972 --a------ C:\WINDOWS\system32\wtyuhjkq.dll
2007-04-17 19:54:19 123972 --a------ C:\WINDOWS\system32\vcwiybyg.dll
2007-04-16 20:59:14 123972 --a------ C:\WINDOWS\system32\hlaadfoc.dll
2007-04-14 22:04:09 123972 --a------ C:\WINDOWS\system32\atngcxqw.dll
2007-04-14 17:14:08 123972 --a------ C:\WINDOWS\system32\htomrvxd.dll
2007-04-13 16:45:31 123972 --a------ C:\WINDOWS\system32\tyaslocl.dll
2007-04-13 16:38:08 123972 --a------ C:\WINDOWS\system32\unqwelgs.dll
2007-04-13 16:35:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Anti-Virus Personal
2007-04-13 16:31:01 123972 --a------ C:\WINDOWS\system32\xbbdgpgr.dll
2007-04-13 16:27:32 123972 --a------ C:\WINDOWS\system32\hogyfqke.dll
2007-04-13 16:24:48 123972 --a------ C:\WINDOWS\system32\foviadsk.dll
2007-04-11 17:30:49 123972 -----n--- C:\WINDOWS\system32\wmojeamt.dll
2007-04-10 22:42:13 4456448 --a------ C:\Documents and Settings\BRUNO ET JEANNETTE\ntuser.dat
2007-04-10 22:03:00 48708 --a------ C:\WINDOWS\system32\ldmcvilb.dll
2007-04-03 20:58:36 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1; 4.10.9404.0; 4.10.9404.0>
2007-04-03 20:58:35 360448 --a------ C:\WINDOWS\system32\CielArchiver.dll <Not Verified; CIEL SA; CIEL SA CielArchiver; 1, 0, 0, 4; 1, 0, 0, 4>
2007-04-03 20:58:35 663552 -----n--- C:\WINDOWS\CielInfos.exe
2007-04-03 20:58:34 0 d-------- C:\Program Files\Fichiers communs\CIEL
2007-04-03 20:58:16 110592 --a------ C:\WINDOWS\system32\xxxprogress.dll <Not Verified; ; XXXProgress Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-03 20:58:15 101888 --a------ C:\WINDOWS\system32\vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows; 6.00.8450; 6.00.8450>
2007-04-03 20:58:05 112912 --a------ C:\WINDOWS\system32\WINSPOOL.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft(R) Windows (R) 2000; 5.00.2195.2780; 5.00.2195.2780>
2007-04-03 20:58:05 0 d-------- C:\WINDOWS\system32\AMYUNIPDF
2007-04-03 20:58:04 172032 --a------ C:\WINDOWS\system32\Portal.dll <Not Verified; Sage KHK Software; Portal Module; 1.0.0.16; 1.0.0.16>
2007-04-03 20:58:00 69632 --a------ C:\WINDOWS\system32\coface.dll <Not Verified; CIEL SA; CIEL SA coface; 1, 5, 0, 0; 1, 5, 0, 0>
2007-04-03 20:58:00 40960 --a------ C:\WINDOWS\system32\CielShellExe.exe <Not Verified; ciel sa; Ciel SA CielShellExe; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-03 20:57:46 757760 --a------ C:\WINDOWS\system32\cielcalc.exe <Not Verified; CIEL; ; ; 2.50>
2007-04-03 20:57:46 843776 --a------ C:\WINDOWS\system32\cielcalc.dll <Not Verified; CIEL; ; ; 2.50>
2007-04-03 20:57:36 0 d-------- C:\CIEL
2007-04-03 20:45:32 110 --a------ C:\WINDOWS\system32\CRUNX.BIN
2007-04-03 20:45:32 356352 --a------ C:\WINDOWS\system32\CRun500.dll <Not Verified; Compagnie Internationale d'Edition de Logiciel; CRun Dynamic Link Library; 3, 0, 5, 69; 3, 0, 5, 69>
2007-04-03 20:44:39 284160 --a------ C:\WINDOWS\unin040c.exe
2007-04-03 20:41:58 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\WINDOWS
2007-03-29 20:37:35 0 d-------- C:\Program Files\Micro Application
2007-03-29 20:33:21 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-27 19:17:03 26730 --a------ C:\WINDOWS\system32\opnmllk.dll
2007-03-24 00:32:31 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\ACD Systems
-- Find3M Report ---------------------------------------------------------------
2007-04-24 18:32:33 536294 --ahs---- C:\WINDOWS\system32\jjjlm.ini2
