Trojan Win32.BHO-JK

Résolu
Zandollydor -  
 marines2345 -
Bonjour,
Depuis le 10.12 le troyen win 32.BHO-JK a infecté mon pc. Il plante. J'ai reçu une centaine d'alertes par avast antivirus et ces alertes croissent.... J'ai utilisé spyware doctor, spybot, ad aware.... J'ai zone alarm pro. et rien ne me le détecte. Avast n'arrive pas à supprimier le logiciel malveillant. Je ne sais plus quoi faire.... Si vous pouviez m'aider. Merci beaucoup d'avance.
Zando.
A voir également:

40 réponses

Précédent
  • 1
  • 2
Réponse 21 / 40
zandollydor
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\E37JRI7R\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 22 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Curieux. Les rapports ne montrent rien.

Quel genre de problème as-tu ?

1/ * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
* Un nouveau dossier chercher va être créé.
* Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
* Une fenêtre va s'ouvrir, choisis l'option 1
* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

2/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
* Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
* Ouvre le dossier SReng2 et double-clique sur SREng.exe.
* Clique sur "smart scan".
* Clique sur le bouton "scan".
* Quand l'analyse est terminée, clique sur le bouton "save reports".
* Sauvegarde alors le rapport sur ton bureau.
* Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

3/ * Télécharge GenProc (de Lazzzy et Narco4) sur ton bureau : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
* Dézippe-le sur ton bureau (Clic droit>Extraire ici).
* Double-clique sur GenProc.bat et édite le rapport généré par le programme.
* Tu trouveras une aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

FillPCA
0
Réponse 23 / 40
zandollydor
 
Mon pc rame terriblement. Il lui faut près de 15 min pour démarrer, et il bugge "bizarrement", si ça peut vous intéresser, je peux lancer une analyse avst et vous envoyer le rapport?
0
Réponse 24 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Non, édite simplement les rapports demandés.

FillPCA
0
zandollydor
 
Re,
DiagHelp version v1.4 - http://www.malekal.com
excute le 09/12/2007 à 11:35:04,00


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->09/12/2007 11:33:53
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->09/12/2007 11:33:35
C:\WINDOWS\prefetch\INCMAIL.EXE-0B0D4F12.pf -->09/12/2007 11:29:17
C:\WINDOWS\prefetch\WINWORD.EXE-37F6AE09.pf -->09/12/2007 11:26:09
C:\WINDOWS\prefetch\IMNOTFY.EXE-2A372AB1.pf -->09/12/2007 11:25:55
C:\WINDOWS\prefetch\ASHAVAST.EXE-12F63458.pf -->09/12/2007 11:20:50
C:\WINDOWS\prefetch\HPZIPM12.EXE-145E7369.pf -->09/12/2007 11:19:42
C:\WINDOWS\prefetch\REALPLAY.EXE-1BF219BD.pf -->09/12/2007 11:19:39
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf -->09/12/2007 11:19:34
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->09/12/2007 11:04:18

C:\WINDOWS\System32\drivers\MS1000.sys -->08/12/2007 14:00:15
C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
C:\WINDOWS\System32\drivers\kcom.sys -->04/10/2007 17:11:00

