Trojan.win32.looksky

Résolu
yannourss -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
qqun peut il m aider je suis infecter par trojan.win32.looksky et je n arrive pas a men debarrasser.... comment peut on faire en + je ne connais pas grand chose en ordi merci d avance yannourss
Configuration: Windows XP
Internet Explorer 6.0

59 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par le trojan Win32 LookSky sur Windows XP peut provoquer des messages d'erreur au démarrage et des dysfonctionnements d'applications, rendant difficile la suppression du malware et la stabilité du système. Des éléments de réponse consistent à analyser les entrées de démarrage et les processus sur Windows XP, afin de repérer les composants liés au trojan LookSky et de les désactiver. Pour résoudre le problème, il est préconisé de vérifier les programmes lancés au démarrage et de désactiver les éléments suspects, puis d'effectuer un nettoyage antivirus approfondi. En cas d'échec des outils de nettoyage, la restauration du système ou une réinstallation partielle peut être nécessaire pour éliminer définitivement les autoruns et les services indésirables.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    commence par ceci :

    * Télécharge HijackThis et poste le rapport stp

    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html
    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    et

    * Télécharge CCleaner.

    https://www.pcastuces.com/logitheque/ccleaner.htm

    Installe le dans un répertoire dédié.

    Décoche pendant l'installation

    --- les deux cases "Ajouter l'option ... "

    --- Contrôler les mises à jour

    --- Ajouter la Barre d'Outils Yahoo! CCleaner

    * Lance Ccleaner pour un nettoyage complet.

    ------

    * télécharge AVG Anti-Spyware (ewido)

    https://www.avg.com/en-ww/free-antivirus-download

    * tu l'installes

    * lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

    puis

    Lance AVG Anti-Spyware

    Clique sur le bouton Analyse (de la barre d'outils)

    puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.

    Puis sur l'onglet Paramètres,
    sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.

    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

    A la fin du scan, choisis l'option 3

    "Appliquer toutes les actions " en bas.

    Clique sur "Enregistrer le rapport".

    Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    Poste le.

    0
  2. yannourss
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:14:34, on 26/08/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Defenza\pcd-as.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ail/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par AOL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\ADOBE\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\ADOBE\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: wmphost - {CCDFA7B5-DD9F-4E63-A676-067762A96F7F} - C:\WINDOWS\wmphost.dll
    O21 - SSODL: wmpdev - {288329A9-BC4F-498C-BEB8-3AC865A74279} - C:\WINDOWS\wmpdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O24 - Desktop Component 0: (no name) - https://animals.timduru.org/dirlist/dog/Calender_WhiteLabradorRetrieverDog_puppy.jpg
    O24 - Desktop Component 1: (no name) - http://www.easy4blog.com/picture/pupucevivie/s5vyuqj3.jpg
    O24 - Desktop Component 2: (no name) - http://massimo79.altervista.org/immagini/labrador_baby.jpg
    0
  3. yannourss
     
    voici mon autre rapport merci d avance
    SmitFraudFix v2.217

    Rapport fait à 17:57:20,86, 26/08/2007
    Executé à partir de C:\Documents and Settings\Administrateur.R372300080\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\main_uninstaller.exe PRESENT !
    C:\WINDOWS\mxduo.dll PRESENT !
    C:\WINDOWS\wmpdev.dll PRESENT !
    C:\WINDOWS\wmphost.dll PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\migicons.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.R372300080

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.R372300080\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.R37\FAVORIS

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\VideoAccessCodec\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="https://animals.timduru.org/dirlist/dog/Calender_WhiteLabradorRetrieverDog_puppy.jpg"
    "SubscribedURL"="https://animals.timduru.org/dirlist/dog/Calender_WhiteLabradorRetrieverDog_puppy.jpg"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="http://www.easy4blog.com/picture/pupucevivie/s5vyuqj3.jpg"
    "SubscribedURL"="http://www.easy4blog.com/picture/pupucevivie/s5vyuqj3.jpg"
    "FriendlyName"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
    "Source"="http://massimo79.altervista.org/immagini/labrador_baby.jpg"
    "SubscribedURL"="http://massimo79.altervista.org/immagini/labrador_baby.jpg"
    "FriendlyName"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: ADI USB Remote NDIS Network Device #5
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 0.0.0.0

    Description: ADI USB Remote NDIS Network Device #5
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 0.0.0.0

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{65CF91FD-5704-4C3D-9709-11A6D5B0FA51}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9615E556-AB70-4E7C-AD8C-4717ECDC82BB}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{65CF91FD-5704-4C3D-9709-11A6D5B0FA51}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9615E556-AB70-4E7C-AD8C-4717ECDC82BB}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{65CF91FD-5704-4C3D-9709-11A6D5B0FA51}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9615E556-AB70-4E7C-AD8C-4717ECDC82BB}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  4. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    ce n'est pas ce que je t'avais demandé pour l'instant, mais c pas grave, on continue

    Maintenant :

    Utilisation ----- option 2 -Nettoyage :

    * Redémarre l'ordinateur en mode sans échec
    (tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924

    * Double clique sur smitfraudfix.cmd

    * Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté.