2007-04-24 16:25:18 544108 ---hs---- C:\WINDOWS\system32\jjjlm.bak1
2007-04-24 16:25:13 543810 ---hs---- C:\WINDOWS\system32\jjjlm.bak2
2007-04-24 16:24:42 0 d-------- C:\Program Files\Serv-U
2007-04-24 16:23:13 0 d-------- C:\Program Files\Eraser
2007-04-13 16:01:42 0 d-------- C:\Program Files\Fichiers communs\LightScribe
2007-04-13 15:54:43 0 d-------- C:\Program Files\Outerinfo
2007-04-13 15:54:15 0 d-------- C:\Program Files\utiles
2007-04-10 21:00:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-03 20:58:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-03 20:58:34 0 d-------- C:\Program Files\Fichiers communs
2007-03-29 20:34:33 0 d-------- C:\Program Files\Fichiers communs\Softwin
2007-03-27 23:42:35 0 d-------- C:\Program Files\Winamp
2007-03-25 13:19:49 495930 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-03-25 13:19:49 79548 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-03-24 10:59:27 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\Ahead
2007-03-23 11:44:17 0 d-------- C:\Program Files\MSXML 4.0
2007-03-23 08:12:26 123972 --a------ C:\WINDOWS\system32\wpooiaec.dll
2007-03-21 12:55:10 0 d-------- C:\Program Files\Microsoft Virtual PC
2007-03-21 12:54:37 0 d-------- C:\Program Files\SpeedFan
2007-03-21 12:54:32 0 d-------- C:\Program Files\RamBoost XP
2007-03-21 12:52:34 0 d-------- C:\Program Files\Shareaza
2007-03-21 12:52:32 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\Shareaza
2007-03-21 12:51:52 0 d-------- C:\Program Files\Secway
2007-03-21 12:51:33 0 d-------- C:\Program Files\Messenger Plus! 3
2007-03-21 12:49:56 0 d-------- C:\Program Files\FlashFXP
2007-03-21 12:49:29 0 d-------- C:\Program Files\UltraISO
2007-03-21 12:49:24 0 d-------- C:\Program Files\FlasKMPEG
2007-03-21 12:49:22 0 d-------- C:\Program Files\VIRTUALDUB
2007-03-21 12:49:20 0 d-------- C:\Program Files\aMpeg2Avi
2007-03-21 12:48:32 0 d-------- C:\Program Files\Copernic Desktop Search
2007-03-21 12:48:06 0 d-------- C:\Program Files\Elaborate Bytes
2007-03-21 12:47:50 0 d-------- C:\Program Files\Axon Data
2007-03-21 12:46:42 0 d-------- C:\Program Files\Alcohol Soft
2007-03-21 12:42:06 0 d-------- C:\Program Files\Microsoft Plus!
2007-03-21 12:41:30 974848 --a------ C:\WINDOWS\system32\mfc70.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.00.9466.0; 7.00.9466.0>
2007-03-21 12:41:28 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-03-21 12:41:25 0 d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2007-03-21 12:40:30 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-03-21 12:36:35 0 d-------- C:\Program Files\Macromedia
2007-03-21 12:35:45 0 d-------- C:\Program Files\Bradbury
2007-03-21 12:35:25 0 d-------- C:\Program Files\Fichiers communs\Macromedia
2007-03-21 12:34:38 0 d-------- C:\Program Files\Fichiers communs\Macromedia Shared
2007-03-21 12:30:39 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-21 12:13:19 0 d-------- C:\Program Files\Microsoft Money 2005
2007-03-21 12:11:40 0 d-------- C:\Program Files\Microsoft Office Personal Portfolio
2007-03-21 12:11:34 0 d-------- C:\Program Files\directx
2007-03-21 11:58:57 0 d-------- C:\Program Files\Microsoft Works
2007-03-21 11:45:06 0 d-------- C:\Program Files\SlySoft
2007-03-20 20:20:45 0 d-------- C:\Program Files\Fichiers communs\System
2007-03-20 19:40:13 2 --a------ C:\WINDOWS\system32\wnsapisv32.exe
2007-03-19 20:30:06 60928 --a------ C:\WINDOWS\system32\nyjashbz.dll