C:\WINDOWS\System32\vsconfig.xml -->09/12/2007 10:45:20
C:\WINDOWS\System32\zllictbl.dat -->08/12/2007 23:06:13
C:\WINDOWS\System32\rtstv.ini -->08/12/2007 16:58:24
C:\WINDOWS\System32\perfh00C.dat -->07/12/2007 23:11:23
C:\WINDOWS\System32\perfh009.dat -->07/12/2007 23:11:23
C:\WINDOWS\System32\perfc00C.dat -->07/12/2007 23:11:23
C:\WINDOWS\System32\perfc009.dat -->07/12/2007 23:11:23
C:\WINDOWS\System32\PerfStringBackup.INI -->07/12/2007 23:11:22
C:\WINDOWS\System32\CONFIG.NT -->07/12/2007 19:42:27
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\AvastSS.scr -->04/12/2007 13:54:04
C:\WINDOWS\System32\divx_xx11.dll -->04/12/2007 02:33:18
C:\WINDOWS\System32\divx_xx0c.dll -->04/12/2007 02:33:18
C:\WINDOWS\System32\divx_xx07.dll -->04/12/2007 02:33:18
C:\WINDOWS\System32\DivX.dll -->04/12/2007 02:33:16
C:\WINDOWS\System32\divxdec.ax -->04/12/2007 02:33:14
C:\WINDOWS\System32\swsc.exe -->04/12/2007 01:00:42
C:\WINDOWS\System32\dsm_fr.qm -->29/11/2007 23:30:42
C:\WINDOWS\System32\divxsm.tlb -->29/11/2007 23:30:42
C:\WINDOWS\System32\DivXsm.exe -->29/11/2007 23:30:42
C:\WINDOWS\System32\qt-dx331.dll -->29/11/2007 23:30:28
C:\WINDOWS\System32\ssldivx.dll -->29/11/2007 23:30:16
C:\WINDOWS\System32\libdivx.dll -->29/11/2007 23:30:16
C:\WINDOWS\System32\dtu100.dll.manifest -->29/11/2007 23:28:24
C:\WINDOWS\System32\dtu100.dll -->29/11/2007 23:28:24

C:\WINDOWS\system.ini -->09/12/2007 10:44:57
C:\WINDOWS\0.log -->09/12/2007 10:44:11
C:\WINDOWS\wiadebug.log -->09/12/2007 10:42:52
C:\WINDOWS\WindowsUpdate.log -->09/12/2007 10:42:50
C:\WINDOWS\wiaservc.log -->09/12/2007 10:42:43
C:\WINDOWS\bootstat.dat -->09/12/2007 10:41:25
C:\WINDOWS\SchedLgU.Txt -->09/12/2007 10:40:11
C:\WINDOWS\setupapi.log -->08/12/2007 19:34:34
C:\WINDOWS\catchme.exe -->08/12/2007 03:32:45
C:\WINDOWS\wmsetup.log -->07/12/2007 23:40:24
C:\WINDOWS\setupact.log -->07/12/2007 18:58:15
C:\WINDOWS\tsc.ini -->07/12/2007 13:15:45
C:\WINDOWS\vsapi32.dll -->07/12/2007 13:08:03
C:\WINDOWS\BPMNT.dll -->07/12/2007 13:08:00
C:\WINDOWS\GetServer.ini -->07/12/2007 13:07:50

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1540
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll
0x442b0000 0x3c000 7.00.6000.16544 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x00fe0000 0xe000 C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x636e0000 0x29000 5.00.0005.0024 C:\Program Files\Spyware Doctor\smumhook.dll
0x10000000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x00e30000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x03150000 0x11a000 1.05.0000.0008 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x01850000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x03570000 0x2d000 C:\Program Files\WinRAR\rarext.dll
0x035a0000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 736
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x10000 6.14.0010.4118 C:\WINDOWS\system32\Ati2evxx.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x636e0000 0x29000 5.00.0005.0024 C:\Program Files\Spyware Doctor\smumhook.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 88EA-237E

Répertoire de C:\WINDOWS\system32

05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 46 600 699 904 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 88EA-237E

Répertoire de C:\WINDOWS\Downloaded Program Files

08/12/2007 19:34 <REP> .
08/12/2007 19:34 <REP> ..
06/09/2007 16:08 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
23/03/2007 11:17 1 292 erma.inf
01/11/2005 22:16 406 FacebookPhotoUploader.inf
03/11/2005 19:17 1 935 120 FacebookPhotoUploader.ocx
16/05/2007 07:22 399 gp.inf
16/08/2007 22:26 88 136 HPGetDownloadManager.ocx
16/10/2007 15:58 345 ImageUploader4.inf
13/11/2007 17:42 2 663 944 ImageUploader4.ocx
27/07/2004 15:48 323 584 isusweb.dll
25/09/2007 00:33 1 055 jinstall-6u3.inf
07/01/2007 12:55 2 305 kavwebscan.inf
17/01/2007 23:27 345 512 MSDcode.dll
24/09/2007 14:10 304 setup.inf
11/06/2007 11:21 5 021 swflash.inf
02/11/2005 18:01 1 777 xscan.inf
02/11/2005 18:07 435 712 xscan53.ocx
18 fichier(s) 6 026 161 octets