    A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    * Redémarre en mode normal et poste le rapport ici

    N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
    Attention que l'option 2 de l'outil supprime le fond d'écran !

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. yannourss
     
    le probleme cest qu il ne repond pas en mode sans echec les fleches ne reponde pas ke faire?
    0
  7. yannourss
     
    mon ordi seteint frequement et ne veu pa redemarrer qd il veu bien je vien vite sur le site mai cest dur dur et en plus il a du mal a se connecter sur internet, puiis lorsque je fai une restauration systeme cela medit a chaque fois que ce nai pas possible!!!!!!!!!!!!!!!!!
    0
  8. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    essaie alors de le passer en mode normal, on verra bien ce que ça donne
    0
  9. yannourss
     
    je ne peu rien faire ni passer en mode echec ni en mode normal rien ne repond alors que faire?
    0
  10. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    et comment fais tu pour venir sur le forum ?
    quand tu dis rien ne répond, c'est à dire ?
    0
  11. yannourss
     
    qd je sui ds la fenetre pour passer en mode echec normal.... les fleches pour bouger normalement sur ce que tu veux faire ne reponde pas tout simplement. dotre par qd jetein mon ordi il met des heure pour ce mettre en route il redemarre en boucle et ce coupe et recommence la il marche jusqua qd la es la question
    0
  12. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    donc si pour le moment il fonctionne, essaye de passer l'option 2 en mode normal

    et reposte un rapport hijackthis également
    0
  13. yannourss
     
    loption 2 de koi je ne me rapel + merci je suis un peu nul
    0
  14. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    c pas la question d'être nul, c'est simplement d'essayer de suivre un peu.....:)

    remonte au post 4
    0
  15. yannourss
     
    cela na pa marcher ca a planter l ordi puis qd jai lancer l etape 2 cela ma mis acces refuse (destruction des fichiers infecter) cela ma pris une demi heure pour que mon ordi veuille bien redemarrer la galere
    0
  16. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bon essaie de faire un rapport de SReng

    Télécharge SREng (par Smallfrogs) de ce lien:
    http://www.kztechs.com/eng/download.html

    Extrais tout son contenu sur ton Bureau
    Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
    Clique sur Smart Scan
    Ensuite, clique sur le bouton [Scan]

    Lorsque complété, clique sur le bouton [Save Reports]
    Sauvegarde le rapport sur ton Bureau
    Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.
    0
  17. yannourss
     
    voila ce que ca dit ... merci
    [CODE]

    2007-08-26,22:15:33

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Professional Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
    <IncrediMail><C:\Program Files\IncrediMail\bin\IncMail.exe /c> [IncrediMail, Ltd.]
    <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SystemTray><SysTray.Exe> [(Verified)Microsoft Windows XP Publisher]
    <Easy-PrintToolBox><C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon> [CANON INC.]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
    <QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
    <Adobe Photo Downloader><"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"> [Adobe Systems Incorporated]
    <Sony Ericsson PC Suite><"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> []
    <spywarefighterguard><C:\Program Files\SPYWAREfighter\spftray.exe> [(Verified)SPAMfighter ApS]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <wmphost><C:\WINDOWS\wmphost.dll> [N/A]
    <wmpdev><C:\WINDOWS\wmpdev.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Lecteur Windows Media Microsoft 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl> [N/A]

    ==================================
    Startup Folders
    [Lancement rapide d'Adobe Reader]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\ADOBE\READER~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
    [Adobe Reader Synchronizer]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk --> C:\PROGRA~1\ADOBE\READER~1.0\Reader\ADOBEC~1.EXE []><N>

    ==================================
    Services
    [ASP.NET State Service / aspnet_state][Stopped/Manual Start]
    <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
    [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
    [avast! Antivirus / avast! Antivirus][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
    [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
    [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
    [R54G Wireless Service / R54G Wireless Service][Running/Auto Start]
    <C:\Program Files\Wireless 802.11g Monitor\WLService.exe><N/A>
    [SmartLinkService / SLService][Running/Auto Start]
    <slserv.exe><Smart Link>
    [TuneUp WinStyler Theme Service / TUWinStylerThemeSvc][Stopped/Manual Start]
    <><N/A>