2007-03-18 20:00:10 0 d-------- C:\Program Files\NVIDIA Corporation
2007-03-18 20:00:10 0 d-------- C:\Program Files\Fichiers communs\NVIDIA Shared
2007-03-18 19:54:05 0 d-------- C:\Program Files\eMule
2007-03-18 19:25:48 0 d-------- C:\Program Files\Microsoft.NET
2007-03-18 19:23:56 0 d-------- C:\Program Files\ACD Systems
2007-03-13 19:47:33 2 --a------ C:\WINDOWS\system32\wnsapisu.exe
2007-03-07 16:23:55 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\??mbols
2007-02-28 21:01:43 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\a?sembly
2007-02-07 21:52:53 1047552 --a------ C:\WINDOWS\system32\mfc71u.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3077.0; 7.10.3077.0>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
{182B90A3-F372-438A-800C-6814B4DE417B} C:\WINDOWS\system32\opnmllk.dll
{31B6F847-618B-1024-A53B-1DE33CEBA9EA} C:\WINDOWS\system32\nyjashbz.dll
{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} C:\WINDOWS\system32\awtqomm.dll
{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} C:\WINDOWS\system32\ldmcvilb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AF804502-483F-48D4-9454-FC1110DAFE87} C:\WINDOWS\system32\ctrgamus.dll [x]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{DC34FA97-CE87-4806-9377-78135CD77474} C:\WINDOWS\system32\mljjj.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\wpooiaec.dll\",setvm"
"KAVPersonal50"="\"C:\\Program Files\\Micro Application\\Sécurité Internet\\Anti-Virus\\kav.exe\" /minimize"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"Cocb"="\"C:\\WINDOWS\\system32\\RACLE~1\\regsvr32.exe\" -vt ndrv"
"Vnrfsxvf"="\"C:\\WINDOWS\\?ymbols\\n?lookup.exe\" 99001162"
"Copernic Desktop Search"="\"C:\\Program Files\\Copernic Desktop Search\\CopernicDesktopSearch.exe\" /tray"
"Eraser"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"Simp"="C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""
"{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqomm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmllk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
-- End of Deckard's System Scanner: finished at 2007-04-24 at 18:33:52 ---------
MERCI A VOUS TOUS POUR UNE REPONSE POUR CONTINUER A VANCRE LE CHEVAL DE TROIE !!!!
Mon anti-vius a dedecté un trojan. Voici le rapport de WINLOGON
Process PID CPU Description Company Name
System Idle Process 0 94.03
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 632 Gestionnaire de session Windows NT Microsoft Corporation
csrss.exe 712 Client Server Runtime Process Microsoft Corporation
winlogon.exe 736 Application d'ouverture de session Windows NT Microsoft Corporation
services.exe 780 1.49 Applications Services et Contrôleur Microsoft Corporation
svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1140 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 496 Windows Security Center Notification App Microsoft Corporation
svchost.exe 1188 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1556 Spooler SubSystem App Microsoft Corporation
kavsvc.exe 1984 Anti-Virus Service Kaspersky Labs Ltd.
klswd.exe 368 Anti-Virus Service Watchdog Kaspersky Labs Ltd.
LSSrvc.exe 220 Hewlett-Packard Company
MDM.EXE 240 Machine Debug Manager Microsoft Corporation
poweroff.exe 312 poweroff Jorgen Bosman
ServUDaemon.exe 504
svchost.exe 568 Generic Host Process for Win32 Services Microsoft Corporation
ULCDRSvr.exe 588 ULCDRSvr Ulead Systems, Inc.