Total des fichiers listés :
18 fichier(s) 6 026 161 octets
2 Rép(s) 46 600 568 832 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"


Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 11:41:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
460 - guard.exe
520 - msnmsgr.exe
708 - csrss.exe
736 - winlogon.exe
784 - services.exe
796 - lsass.exe
844 - ashServ.exe
964 - svchost.exe
1060 - svchost.exe
1140 - svcntaux.exe
1152 - svchost.exe
1228 - svchost.exe
1292 - swdsvc.exe
1368 - svchost.exe
1380 - vsmon.exe
1516 - GoogleUpdaterSe
1540 - explorer.exe
1616 - ashWebSv.exe
1968 - TeaTimer.exe
1984 - IncMail.exe
2060 - SDTrayApp.exe
2084 - ashSimpl.exe
2164 - eabservr.exe
2172 - ImApp.exe
2488 - atiptaxx.exe
2508 - iPodService.exe
2612 - Apoint.exe
2856 - zlclient.exe
2872 - hpqtra08.exe
2888 - iexplore.exe
3040 - AGRSMMSG.exe
3092 - cmd.exe
3324 - ashDisp.exe
3380 - alg.exe
3424 - avgas.exe
3432 - ctfmon.exe
3680 - svchost.exe
4036 - ashMaiSv.exe

