Virus Application.Prockill.BL

Question

Bonjour,
Mon pc est infecté par Application.Prockill.BL identifié par le scanner online de Bitdefender mais qu'il ne peut supprimer. Ce virus empèche l'installation d'Avast et de tous les autres antivirus que j'ai essayé. 
Quelqu'un a-t-il une réponse à mes soucis, d'autant que je ne suis pas une pointure en informatique ? 
Merci d'avance

philae83 · Answer

bonsoir,

peux tu poster le rapport de bitdefender stp

et

* Télécharge  HijackThis  et poste le rapport stp

http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

Christophe · Answer

Merci d'avoir répondu. Voici les rapports Bitdefender et Hijackthis.


BitDefender Online Scanner

Rapport d'analyse généré à: Sun, Aug 26, 2007 - 10:08:40

Voie d'analyse: C:\;D:\;E:\;G:\;H:\;I:\;J:\;K:\;

Statistiques
 
Temps 00:46:48
Fichiers 186378
Directoires 8277
Secteurs de boot 3
Archives 7394
Paquets programmes 12392

Résultats

Virus identifiés 2
Fichiers infectés 3
Fichiers suspects 0
Avertissements 0
Désinfectés 0
Fichiers effacés 3

Info sur les moteurs
 
Définition virus 750029
Version des moteurs AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Analyse des plugins 14
Archive des plugins 37
Unpack des plugins 6
E-mail plugins 6
Système plugins 1


Paramètres d'analyse

Première action Désinfecté
Seconde Action Supprimé
Heuristique Oui
Acceptez les avertissements Oui
Extensions analysées *;

Excludez les extensions
Analyse d'emails Oui
Analyse des Archives Oui
Analyser paquets programmes Oui
Analyse des fichiers Oui
Analyse de boot Oui

Fichier analysé

Statut

C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar=>The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE\etpfm42\Crack\Panorama_v4.2_Crk.exe
 Infecté par: Trojan.Wpepro.AH
 
C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar=>The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE\etpfm42\Crack\Panorama_v4.2_Crk.exe
 Echec de la désinfection
 
C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar=>The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE\etpfm42\Crack\Panorama_v4.2_Crk.exe
 Supprimé
 
C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar
 Echec de la mise à jour
 
C:\WINDOWS\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
 Détecté avec: Application.Prockill.BL
 
C:\WINDOWS\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
 Echec de la désinfection
 
C:\WINDOWS\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
 Supprimé
 
C:\WINDOWS\RESTORE.INS
 Echec de la mise à jour
 
C:\WINDOWS\system\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
 Détecté avec: Application.Prockill.BL
 
C:\WINDOWS\system\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
 Echec de la désinfection
 
C:\WINDOWS\system\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
 Supprimé
 
C:\WINDOWS\system\RESTORE.INS
 Echec de la mise à jour

----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:16:35, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\All Users\Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Christophe2007 · Answer

Bonjour,
mon pc est infecté, par le virus Prockill.BL et le trojan Wpepro.AH .
Voici les rapports Bitdefender et Hijackthis.
Quelqu'un a-t-il la solution pour les supprimer ?
Merci

__________________________

BitDefender Online Scanner 

Rapport d'analyse généré à: Sun, Aug 26, 2007 - 10:08:40 

Voie d'analyse: C:\;D:\;E:\;G:\;H:\;I:\;J:\;K:\; 

Statistiques 

Temps 00:46:48 
Fichiers 186378 
Directoires 8277 
Secteurs de boot 3 
Archives 7394 
Paquets programmes 12392 

Résultats 

Virus identifiés 2 
Fichiers infectés 3 
Fichiers suspects 0 
Avertissements 0 
Désinfectés 0 
Fichiers effacés 3 

Info sur les moteurs 

Définition virus 750029 
Version des moteurs AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22) 
Analyse des plugins 14 
Archive des plugins 37 
Unpack des plugins 6 
E-mail plugins 6 
Système plugins 1 


Paramètres d'analyse 

Première action Désinfecté 
Seconde Action Supprimé 
Heuristique Oui 
Acceptez les avertissements Oui 
Extensions analysées *; 

Excludez les extensions 
Analyse d'emails Oui 
Analyse des Archives Oui 
Analyser paquets programmes Oui 
Analyse des fichiers Oui 
Analyse de boot Oui 

Fichier analysé 

Statut 

C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar=>The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE\etpfm42\Crack\Panorama_v4.2_Crk.exe 
Infecté par: Trojan.Wpepro.AH 

C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar=>The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE\etpfm42\Crack\Panorama_v4.2_Crk.exe 
Echec de la désinfection 

C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar=>The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE\etpfm42\Crack\Panorama_v4.2_Crk.exe 
Supprimé 