wdfmgr.exe 608 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 328 Application Layer Gateway Service Microsoft Corporation
lsass.exe 792 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1884 Explorateur Windows Microsoft Corporation
procexp.exe 2740 4.48 Sysinternals Process Explorer Sysinternals
Process: winlogon.exe Pid: 736
Name Description Company Name Version
activeds.dll DLL de la couche de routage AD Microsoft Corporation 5.01.2600.2180
adsldpc.dll DLL C du fournisseur LDAP AD Microsoft Corporation 5.01.2600.2180
advapi32.dll API avancées Windows 32 Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
authz.dll Authorization Framework Microsoft Corporation 5.01.2600.2622
awtqomm.dll
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982
comdlg32.dll DLL commune de boîtes de dialogues Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cscdll.dll Agent réseau hors connexion Microsoft Corporation 5.01.2600.2180
cscui.dll IU de cache côté client Microsoft Corporation 5.01.2600.2180
ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938
fastprox.dll WMI Microsoft Corporation 5.01.2600.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3099
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16414
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
iphlpapi.dll API de l'application d'assistance IP Microsoft Corporation 5.01.2600.2912
kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation 5.01.2600.2945
locale.nls
midimap.dll Mappeur MIDI Microsoft Microsoft Corporation 5.01.2600.2180
mljjj.dll
mpr.dll DLL de routeur de fournisseurs multiples Microsoft Corporation 5.01.2600.2180
mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180
msacm32.dll Filtre audio ACM Microsoft Microsoft Corporation 5.01.2600.2180
msacm32.drv Mappeur de sons Microsoft Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
MSCTFIME.IME Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180
msgina.dll Ouverture de session Windows NT GINA DLL Microsoft Corporation 5.01.2600.2180
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
msvcp60.dll Microsoft (R) C++ Runtime Library Microsoft Corporation 6.02.3104.0000
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
nddeapi.dll APIs de gestion du partage DDE réseau Microsoft Corporation 5.01.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976
normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000
ntdll.dll DLL Couche NT Microsoft Corporation 5.01.2600.2180
ntdsapi.dll NT5DS Microsoft Corporation 5.01.2600.2180
ntmarta.dll Fournisseur MARTA Windows NT Microsoft Corporation 5.01.2600.2180
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - Ressources ODBC Microsoft Corporation 3.525.1117.0000
ole32.dll Microsoft OLE pour Windows Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
opnmllk.dll
profmap.dll Userenv Microsoft Corporation 5.01.2600.2180
psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.2180
regapi.dll Registry Configuration APIs Microsoft Corporation 5.01.2600.2180
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
setupapi.dll Installation de L'API Windows Microsoft Corporation 5.01.2600.2180
sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
sfc_os.dll Protection de fichiers Windows Microsoft Corporation 5.01.2600.2180
shell32.dll DLL commune du shell Windows Microsoft Corporation 6.00.2900.3051
shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180
shlwapi.dll Bibliothèque d'utilitaires légers du Shell Microsoft Corporation 6.00.2900.3020
shsvcs.dll Dll des services Windows Shell Microsoft Corporation 6.00.2900.3051
sortkey.nls
sorttbls.nls
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.3019
unicode.nls
user32.dll DLL client de l'API Utilisateur de Windows XP Microsoft Corporation 5.01.2600.3099
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wbemcomn.dll WMI Microsoft Corporation 5.01.2600.2180
wbemprox.dll WMI Microsoft Corporation 5.01.2600.2180
wbemsvc.dll WMI Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16414
winlogon.exe Application d'ouverture de session Windows NT Microsoft Corporation 5.01.2600.2180
winmm.dll DLL API MCI Microsoft Corporation 5.01.2600.2180
winscard.dll API Microsoft Smart Card Microsoft Corporation 5.01.2600.2180