Total number of processes = 39
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806CE000 - \WINDOWS\system32\hal.dll
F8B66000 - \WINDOWS\system32\KDCOM.DLL
F8A76000 - \WINDOWS\system32\BOOTVID.dll
F8536000 - ACPI.sys
F8B68000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F8525000 - pci.sys
F8666000 - isapnp.sys
F8676000 - ohci1394.sys
F8686000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F8A7A000 - compbatt.sys
F8A7E000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F8C2E000 - PCIIde.sys
F88E6000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS
F8B6A000 - intelide.sys
F8507000 - pcmcia.sys
F8696000 - MountMgr.sys
F84E8000 - ftdisk.sys
F8A82000 - ACPIEC.sys
F8C2F000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F88EE000 - PartMgr.sys
F86A6000 - VolSnap.sys
F84D0000 - atapi.sys
F86B6000 - disk.sys
F86C6000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F84B0000 - fltMgr.sys
F849E000 - sr.sys
F86D6000 - ikfilesec.sys
F86E6000 - PxHelp20.sys
F8487000 - KSecDD.sys
F83FA000 - Ntfs.sys
F83CD000 - NDIS.sys
F83BC000 - Serial.sys
F83A8000 - srescan.sys
F838D000 - Mup.sys
F8706000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F87F6000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F8B12000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys
F81EF000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F7ABB000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F89BE000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F7A98000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F89C6000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F787C000 - \SystemRoot\system32\DRIVERS\w29n51.sys
F7854000 - \SystemRoot\system32\drivers\tifm21.sys
F7843000 - \SystemRoot\system32\DRIVERS\sdbus.sys
F89CE000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS
F7803000 - \SystemRoot\system32\drivers\smwdm.sys
F77DF000 - \SystemRoot\system32\drivers\portcls.sys
F8806000 - \SystemRoot\system32\drivers\drmk.sys
F77BC000 - \SystemRoot\system32\drivers\ks.sys
F779C000 - \SystemRoot\system32\drivers\aeaudio.sys
F773E000 - \SystemRoot\system32\drivers\senfilt.sys
F7639000 - \SystemRoot\system32\DRIVERS\AGRSM.sys
F89D6000 - \SystemRoot\System32\Drivers\Modem.SYS
F8B1E000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F8816000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F89DE000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F761F000 - \SystemRoot\system32\DRIVERS\Apfiltr.sys
F89E6000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F8826000 - \SystemRoot\system32\DRIVERS\imapi.sys
F89EE000 - \SystemRoot\system32\drivers\Afc.sys
F8836000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F8846000 - \SystemRoot\system32\DRIVERS\redbook.sys
F89F6000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
F8DAB000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8856000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F8B2A000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F75E0000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8866000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F8876000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F89FE000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F75CF000 - \SystemRoot\system32\DRIVERS\psched.sys
F8886000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F8A06000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F8A0E000 - \SystemRoot\system32\DRIVERS\raspti.sys
F8896000 - \SystemRoot\system32\DRIVERS\termdd.sys
F8B7E000 - \SystemRoot\system32\DRIVERS\swenum.sys
F74D6000 - \SystemRoot\system32\DRIVERS\update.sys
F8B3A000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F88A6000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F88D6000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8B82000 - \SystemRoot\system32\DRIVERS\USBD.SYS
EE14F000 - \SystemRoot\system32\drivers\iksysflt.sys
F756F000 - \SystemRoot\system32\drivers\KCOM.SYS
EE138000 - \SystemRoot\system32\drivers\iksyssec.sys
F8BA2000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8CD9000 - \SystemRoot\System32\Drivers\Null.SYS
F8BA4000 - \SystemRoot\System32\Drivers\Beep.SYS
F8CDA000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F894E000 - \SystemRoot\System32\drivers\vga.sys
F8BA6000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8BA8000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F8956000 - \SystemRoot\System32\Drivers\Msfs.SYS
F895E000 - \SystemRoot\System32\Drivers\Npfs.SYS
F833C000 - \SystemRoot\system32\DRIVERS\rasacd.sys
EE105000 - \SystemRoot\system32\DRIVERS\ipsec.sys
EE0AD000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F755F000 - \SystemRoot\System32\Drivers\aswTdi.SYS
EE085000 - \SystemRoot\system32\DRIVERS\netbt.sys
EE025000 - \SystemRoot\System32\vsdatant.sys
EE003000 - \SystemRoot\System32\drivers\afd.sys
F754F000 - \SystemRoot\system32\DRIVERS\netbios.sys
EDFD8000 - \SystemRoot\system32\DRIVERS\rdbss.sys
EDF69000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F753F000 - \SystemRoot\System32\Drivers\Fips.SYS
EDF48000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F752F000 - \SystemRoot\system32\DRIVERS\wanarp.sys
EED1B000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F8BAA000 - \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
F8CF0000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F896E000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F7603000 - \SystemRoot\system32\DRIVERS\hidusb.sys
EEC9B000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F8986000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F75FB000 - \SystemRoot\system32\DRIVERS\mouhid.sys
EE1D3000 - \SystemRoot\System32\Drivers\Cdfs.SYS
ED88D000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8BC8000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
EDF40000 - \SystemRoot\System32\drivers\Dxapi.sys
EE29B000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F8C93000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA0C000 - \SystemRoot\System32\ati2cqag.dll
BFA40000 - \SystemRoot\System32\atikvmag.dll
BFA75000 - \SystemRoot\System32\ati3duag.dll
BFCB7000 - \SystemRoot\System32\ativvaxx.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
EB84D000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
EDD0E000 - \SystemRoot\System32\Drivers\aswMon2.SYS
EDB91000 - \SystemRoot\system32\drivers\wdmaud.sys
EDBEE000 - \SystemRoot\system32\drivers\sysaudio.sys
EEACC000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
EEA19000 - \SystemRoot\system32\DRIVERS\srv.sys
F8CBA000 - \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
EF43D000 - \SystemRoot\System32\Drivers\HTTP.sys
EEBEF000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F8A56000 - \??\C:\DOCUME~1\Zando\LOCALS~1\Temp\catchme.sys
EEF77000 - \SystemRoot\system32\drivers\kmixer.sys
EDA92000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 142