    ==================================
    Drivers
    [Quinnware CDDA Driver (by InfinaDyne) / CDRPDACC][Running/Auto Start]
    <\??\C:\Program Files\Quintessential Player\cdrpdacc.sys><Arrowkey>
    [Sony Ericsson 600i driver (WDM) / k600bus][Stopped/Manual Start]
    <System32\DRIVERS\k600bus.sys><MCCI>
    [Sony Ericsson 600i USB WMC Modem Filter / k600mdfl][Stopped/Manual Start]
    <System32\DRIVERS\k600mdfl.sys><MCCI>
    [Sony Ericsson 600i USB WMC Modem Drivers / k600mdm][Stopped/Manual Start]
    <System32\DRIVERS\k600mdm.sys><MCCI>
    [Sony Ericsson 600i USB WMC OBEX Interface Drivers / k600obex][Stopped/Manual Start]
    <System32\DRIVERS\k600obex.sys><MCCI>
    [Machnm32 Driver / Machnm32][Running/Auto Start]
    <\??\C:\WINDOWS\System32\Machnm32.sys><N/A>
    [AEGIS Protocol (IEEE 802.1x) v2.3.1.9 / MDC8021X][Running/Auto Start]
    <System32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
    [Mtlmnt5 / Mtlmnt5][Running/Manual Start]
    <System32\DRIVERS\Mtlmnt5.sys><Smart Link>
    [Mtlstrm / Mtlstrm][Stopped/Manual Start]
    <System32\DRIVERS\Mtlstrm.sys><Smart Link>
    [NtMtlFax / NtMtlFax][Stopped/Manual Start]
    <System32\DRIVERS\NtMtlFax.sys><Smart Link>
    [nv / nv][Running/Manual Start]
    <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
    [Appareil photo VGA USB Philips PCVC690 / phil2vid][Stopped/Manual Start]
    <System32\DRIVERS\philcam2.sys><Microsoft Corporation>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [PxHelp20 / PxHelp20][Running/Boot Start]
    <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
    [RecAgent / RecAgent][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\RecAgent.sys><Smart Link>
    [Wireless 802.11g USB Adapter Driver / rt2571][Stopped/Manual Start]
    <System32\DRIVERS\rt2571.sys><Ralink Technology Inc.>
    [Sony Ericsson Device 115 driver (WDM) / s115bus][Stopped/Manual Start]
    <System32\DRIVERS\s115bus.sys><MCCI Corporation>
    [Sony Ericsson Device 115 USB WMC Modem Filter / s115mdfl][Stopped/Manual Start]
    <System32\DRIVERS\s115mdfl.sys><MCCI Corporation>
    [Sony Ericsson Device 115 USB WMC Modem Driver / s115mdm][Stopped/Manual Start]
    <System32\DRIVERS\s115mdm.sys><MCCI Corporation>
    [Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) / s115mgmt][Stopped/Manual Start]
    <System32\DRIVERS\s115mgmt.sys><MCCI Corporation>
    [Sony Ericsson Device 115 USB WMC OBEX Interface / s115obex][Stopped/Manual Start]
    <System32\DRIVERS\s115obex.sys><MCCI Corporation>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys><N/A>
    [SiS 163 usb Wireless LAN Adapter Driver / SIS163u][Stopped/Manual Start]
    <System32\DRIVERS\sis163u.sys><SiS Corporation>
    [Smart Link 56K Modem Driver / Slntamr][Running/Manual Start]
    <System32\DRIVERS\slntamr.sys><Smart Link>
    [SlNtHal / SlNtHal][Stopped/Manual Start]
    <System32\DRIVERS\Slnthal.sys><Smart Link>
    [SlWdmSup / SlWdmSup][Running/Manual Start]
    <System32\DRIVERS\SlWdmSup.sys><Smart Link>
    [Contrôleur audio VIA AC'97 (WDM) / VIAudio][Running/Manual Start]
    <system32\drivers\ac97via.sys><VIA Technologies, Inc.>
    [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
    <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
    [GTNDIS5 NDIS Protocol Driver / GTNDIS5][Running/Manual Start]
    <\??\C:\WINDOWS\System32\GTNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