winspool.drv Pilote de spouleur Windows Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll API Microsoft de vérification de la confiance Microsoft Corporation 5.131.2600.2180
wldap32.dll DLL API LDAP Win32 Microsoft Corporation 5.01.2600.2180
wlnotify.dll DLL commune de réception des notifications Winlogon Microsoft Corporation 5.01.2600.2180
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Application d'assistance de Windows Socket 2.0 pour Windows NT Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Messages Service Pack 2 Microsoft Corporation 5.01.2600.2180
ENSUITE RAPPORT DE HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 18:26:46, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\poweroff.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?ymbols\n?lookup.exe
C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\DOCUME~1\BRUNOE~1\LOCALS~1\Temp\Rar$EX00.063\procexp.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\opnmllk.dll
O2 - BHO: (no name) - {31B6F847-618B-1024-A53B-1DE33CEBA9EA} - C:\WINDOWS\system32\nyjashbz.dll
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\awtqomm.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ldmcvilb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF804502-483F-48D4-9454-FC1110DAFE87} - C:\WINDOWS\system32\ctrgamus.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC34FA97-CE87-4806-9377-78135CD77474} - C:\WINDOWS\system32\mljjj.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wpooiaec.dll",setvm
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Cocb] "C:\WINDOWS\system32\RACLE~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Vnrfsxvf] "C:\WINDOWS\?ymbols\n?lookup.exe" 99001162
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2abc8816300c4f0aab02441609a6153f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2abc8816300c4f0aab02441609a6153f
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtqomm - C:\WINDOWS\SYSTEM32\awtqomm.dll
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll
O20 - Winlogon Notify: opnmllk - C:\WINDOWS\SYSTEM32\opnmllk.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
ET ENFIN RAPPORT MAIN
Deckard's System Scanner v20070423.42
Run by BRUNO ET JEANNETTE on 2007-04-24 at 18:28:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-04-24 16:28:40 UTC - RP46 - Deckard's System Scanner Restore Point
3: 2007-04-23 18:33:09 UTC - RP45 - Point de vérification système
2: 2007-04-17 20:55:27 UTC - RP44 - Removed ACDSee 6.0 Standard
1: 2007-04-17 19:35:38 UTC - RP43 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as BRUNO ET JEANNETTE.exe) ----------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 18:31:40, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\poweroff.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?ymbols\n?lookup.exe
C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\DOCUME~1\BRUNOE~1\LOCALS~1\Temp\Rar$EX00.063\procexp.exe
C:\Documents and Settings\BRUNO ET JEANNETTE\Bureau\dss.exe
C:\PROGRA~1\HIJACK~1\BRUNO ET JEANNETTE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\opnmllk.dll
O2 - BHO: (no name) - {31B6F847-618B-1024-A53B-1DE33CEBA9EA} - C:\WINDOWS\system32\nyjashbz.dll
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\awtqomm.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ldmcvilb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF804502-483F-48D4-9454-FC1110DAFE87} - C:\WINDOWS\system32\ctrgamus.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC34FA97-CE87-4806-9377-78135CD77474} - C:\WINDOWS\system32\mljjj.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wpooiaec.dll",setvm
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Cocb] "C:\WINDOWS\system32\RACLE~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Vnrfsxvf] "C:\WINDOWS\?ymbols\n?lookup.exe" 99001162
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2abc8816300c4f0aab02441609a6153f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2abc8816300c4f0aab02441609a6153f
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: copernicdesktopsearch - {D9656C75-5090-45C3-B27E-436FBC7ACFA7} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtqomm - C:\WINDOWS\SYSTEM32\awtqomm.dll
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll
O20 - Winlogon Notify: opnmllk - C:\WINDOWS\SYSTEM32\opnmllk.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\PROGRA~1\Serv-U\ServUDaemon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
-- File Associations -----------------------------------------------------------
[COLOR=red].js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2[/COLOR]
[COLOR=red].js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal; 5.0.527.0; 5.0.527.4>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools; 4, 3, 1, 0; 4, 3, 1, 1>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD; 3.9.4.1; 3.9.4.1>
R3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Verified; C-Media Inc; C-Media Audio Driver (WDM); 5.12.01.0051; 5.12.01.0051.3 (73)>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD; 5, 0, 0, 0; 5, 0, 0, 1>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools; 5, 0, 0, 0; 5, 0, 0, 1>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell; 2, 5, 0, 204; 2, 5, 0, 204>
R3 SISNIC (Pilote de carte Fast Ethernet PCI SiS) - c:\windows\system32\drivers\sisnic.sys <Verified; SiS Corporation; NDIS 5.1 NIC Driver; 1.16.00.05; 1.16.00.05 built by: WinDDK>
R3 snpstd2 (Trust WB-3400T Webcam) - c:\windows\system32\drivers\snpstd2.sys <Verified; ; PC Camera driver; 1, 1, 3, 2; 1, 1, 3, 2>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller; 4.1.0.7405; 4.1.0.7405>
S3 fbxusb (Carte réseau virtuelle FreeBox USB) - c:\windows\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP; 1.3.0.0; 1.3.0.0>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 kavsvc (Anti-Virus Service) - "c:\program files\micro application\sécurité internet\anti-virus\kavsvc.exe" <Not Verified; Kaspersky Labs Ltd.; Anti-Virus Personal; 5.0.527.0; 5.0.527.1>
R2 Poweroff - "c:\windows\system32\poweroff.exe" -service <Not Verified; Jorgen Bosman; Poweroff; 3, 0, 1, 3; 3, 0, 1, 3>
R2 Serv-U (Serv-U FTP Server) - c:\progra~1\serv-u\servudaemon.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-24 17:36:01 382 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2007-03-24 and 2007-04-24 -----------------------------
2007-04-24 16:26:44 123972 --a------ C:\WINDOWS\system32\vnnxoldt.dll
2007-04-24 16:22:42 494822 --a------ C:\Fixwareout.exe
2007-04-24 16:12:53 0 d-------- C:\Program Files\Hijackthis Version Française
2007-04-24 10:23:03 123972 --a------ C:\WINDOWS\system32\mwpummul.dll
2007-04-24 09:37:15 0 d-------- C:\Program Files\Kaspersky Lab
2007-04-24 08:58:01 123972 --a------ C:\WINDOWS\system32\rrdnuxuf.dll
2007-04-23 22:32:27 123972 --a------ C:\WINDOWS\system32\ifwpbuca.dll
2007-04-23 19:07:05 26714 --a------ C:\WINDOWS\system32\awtqomm.dll
2007-04-23 18:58:39 123972 --a------ C:\WINDOWS\system32\oujaqpmy.dll
2007-04-22 20:28:38 123972 --a------ C:\WINDOWS\system32\lesibxho.dll
2007-04-22 11:26:33 123972 --a------ C:\WINDOWS\system32\iasqdtvl.dll
2007-04-20 07:30:50 123972 --a------ C:\WINDOWS\system32\llasuyor.dll
2007-04-18 17:03:43 123972 --a------ C:\WINDOWS\system32\dayowvba.dll
2007-04-17 21:00:43 123972 --a------ C:\WINDOWS\system32\wtyuhjkq.dll
2007-04-17 19:54:19 123972 --a------ C:\WINDOWS\system32\vcwiybyg.dll
2007-04-16 20:59:14 123972 --a------ C:\WINDOWS\system32\hlaadfoc.dll
2007-04-14 22:04:09 123972 --a------ C:\WINDOWS\system32\atngcxqw.dll
2007-04-14 17:14:08 123972 --a------ C:\WINDOWS\system32\htomrvxd.dll
2007-04-13 16:45:31 123972 --a------ C:\WINDOWS\system32\tyaslocl.dll
2007-04-13 16:38:08 123972 --a------ C:\WINDOWS\system32\unqwelgs.dll
2007-04-13 16:35:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Anti-Virus Personal
2007-04-13 16:31:01 123972 --a------ C:\WINDOWS\system32\xbbdgpgr.dll
2007-04-13 16:27:32 123972 --a------ C:\WINDOWS\system32\hogyfqke.dll
2007-04-13 16:24:48 123972 --a------ C:\WINDOWS\system32\foviadsk.dll
2007-04-11 17:30:49 123972 -----n--- C:\WINDOWS\system32\wmojeamt.dll
2007-04-10 22:42:13 4456448 --a------ C:\Documents and Settings\BRUNO ET JEANNETTE\ntuser.dat
2007-04-10 22:03:00 48708 --a------ C:\WINDOWS\system32\ldmcvilb.dll
2007-04-03 20:58:36 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1; 4.10.9404.0; 4.10.9404.0>
2007-04-03 20:58:35 360448 --a------ C:\WINDOWS\system32\CielArchiver.dll <Not Verified; CIEL SA; CIEL SA CielArchiver; 1, 0, 0, 4; 1, 0, 0, 4>
2007-04-03 20:58:35 663552 -----n--- C:\WINDOWS\CielInfos.exe