Liste des programmes installes

1500
1500_Help
1500Trb
Add/Remove Pro (Freeware)
Adobe Flash Player ActiveX
Adobe Reader 8.1.0 - Français
Agere Systems AC'97 Modem
AiO_Scan
AiOSoftware
Archiveur WinRAR
ArcSoft PhotoStudio 2000
ATI - Utilitaire de désinstallation du logiciel
ATI Display Driver
AutoUpdate
avast! Antivirus
AVG Anti-Spyware 7.5
Broadcom 802.11 Wireless LAN Adapter
BufferChm
Compaq Presario r4000 User Guides
Compatibility Pack for the 2007 Office system
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB883667
Correctif Windows XP - KB884575
Correctif Windows XP - KB885250
Correctif Windows XP - KB885464
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885855
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888113
Correctif Windows XP - KB888239
Correctif Windows XP - KB888302
Correctif Windows XP - KB890047
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB892559
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
DeviceManagementQFolder
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
eMule
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hercules Webcam
Hercules WebCam Station
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Pavillion zv6000 User Guides
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Wireless Assistant 1.01 B2
HP_User_Guides_0005
HPProductAssistant
IncrediMail Xe
InterVideo WinDVD
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Kaspersky Online Scanner
Lecteur Windows Media 11
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 French Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937143)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920342)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB925720)
Mise à jour pour Windows XP (KB925876)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NewCopy
Outil de mise à jour Google
Panneau de contrôle ATI
ProductContext
Quick Launch Buttons 5.10 B5
QuickTime
Readme
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Scan
ScannerCopy
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
Spyware Doctor 5.1
Status
Texas Instruments PCIxx21/x515 drivers.
Texas Instruments PCIxx21/x515 drivers.
TIxx21
TIxx21
TrayApp
Unload
UserGuides
Visual C++ CRT 8.0
Voice Tracer
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation
Windows Workflow Foundation FR Language Pack
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm Pro



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 88EA-237E

Répertoire de C:\Program Files

08/12/2007 22:54 <REP> .
08/12/2007 22:54 <REP> ..
04/09/2007 11:55 <REP> ACW
23/08/2007 18:25 <REP> Add Remove Pro
17/08/2007 09:50 <REP> Adobe
07/09/2007 16:52 <REP> Alice
16/09/2007 11:44 <REP> Alwil Software
16/08/2007 22:50 <REP> Analog Devices
17/08/2007 23:21 <REP> Apoint2K
17/08/2007 09:56 <REP> ArcSoft
16/08/2007 23:03 <REP> ATI Technologies
16/08/2007 13:19 <REP> ComPlus Applications
16/08/2007 18:24 <REP> CPQ
05/12/2007 19:25 <REP> DivX
08/12/2007 23:15 <REP> eMule
08/12/2007 00:35 <REP> Fichiers communs
07/12/2007 23:07 <REP> Google
08/12/2007 17:41 <REP> Grisoft
06/09/2007 17:01 <REP> Hercules
16/08/2007 14:30 <REP> Hewlett-Packard
07/10/2007 10:21 <REP> Hp
06/09/2007 11:40 <REP> HPQ
30/09/2007 12:02 <REP> IncrediMail
06/09/2007 13:09 <REP> Intel
10/10/2007 08:47 <REP> Internet Explorer
06/09/2007 11:42 <REP> InterVideo
20/08/2007 11:36 <REP> IPA93
06/09/2007 11:59 <REP> iPod
06/09/2007 11:59 <REP> iTunes
13/10/2007 12:31 <REP> Java
16/08/2007 14:34 <REP> Messenger
17/08/2007 00:49 <REP> Messenger Plus! Live
16/08/2007 13:23 <REP> microsoft frontpage
07/11/2007 16:24 <REP> Microsoft Office
16/08/2007 22:34 <REP> Microsoft.NET
16/08/2007 13:20 <REP> Movie Maker
17/08/2007 22:21 <REP> MSBuild
07/11/2007 16:23 <REP> MSECache
16/08/2007 13:17 <REP> MSN
16/08/2007 13:18 <REP> MSN Gaming Zone
17/08/2007 00:49 <REP> MSN Messenger
08/10/2007 08:23 <REP> MSXML 4.0
17/08/2007 23:02 <REP> MSXML 6.0
16/08/2007 13:20 <REP> NetMeeting
06/09/2007 16:36 <REP> Outlook Express
01/10/2007 18:07 <REP> Philips
06/09/2007 12:02 <REP> QuickTime
26/11/2007 00:23 <REP> Real
17/08/2007 22:15 <REP> Reference Assemblies
16/08/2007 13:21 <REP> Services en ligne
16/08/2007 14:40 <REP> Sonic
08/12/2007 01:54 <REP> Spybot - Search & Destroy
09/12/2007 10:35 <REP> Spyware Doctor
16/08/2007 14:32 <REP> Synaptics
17/08/2007 00:49 <REP> Windows Live
06/12/2007 23:31 <REP> Windows Live Safety Center
17/08/2007 22:11 <REP> Windows Media Connect 2
06/09/2007 18:30 <REP> Windows Media Player
16/08/2007 13:18 <REP> Windows NT
22/08/2007 15:31 <REP> WinRAR
16/08/2007 13:23 <REP> xerox
16/08/2007 23:40 <REP> Zone Labs
0 fichier(s) 0 octets
62 Rép(s) 46 609 956 864 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 88EA-237E