    ==================================
    Browser Add-ons
    [Aide pour le lien d'Adobe PDF Reader]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [MSVPS System]
    {208D7BCC-9857-4C9E-823B-D04E72490A67} <C:\WINDOWS\mxduo.dll, >
    [Skype add-on (mastermind)]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
    []
    {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
    [&Radio]
    {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
    [Easy-WebPrint]
    {327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
    [Hotmail Attachments Control]
    {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} <C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx, Microsoft Corporation>
    [&Recherche AOL Toolbar]
    <res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML, N/A>

    ==================================
    Running Processes
    [PID: 292 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [PID: 392 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 416 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 460 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 480 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [PID: 640 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 716 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\uxtuneup.dll] [TuneUp Software GmbH, 1.0.0.2]
    [C:\WINDOWS\System32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [PID: 896 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 940 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1016 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1029, 0]
    [PID: 1072 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1004, 0]
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1029, 0]
    [PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\CNMLM5y.DLL] [CANON INC., 1.80.2.50]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD5y.DLL] [CANON INC., 1.80.2.50]
    [PID: 1884 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [PID: 2008 / SYSTEM][C:\Program Files\Wireless 802.11g Monitor\WLService.exe] [N/A, ]
    [PID: 272 / SYSTEM][C:\WINDOWS\system32\slserv.exe] [Smart Link, 3.80.01MC15]
    [PID: 316 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 356 / SYSTEM][C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe] [, 1, 0, 2, 18]
    [C:\Program Files\Wireless 802.11g Monitor\PINGDLL.dll] [N/A, ]
    [C:\Program Files\Wireless 802.11g Monitor\ProcNICs.dll] [GemTek, 1, 0, 0, 7]
    [C:\Program Files\Wireless 802.11g Monitor\Ralinktek.dll] [Gemtek, 4, 4, 1, 15]
    [C:\WINDOWS\System32\GTW32N50.dll] [, 1.0.0.1]
    [C:\Program Files\Wireless 802.11g Monitor\GEMWEP.DLL] [, 1, 0, 0, 1]
    [C:\Program Files\Wireless 802.11g Monitor\Security.dll] [, 1, 0, 1, 5]
    [PID: 700 / Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
    [PID: 1660 / Administrateur][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1004, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1004, 0]
    [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1029, 0]
    [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1029, 0]
    [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1029, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1029, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1029, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1029, 0]
    [PID: 1668 / Administrateur][C:\Program Files\QuickTime\QTTask.exe] [Apple Inc., 7.2]
    [PID: 1680 / Administrateur][C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe] [Adobe Systems Incorporated, 3.0.0.50878]
    [C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdboot.dll] [Adobe Systems Incorporated, 3.0.0.50878]
    [C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [PID: 1708 / Administrateur][C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe] [, 2.2.10.58]
    [C:\WINDOWS\System32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Teleca Shared\tlib_log.dll] [Popwire AB, 1.1.1.139]
    [C:\Program Files\Fichiers communs\Teleca Shared\boost_log-vc71-mt-1_33.dll] [N/A, ]
    [C:\Program Files\Fichiers communs\Teleca Shared\tlib_cmndlgs.dll] [Popwire AB, 1.1.0.19]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll] [, 2.0.6.1]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll] [, 2.0.5.1]
    [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherMainDlg.dll] [Sony Ericsson Mobile Communications AB, 2.0.4.33]
    [C:\WINDOWS\System32\icm32.dll] [Microsoft Corporation, 5.1.2600.1710 (xpsp2.050628-1527)]
    [C:\Program Files\Fichiers communs\Teleca Shared\TC Device Mgmt.dll] [Teleca AB, 1.5.0.87]
    [PID: 1740 / Administrateur][C:\Program Files\SPYWAREfighter\spftray.exe] [SPAMfighter, 1, 7, 6, 0]
    [C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll] [Spamfighter A/S, 1.07]
    [C:\WINDOWS\System32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\System32\VB6fr.DLL] [Microsoft Corporation, 6.00.8169]
    [C:\Program Files\SPYWAREfighter\spfrm.dll] [SpamFighter Aps, 1.7.1.0]
    [PID: 1760 / Administrateur][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [PID: 1780 / Administrateur][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\System32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
    [C:\WINDOWS\System32\msdmo.dll] [, ]
    [C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
    [PID: 1820 / Administrateur][C:\Program Files\Skype\Phone\Skype.exe] [Skype Technologies S.A., 3.5.0.214]
    [C:\WINDOWS\System32\dxdiagn.dll] [Microsoft Corporation, 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\msdmo.dll] [, ]