C:\Program Files\eMule\Incoming\The.Panorama.Factory.v4.2.Multilanguage.WinALL.Cracked-ENGiNE.rar 
Echec de la mise à jour 

C:\WINDOWS\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE 
Détecté avec: Application.Prockill.BL 

C:\WINDOWS\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE 
Echec de la désinfection 

C:\WINDOWS\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE 
Supprimé 

C:\WINDOWS\RESTORE.INS 
Echec de la mise à jour 

C:\WINDOWS\system\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE 
Détecté avec: Application.Prockill.BL 

C:\WINDOWS\system\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE 
Echec de la désinfection 

C:\WINDOWS\system\RESTORE.INS=>C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE 
Supprimé 

C:\WINDOWS\system\RESTORE.INS 
Echec de la mise à jour 

---------------------------------------------------------------------- 

Logfile of Trend Micro HijackThis v2.0.2 

Scan saved at 10:16:35, on 26/08/2007 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v7.00 (7.00.6000.16512) 
Boot mode: Normal 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\spoolsv.exe 
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe 
C:\WINDOWS\System32\drivers\CDAC11BA.EXE 
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 
C:\WINDOWS\system32\slserv.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\wanmpsvc.exe 
C:\WINDOWS\Explorer.EXE 
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe 
C:\WINDOWS\SOUNDMAN.EXE 
C:\apps\ABoard\ABoard.exe 
C:\Program Files\Packard Bell EverSafe\TrayControl.exe 
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 
C:\apps\ABoard\AOSD.exe 
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe 
C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLSoftware.exe 
C:\Program Files\iTunes\iTunesHelper.exe 
C:\Program Files\Messenger\msmsgs.exe 
C:\WINDOWS\system32\ctfmon.exe 
C:\Program Files\DAEMON Tools\daemon.exe 
C:\Program Files\AOL 9.0\aoltray.exe 
C:\Program Files\iPod\bin\iPodService.exe 
C:\Program Files\Internet Explorer\iexplore.exe 
C:\WINDOWS\system32\spider.exe 
C:\Program Files\Microsoft Office\Office\WINWORD.EXE 
C:\Documents and Settings\All Users\Documents\HijackThis.exe 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL 
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL 
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll 
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll 
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll 
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll 
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe 
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe 
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe 
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe 
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe 
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe 
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic 
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLSoftware.exe 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe 
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic 
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background 
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') 
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe 
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE 
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe 
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html 
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll 
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL 
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe 
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe 
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm 
O15 - Trusted Zone: *.canalplay.com 
O15 - Trusted Zone: *.canalplay.com (HKLM) 
O15 - Trusted Zone: *.canalplusactive.com (HKLM) 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab 
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab 
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL 
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe (file missing) 
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe (file missing) 
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe (file missing) 
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe (file missing) 
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) 
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe 
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe 
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe 
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing) 
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

philae83 · Answer

bonjour,

déjà rien d'étonnant avec LA MULE que tu sois infecté !!!
ensuite

tout a été nettoyé. As tu d'autres problèmes ?

Christophe2007 · Answer

Reste un problème, impossible d'installer Avast ou un autre antivirus.

philae83 · Answer

re

pourtant je le vois avast non ?
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

Christophe2007 · Answer

Avast s'installe mais les fichiers executables disparaissent juste après l'install. Impossible de le faire fonctionner donc.

philae83 · Answer

re
étrange.

Télécharge SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

Christophe2007 · Answer

Voilà le fichier SREnglLOG.log comme demandé.

_________________________________
[CODE]

2007-08-26,15:00:15

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CanalPlayer><C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic> [(Verified)CanalPlus Active]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIModeChange><Ati2mdxx.exe> [(Verified)Microsoft Windows Publisher]
<ATIPTA><C:\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ACTIVBOARD><c:\apps\ABoard\ABoard.exe> [NEC Computers International]
<NovaNet-WEB Tray Control><C:\Program Files\Packard Bell EverSafe\TrayControl.exe> [NovaStor Corporation]
<NeroCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<AOLSAV><C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe> [TechCity Solutions France]
<AOLDialer><C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe> [(Verified)AOL LLC]
<CanalPlayer><C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic> [(Verified)CanalPlus Active]
<HostManager><C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLSoftware.exe> [(Verified)AOL LLC]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
Startup Folders
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[AOL 9.0 Icône AOL]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk --> C:\PROGRA~1\AOL9~1.0\aoltray.exe [America Online, Inc.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Packard Bell EverSafe Tray Control]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Packard Bell EverSafe Tray Control.lnk --> C:\PROGRA~1\PACKAR~1\TRAYCO~1.EXE [NovaStor Corporation]><N>