2007-04-03 20:58:34 0 d-------- C:\Program Files\Fichiers communs\CIEL
2007-04-03 20:58:16 110592 --a------ C:\WINDOWS\system32\xxxprogress.dll <Not Verified; ; XXXProgress Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-03 20:58:15 101888 --a------ C:\WINDOWS\system32\vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows; 6.00.8450; 6.00.8450>
2007-04-03 20:58:05 112912 --a------ C:\WINDOWS\system32\WINSPOOL.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft(R) Windows (R) 2000; 5.00.2195.2780; 5.00.2195.2780>
2007-04-03 20:58:05 0 d-------- C:\WINDOWS\system32\AMYUNIPDF
2007-04-03 20:58:04 172032 --a------ C:\WINDOWS\system32\Portal.dll <Not Verified; Sage KHK Software; Portal Module; 1.0.0.16; 1.0.0.16>
2007-04-03 20:58:00 69632 --a------ C:\WINDOWS\system32\coface.dll <Not Verified; CIEL SA; CIEL SA coface; 1, 5, 0, 0; 1, 5, 0, 0>
2007-04-03 20:58:00 40960 --a------ C:\WINDOWS\system32\CielShellExe.exe <Not Verified; ciel sa; Ciel SA CielShellExe; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-03 20:57:46 757760 --a------ C:\WINDOWS\system32\cielcalc.exe <Not Verified; CIEL; ; ; 2.50>
2007-04-03 20:57:46 843776 --a------ C:\WINDOWS\system32\cielcalc.dll <Not Verified; CIEL; ; ; 2.50>
2007-04-03 20:57:36 0 d-------- C:\CIEL
2007-04-03 20:45:32 110 --a------ C:\WINDOWS\system32\CRUNX.BIN
2007-04-03 20:45:32 356352 --a------ C:\WINDOWS\system32\CRun500.dll <Not Verified; Compagnie Internationale d'Edition de Logiciel; CRun Dynamic Link Library; 3, 0, 5, 69; 3, 0, 5, 69>
2007-04-03 20:44:39 284160 --a------ C:\WINDOWS\unin040c.exe
2007-04-03 20:41:58 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\WINDOWS
2007-03-29 20:37:35 0 d-------- C:\Program Files\Micro Application
2007-03-29 20:33:21 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-27 19:17:03 26730 --a------ C:\WINDOWS\system32\opnmllk.dll
2007-03-24 00:32:31 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\ACD Systems
-- Find3M Report ---------------------------------------------------------------
2007-04-24 18:32:33 536294 --ahs---- C:\WINDOWS\system32\jjjlm.ini2
2007-04-24 16:25:18 544108 ---hs---- C:\WINDOWS\system32\jjjlm.bak1
2007-04-24 16:25:13 543810 ---hs---- C:\WINDOWS\system32\jjjlm.bak2
2007-04-24 16:24:42 0 d-------- C:\Program Files\Serv-U
2007-04-24 16:23:13 0 d-------- C:\Program Files\Eraser
2007-04-13 16:01:42 0 d-------- C:\Program Files\Fichiers communs\LightScribe
2007-04-13 15:54:43 0 d-------- C:\Program Files\Outerinfo
2007-04-13 15:54:15 0 d-------- C:\Program Files\utiles
2007-04-10 21:00:29 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-03 20:58:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-03 20:58:34 0 d-------- C:\Program Files\Fichiers communs
2007-03-29 20:34:33 0 d-------- C:\Program Files\Fichiers communs\Softwin
2007-03-27 23:42:35 0 d-------- C:\Program Files\Winamp
2007-03-25 13:19:49 495930 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-03-25 13:19:49 79548 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-03-24 10:59:27 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\Ahead
2007-03-23 11:44:17 0 d-------- C:\Program Files\MSXML 4.0
2007-03-23 08:12:26 123972 --a------ C:\WINDOWS\system32\wpooiaec.dll
2007-03-21 12:55:10 0 d-------- C:\Program Files\Microsoft Virtual PC
2007-03-21 12:54:37 0 d-------- C:\Program Files\SpeedFan
2007-03-21 12:54:32 0 d-------- C:\Program Files\RamBoost XP
2007-03-21 12:52:34 0 d-------- C:\Program Files\Shareaza
2007-03-21 12:52:32 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\Shareaza
2007-03-21 12:51:52 0 d-------- C:\Program Files\Secway
2007-03-21 12:51:33 0 d-------- C:\Program Files\Messenger Plus! 3
2007-03-21 12:49:56 0 d-------- C:\Program Files\FlashFXP
2007-03-21 12:49:29 0 d-------- C:\Program Files\UltraISO
2007-03-21 12:49:24 0 d-------- C:\Program Files\FlasKMPEG
2007-03-21 12:49:22 0 d-------- C:\Program Files\VIRTUALDUB
2007-03-21 12:49:20 0 d-------- C:\Program Files\aMpeg2Avi
2007-03-21 12:48:32 0 d-------- C:\Program Files\Copernic Desktop Search
2007-03-21 12:48:06 0 d-------- C:\Program Files\Elaborate Bytes
2007-03-21 12:47:50 0 d-------- C:\Program Files\Axon Data
2007-03-21 12:46:42 0 d-------- C:\Program Files\Alcohol Soft
2007-03-21 12:42:06 0 d-------- C:\Program Files\Microsoft Plus!