Répertoire de C:\Program Files\fichiers communs

08/12/2007 00:35 <REP> .
08/12/2007 00:35 <REP> ..
17/08/2007 09:51 <REP> Adobe
06/09/2007 17:04 <REP> ArcSoft
16/08/2007 22:35 <REP> DESIGNER
07/10/2007 10:15 <REP> Hewlett-Packard
07/10/2007 10:21 <REP> HP
16/08/2007 14:42 <REP> InstallShield
16/08/2007 14:42 <REP> Java
07/11/2007 16:24 <REP> Microsoft Shared
16/08/2007 13:20 <REP> MSSoap
16/08/2007 08:51 <REP> ODBC
26/11/2007 00:25 <REP> Real
16/08/2007 13:20 <REP> Services
16/08/2007 14:39 <REP> Sonic Shared
16/08/2007 08:51 <REP> SpeechEngines
16/08/2007 14:39 <REP> SureThing Shared
17/08/2007 00:11 <REP> Symantec Shared
06/09/2007 16:38 <REP> System
16/08/2007 14:40 <REP> TiVo Shared
26/11/2007 00:25 <REP> xing shared
0 fichier(s) 0 octets
21 Rép(s) 46 609 956 864 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 88EA-237E

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

16/08/2007 22:35 <REP> .
16/08/2007 22:35 <REP> ..
16/08/2007 22:35 <REP> 1033
16/08/2007 22:35 <REP> 1036
11/07/2003 09:15 1 292 872 MSONSEXT.DLL
15/07/2003 05:52 35 896 MSOSV.DLL
03/06/1999 11:09 122 937 MSOWS409.DLL
07/03/2001 06:00 127 033 MSOWS40c.DLL
11/07/2003 01:25 80 448 PKMWS.DLL
5 fichier(s) 1 659 186 octets
4 Rép(s) 46 609 653 760 octets libres


Attention : C:\autorun.inf existe


c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.0.124\French\setup.exe
c:\Documents and Settings\Zando\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Zando\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\E37JRI7R\HiJackThis[1].exe
c:\Documents and Settings\Zando\Mes documents\Administratif\C.COM\INSTALLATEUR.EXE
c:\Documents and Settings\Zando\Mes documents\Administratif\C.COM\Installe\setup.exe
c:\Documents and Settings\Zando\Mes documents\Administratif\Labio Rom\Setup.exe
c:\Documents and Settings\Zando\Mes documents\Administratif\LectFlash (D)\ACRD4FRA.EXE
c:\Documents and Settings\Zando\Mes documents\Administratif\LectFlash (D)\AdbeRdr60_fra_full.exe
c:\Documents and Settings\Zando\Mes documents\Administratif\LectFlash (D)\LectFlash-PC.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 40
zandollydor
 