==================================
Services
[AOL Connectivity Service / AOL ACS][Running/Auto Start]
<C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe><AOL LLC>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[avast! Antivirus / avast! Antivirus][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><N/A>
[avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><N/A>
[Boonty Games / Boonty Games][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[iPod Service / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Machine Debug Manager / MDM][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Service CANALPLAY / Service CANALPLAY][Stopped/Manual Start]
<"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"><Canal+ Active>
[SmartLinkService / SLService][Running/Auto Start]
<slserv.exe><>
[SymWMI Service / SymWSC][Stopped/Auto Start]
<C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe><N/A>
[WAN Miniport (ATW) Service / WANMiniportService][Running/Auto Start]
<"C:\WINDOWS\wanmpsvc.exe"><America Online, Inc.>

==================================
Drivers
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[Pilote de filtre du bus AMD AGP / amdagp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atksgt / atksgt][Running/Auto Start]
<system32\DRIVERS\atksgt.sys><N/A>
[cd20xrnt / cd20xrnt][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS><Macrovision Europe Ltd>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[lirsgt / lirsgt][Running/Auto Start]
<system32\DRIVERS\lirsgt.sys><N/A>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Mtlmnt5 / Mtlmnt5][Stopped/Manual Start]
<System32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
<System32\DRIVERS\Mtlstrm.sys><>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
<System32\DRIVERS\NtMtlFax.sys><>
[nv / nv][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RecAgent / RecAgent][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys><Smart Link>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Filtre de bus AGP SIS / sisagp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SmartLink AMR_PCI Driver / Slntamr][Stopped/Manual Start]
<System32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal][Stopped/Manual Start]
<System32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup][Stopped/Manual Start]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Running/Manual Start]
<System32\DRIVERS\wanatw4.sys><America Online, Inc.>

==================================
Browser Add-ons
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Download Manager Browser Helper Object]
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} <C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL, Protect Software GmbH>
[Skype add-on (mastermind)]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL, Skype Technologies S.A.>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[AOL Toolbar]
{3369AF0D-62E9-4bda-8103-B4C75499B578} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL, Skype Technologies S.A.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[AOL Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Telechargement Control]
{104B0A37-AB99-4F06-8032-8BBDC3B77DDB} <C:\WINDOWS\Downloaded Program Files\telechargement-photoweb.ocx, photoweb>
[QDiagAOLCCUpdateObj Class]
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} <C:\WINDOWS\System32\qdiagcc.ocx, Gteko Ltd.>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[AdVerifierADPCtrl Class]
{88764F69-3831-4EC1-B40B-FF21D8381345} <C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll, Dictao SA>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Telechargement Control]
{104B0A37-AB99-4F06-8032-8BBDC3B77DDB} <C:\WINDOWS\Downloaded Program Files\telechargement-photoweb.ocx, photoweb>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[Download Manager Browser Helper Object]
{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} <C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL, Protect Software GmbH>
[Skype add-on (mastermind)]
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL, Skype Technologies S.A.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tools Class]
{2F13EF7E-9F89-47F0-B4E5-D461B1AA6902} <, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL, Skype Technologies S.A.>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[QueueManager Class]
{A3781C17-DF39-4819-B5F4-84587BDA08E5} <, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll, Adobe Systems, Inc.>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, Apple Computer, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Computer, Inc.>
[AOL Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[&Recherche AOL Toolbar]
<c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html, N/A>