2007-03-21 12:41:30 974848 --a------ C:\WINDOWS\system32\mfc70.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.00.9466.0; 7.00.9466.0>
2007-03-21 12:41:28 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-03-21 12:41:25 0 d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2007-03-21 12:40:30 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-03-21 12:36:35 0 d-------- C:\Program Files\Macromedia
2007-03-21 12:35:45 0 d-------- C:\Program Files\Bradbury
2007-03-21 12:35:25 0 d-------- C:\Program Files\Fichiers communs\Macromedia
2007-03-21 12:34:38 0 d-------- C:\Program Files\Fichiers communs\Macromedia Shared
2007-03-21 12:30:39 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-21 12:13:19 0 d-------- C:\Program Files\Microsoft Money 2005
2007-03-21 12:11:40 0 d-------- C:\Program Files\Microsoft Office Personal Portfolio
2007-03-21 12:11:34 0 d-------- C:\Program Files\directx
2007-03-21 11:58:57 0 d-------- C:\Program Files\Microsoft Works
2007-03-21 11:45:06 0 d-------- C:\Program Files\SlySoft
2007-03-20 20:20:45 0 d-------- C:\Program Files\Fichiers communs\System
2007-03-20 19:40:13 2 --a------ C:\WINDOWS\system32\wnsapisv32.exe
2007-03-19 20:30:06 60928 --a------ C:\WINDOWS\system32\nyjashbz.dll
2007-03-18 20:00:10 0 d-------- C:\Program Files\NVIDIA Corporation
2007-03-18 20:00:10 0 d-------- C:\Program Files\Fichiers communs\NVIDIA Shared
2007-03-18 19:54:05 0 d-------- C:\Program Files\eMule
2007-03-18 19:25:48 0 d-------- C:\Program Files\Microsoft.NET
2007-03-18 19:23:56 0 d-------- C:\Program Files\ACD Systems
2007-03-13 19:47:33 2 --a------ C:\WINDOWS\system32\wnsapisu.exe
2007-03-07 16:23:55 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\??mbols
2007-02-28 21:01:43 0 d-------- C:\Documents and Settings\BRUNO ET JEANNETTE\Application Data\a?sembly
2007-02-07 21:52:53 1047552 --a------ C:\WINDOWS\system32\mfc71u.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3077.0; 7.10.3077.0>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
{182B90A3-F372-438A-800C-6814B4DE417B} C:\WINDOWS\system32\opnmllk.dll
{31B6F847-618B-1024-A53B-1DE33CEBA9EA} C:\WINDOWS\system32\nyjashbz.dll
{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} C:\WINDOWS\system32\awtqomm.dll
{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} C:\WINDOWS\system32\ldmcvilb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AF804502-483F-48D4-9454-FC1110DAFE87} C:\WINDOWS\system32\ctrgamus.dll [x]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{DC34FA97-CE87-4806-9377-78135CD77474} C:\WINDOWS\system32\mljjj.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\wpooiaec.dll\",setvm"
"KAVPersonal50"="\"C:\\Program Files\\Micro Application\\Sécurité Internet\\Anti-Virus\\kav.exe\" /minimize"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"Cocb"="\"C:\\WINDOWS\\system32\\RACLE~1\\regsvr32.exe\" -vt ndrv"
"Vnrfsxvf"="\"C:\\WINDOWS\\?ymbols\\n?lookup.exe\" 99001162"
"Copernic Desktop Search"="\"C:\\Program Files\\Copernic Desktop Search\\CopernicDesktopSearch.exe\" /tray"
"Eraser"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"Simp"="C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""
"{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqomm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmllk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
-- End of Deckard's System Scanner: finished at 2007-04-24 at 18:33:52 ---------
MERCI A VOUS TOUS POUR UNE REPONSE POUR CONTINUER A VANCRE LE CHEVAL DE TROIE !!!!
A voir également:
- Infecté par TROJAN
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan sms-par google - Accueil - Messagerie instantanée
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Ce malware Android se fait passer pour Chrome pour voler vos données personnelles en toute discrétion - Accueil - Virus
- Virus trojan al11 ✓ - Forum Virus