[CODE]

2007-12-09,12:00:44

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<ccleaner><"C:\Program Files\CCleaner\ccleaner.exe" /AUTO> [N/A]
<IncrediMail><C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c> [IncrediMail, Ltd.]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<eabconfg.cpl><C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe> [Hewlett-Packard Company]
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray> [Analog Devices, Inc.]
<ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<Apoint><C:\Program Files\Apoint2K\Apoint.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)Microsoft Windows XP Publisher]
<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> []
<iTunesHelper><C:\Program Files\iTunes\iTunesHelper.exe> [Apple Computer, Inc.]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<SDTray><"C:\Program Files\Spyware Doctor\SDTrayApp.exe"> [(Verified)PC Tools]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Outil de mise à jour Google]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk --> C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [Google]><N>

==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HP WMI Interface / hpqwmi][Running/Manual Start]
<C:\Program Files\HPQ\shared\hpqwmi.exe><Hewlett-Packard Development Company, L.P.>
[Windows CardSpace / idsvc][Stopped/Manual Start]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[iPod Service / iPodService][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[PC Tools Auxiliary Service / sdAuxService][Running/Auto Start]
<C:\Program Files\Spyware Doctor\svcntaux.exe><PC Tools>
[PC Tools Security Service / sdCoreService][Running/Auto Start]
<C:\Program Files\Spyware Doctor\swdsvc.exe><PC Tools>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