==================================
Running Processes
[PID: 616 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[PID: 1104 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[PID: 1384 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1628 / Christophe][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\PROGRA~1\WinZip\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1029, 0]
[PID: 1724 / Christophe][C:\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5046]
[C:\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5046]
[C:\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5046]
[C:\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5046]
[PID: 1736 / Christophe][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.10]
[PID: 1748 / Christophe][C:\apps\ABoard\ABoard.exe] [NEC Computers International, 1, 2, 0, 0]
[C:\apps\ABoard\AHook.dll] [NEC Computers International, 1, 1, 3, 0]
[PID: 1756 / Christophe][C:\Program Files\Packard Bell EverSafe\TrayControl.exe] [NovaStor Corporation, 4.0]
[C:\Program Files\Packard Bell EverSafe\winslc.dll] [NEC USA Inc., 1.01]
[PID: 1764 / Christophe][C:\apps\ABoard\AOSD.exe] [NEC Computers International, 1, 2, 0, 0]
[PID: 1780 / Christophe][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.1622]
[PID: 1808 / Christophe][C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe] [TechCity Solutions France, 1.0.1.93]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\PROGRA~1\TECHCI~1\AOLSAV\shfolder.dll] [Microsoft Corporation, 5.50.4027.300]
[C:\PROGRA~1\TECHCI~1\AOLSAV\Res.dll] [TechCity Solutions France, 1.0.1.179]
[PID: 1836 / Christophe][C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLSoftware.exe] [America Online, Inc., 1.5.6.1]
[C:\Program Files\Fichiers communs\AOL\1166896196\ee\xprt5.dll] [AOL LLC, 5.2.3.5014]
[C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLSvcMgr.dll] [America Online, Inc., 1.5.6.1]
[C:\Program Files\Fichiers communs\AOL\AOLDiag\tbdiag.dll] [AOL LLC, 3.3.14.1]
[C:\Program Files\Fichiers communs\AOL\1166896196\ee\AOLHostMgr.dll] [America Online, Inc., 1.5.6.1]
[c:\program files\fichiers communs\aol\1166896196\ee\services\os\ver5_2_1_1\OS.dll] [AOL LLC, 5.2.1.1]
[c:\program files\fichiers communs\aol\1166896196\ee\services\os\ver5_2_1_1\AOLIdleMon.dll] [AOL LLC, 5.2.1.1]
[c:\program files\fichiers communs\aol\1166896196\ee\services\basics\ver8_0_4_1\basics.dll] [America Online, Inc., 8.0.4.1]
[c:\program files\fichiers communs\aol\1166896196\ee\services\notification\ver6_2_6_1\Notify.dll] [America Online, Inc., 6.2.6.1]
[c:\program files\fichiers communs\aol\1166896196\ee\services\localStorage\ver7_1_5_2\clsSvc.dll] [AOL LLC, 7.1.5.2]
[c:\program files\fichiers communs\aol\1166896196\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll] [AOL LLC, 3.0.16.1]
[c:\program files\fichiers communs\aol\1166896196\ee\services\metrics\ver3_6_15_1\cmls.dll] [America Online, Inc., 3.6.15.1]
[c:\program files\fichiers communs\aol\1166896196\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll] [AOL LLC., 4.1.6.1]
[PID: 1856 / Christophe][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.2.1]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 1888 / Christophe][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[PID: 1900 / Christophe][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1908 / Christophe][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.09.0.0]
[C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.09.1.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.3.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\bwtmount.dll] [DT Soft Ltd., 1.00.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [DT Soft Ltd., 1.10.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.02.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\iszmount.dll] [DT Soft Ltd., 1.02.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.22.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [DT Soft Ltd., 1.12.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [DT Soft Ltd., 1.01.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\pfcmount.dll] [DT Soft Ltd., 1.00.0.0]
[C:\Program Files\DAEMON Tools\pfctoc.dll] [Padus(R), Inc., 1, 0, 0, 12]
[PID: 1964 / Christophe][C:\Program Files\AOL 9.0\aoltray.exe] [America Online, Inc., 9.00.001]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 340 / SYSTEM][C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe] [AOL LLC, 4.6.1.2 ]
[C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.dll] [AOL LLC, 4.7.14.1 ]
[C:\PROGRA~1\FICHIE~1\AOL\ACS\xpat.dll] [AOL LLC, 4.7.14.1 ]
[C:\Program Files\Fichiers communs\AOL\ACS\ACSMDiag.dll] [AOL LLC, 4.7.14.1 ]
[C:\Program Files\Fichiers communs\AOL\AOLDiag\tbdiag.dll] [AOL LLC, 3.3.14.1]
[C:\Program Files\Fichiers communs\AOL\ACS\AcsCmn.dll] [AOL LLC, 4.7.14.1 ]
[C:\Program Files\Fichiers communs\AOL\ACS\ACSSwu.dll] [AOL LLC, 4.7.14.1 ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[PID: 400 / SYSTEM][C:\WINDOWS\System32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.0]
[PID: 880 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9064.9150]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\slserv.exe] [ , 2.80.00(24Apr2000)]
[PID: 1448 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1504 / SERVICE LOCAL][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1720 / SYSTEM][C:\WINDOWS\wanmpsvc.exe] [America Online, Inc., 9, 0, 0, 0]
[PID: 2012 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 7.0.2.1]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 2168 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3164 / Christophe][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL] [Protect Software GmbH, 1.0.0.14]
[C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL] [Skype Technologies S.A., 2, 2, 0, 78]
[C:\Program Files\Skype\toolbars\Shared\SPhoneParser.dll] [Skype Technologies, 1, 0, 1, 150]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.5.1r102]
[PID: 3300 / Christophe][C:\Documents and Settings\Christophe\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Documents and Settings\Christophe\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1724, C:\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1808, C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAGENT.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[/CODE]

Virus Application.Prockill.BL

9 réponses

Votre réponse

Discussions similaires

Newsletters