    [PID: 332 / Administrateur][C:\PROGRA~1\INCRED~1\bin\IMApp.exe] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImUtilsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImNtUtilU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImLookU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\Program Files\IncrediMail\bin\ImAppRU.dll] [, 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImComUtlU.dll] [, 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImSpoolU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImFoldrsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImServU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImJunkU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\PROGRA~1\INCRED~1\bin\ImNotfyU.dll] [IncrediMail, Ltd., 5, 6, 5, 3088]
    [C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
    [PID: 1940 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1004, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1029, 0]
    [PID: 2096 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1004, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1004, 0]
    [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1004, 0]
    [PID: 2340 / Administrateur][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\wucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\wuaucpl.cpl] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\mucltui.dll.mui] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [PID: 2452 / Administrateur][C:\Program Files\Skype\Plugin Manager\skypePM.exe] [Skype Technologies, 1.5.0.3]
    [C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll] [EasyBits Software Corp., 1.5.0.3]
    [PID: 2548 / Administrateur][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\WINDOWS\mxduo.dll] [, 1, 0, 0, 1]
    [C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll] [Skype Technologies S.A., 2, 2, 0, 105]
    [C:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll] [Skype Technologies, 1, 0, 1, 157]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
    [C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 2740 / Administrateur][C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe] [Teleca AB, 1.5.0.395]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Teleca Shared\tlib_log.dll] [Popwire AB, 1.1.1.139]
    [C:\Program Files\Fichiers communs\Teleca Shared\boost_log-vc71-mt-1_33.dll] [N/A, ]
    [C:\WINDOWS\System32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0]
    [C:\Program Files\Fichiers communs\Teleca Shared\TC Device Mgmt.dll] [Teleca AB, 1.5.0.87]
    [C:\Program Files\Fichiers communs\Teleca Shared\HookStarter.dll] [Popwire AB, 1.0.3.11]
    [C:\Program Files\Fichiers communs\Teleca Shared\SpecificUSB.dll] [Teleca AB, 1, 2, 2, 1]
    [C:\Program Files\Fichiers communs\Sony Ericsson Shared\SpecificMPM.dll] [Sony Ericsson Mobile Communications AB, 1, 3, 0, 0]
    [PID: 2960 / Administrateur][C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe] [Sony Ericsson Mobile Communications AB, 1, 2, 0,1234]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,166]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,1238]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll] [Sony Ericsson Mobile Communications AB, 1, 2, 0,354]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires040c.DLL] [Popwire AB, 1, 0, 0,2048]
    [C:\WINDOWS\System32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,1055]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,1272]
    [PID: 3492 / Administrateur][C:\PROGRA~1\WINZIP\winzip32.exe] [WinZip Computing, Inc., 13.0 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZVINFO.DLL] [WinZip Computing, Inc., 1.0 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZCAB3.DLL] [WinZip Computing, Inc., 3.0 (32-bit)]
    [C:\PROGRA~1\WINZIP\wz32.dll] [WinZip Computing, Inc., 13.0 (32-bit)]
    [C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
    [PID: 3508 / Administrateur][C:\DOCUME~1\ADMINI~1.R37\LOCALS~1\Temp\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1668, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1680, C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM EDITION DÉCOUVERTE\3.0\APPS\APDPROXY.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1708, C:\PROGRAM FILES\SONY ERICSSON\MOBILE2\APPLICATION LAUNCHER\APPLICATION LAUNCHER.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 332, C:\PROGRA~1\INCRED~1\BIN\IMAPP.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2740, C:\PROGRAM FILES\FICHIERS COMMUNS\TELECA SHARED\GENERIC.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2960, C:\PROGRAM FILES\SONY ERICSSON\MOBILE2\MOBILE PHONE MONITOR\EPMWORKER.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3492, C:\PROGRA~1\WINZIP\WINZIP32.EXE]

    ==================================
    API HOOK
    N/A

    ==================================
    Hidden Process
    N/A

    ==================================

    [/CODE]
    0
  18. yannourss
     
    que dit le rapport alors!!!!! qd penses tu? merci d avance
    0
  19. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    ce qui est étrange c'est que je ne retrouve dans ce rapport que des choses qui devraient disparaitre avec smitfraud.

    reposte un rapport hiajckthis stp
    0
  20. yannourss
     
    smitfraud ne fonctionne pas sur mon ordi il le plante a chaque fois que je touche licone alors?????
    0
  21. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    alors je coince, je vais voir

    reposte un rapport HJT stp
    0
  • 1
  • 2
  • 3