==================================
Drivers
[Service d'installation du pilote audio Intel(r) 82801 (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[PPdus ASPI Shell / Afc][Running/Manual Start]
<system32\drivers\Afc.sys><Arcsoft, Inc.>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
<system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[catchme / catchme][Running/Manual Start]
<\??\C:\DOCUME~1\Zando\LOCALS~1\Temp\catchme.sys><N/A>
[Pilote de carte Intel (R) PRO / E100B][Stopped/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[eabfiltr / eabfiltr][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Company>
[eabusb / eabusb][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Company>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[File Security Driver / IKFileSec][Running/Boot Start]
<\SystemRoot\system32\drivers\ikfilesec.sys><PCTools Research Pty Ltd.>
[System Filter Driver / IKSysFlt][Running/System Start]
<system32\drivers\iksysflt.sys><PCTools Research Pty Ltd.>
[System Security Driver / IKSysSec][Running/System Start]
<system32\drivers\iksyssec.sys><PCTools Research Pty Ltd.>
[MidiSyn / MidiSyn][Stopped/Manual Start]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[MS1000 / MS1000][Stopped/Manual Start]
<System32\DRIVERS\MS1000.sys><N/A>
[Pilote de carte réseau Ethernet ou Fast Ethernet Compaq / N100][Stopped/Manual Start]
<system32\DRIVERS\n100325.sys><Compaq Computer Corporation>
[Webcam Deluxe / ovt530][Stopped/Manual Start]
<System32\Drivers\ov530vid.sys><OmniVision Technologies, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
<system32\drivers\senfilt.sys><Sensaura>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[srescan / srescan][Running/Boot Start]
<\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[SymEvent / SymEvent][Stopped/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><N/A>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20040824.002\symidsco.sys><N/A>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[vsdatant / vsdatant][Running/System Start]
<System32\vsdatant.sys><Zone Labs, LLC>
[Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP / w29n51][Running/Manual Start]
<system32\DRIVERS\w29n51.sys><Intel® Corporation>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Data Collection Control]
{0742B9EF-8C83-41CA-BFBA-830A59E23533} <C:\WINDOWS\Downloaded Program Files\MSDcode.dll, Microsoft Corp>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Facebook Photo Uploader 4 Control]
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, The Facebook>
[Facebook Photo Uploader Control]
{5F8469B4-B055-49DD-83F7-62B522420ECC} <C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx, The Facebook>
[HpProductDetection Class]
{6B75345B-AA36-438A-BBE6-4078B4C6984D} <C:\Program Files\HP\Common\HPDeviceDetection.dll, Hewlett-Packard>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Get_ActiveX Control]
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} <C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX, Netopsystems AG>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[Microsoft Data Collection Control]
{0742B9EF-8C83-41CA-BFBA-830A59E23533} <C:\WINDOWS\Downloaded Program Files\MSDcode.dll, Microsoft Corp>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[DeviceEnum Class]
{54BE6B6F-3056-470B-97E1-BB92E051B6C4} <C:\Program Files\HP\Common\HPDeviceDetection.dll, Hewlett-Packard>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Facebook Photo Uploader 4 Control]
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, The Facebook>
[Facebook Photo Uploader Control]
{5F8469B4-B055-49DD-83F7-62B522420ECC} <C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx, The Facebook>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[DivXBrowserPlugin Object]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[HpProductDetection Class]
{6B75345B-AA36-438A-BBE6-4078B4C6984D} <C:\Program Files\HP\Common\HPDeviceDetection.dll, Hewlett-Packard>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{98A3C275-4A81-4F1E-8494-BD84A88F662D} <C:\WINDOWS\system32\iouplxte.dll, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Get_ActiveX Control]
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} <C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX, Netopsystems AG>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
{CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Google Updater Class]
{D6A5A215-FBF3-45E5-ABF8-22FF50916184} <C:\Program Files\Google\Google Updater\2.2.969.23408\ci.dll, Google>
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, >
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\WINDOWS\system32\QuickTimeCheck.OCX, Apple Computer, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[]
{EF7E41A1-B72D-47E3-9AC9-34C14C545E1B} <C:\WINDOWS\system32\hopuyoke.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 648 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 736 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4118]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 964 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1060 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1152 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1228 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1368 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1540 / Zando][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll] [N/A, ]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 404 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 844 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.003]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)]
[PID: 1516 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1140 / SYSTEM][C:\Program Files\Spyware Doctor\svcntaux.exe] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\rtl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 1292 / SYSTEM][C:\Program Files\Spyware Doctor\swdsvc.exe] [PC Tools, 5.0.5.23]
[C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\rtl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035]
[C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4]
[C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1]
[C:\Program Files\Spyware Doctor\commhlpr.dll] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\RegHelper.dll] [PC Tools, 5.0.5.1]
[C:\Program Files\Spyware Doctor\inethlpr.dll] [PC Tools, 5.0.5.1]
[C:\Program Files\Spyware Doctor\filehlpr.dll] [PC Tools, 5.0.5.21]
[C:\Program Files\Spyware Doctor\sdcore.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Spyware Doctor\FileStorage.sdp] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\Settings.sdp] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\IDBLib.sdp] [PC Tools, 5.0.5.1]
[C:\Program Files\Spyware Doctor\SDInfo.sdp] [PC Tools, 5.0.5.8]
[C:\Program Files\Spyware Doctor\SDExtra.sdp] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\PCTWSC.dll] [PC Tools, 1, 0, 0, 7]
[C:\Program Files\Spyware Doctor\Immunizer.sdp] [PC Tools, 5.0.5.4]
[C:\Program Files\Spyware Doctor\Localizer.sdp] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\NfyMan.sdp] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\quarantine.sdp] [PC Tools, 5.0.5.1]
[C:\Program Files\Spyware Doctor\BH.dll] [PC Tools, 5.0.5.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Spyware Doctor\RebootManager.sdp] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\scaneng.sdp] [PC Tools, 5.0.5.5]
[C:\Program Files\Spyware Doctor\stasks.sdp] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\SystemMonitor.sdp] [PC Tools, 5.0.5.44]
[C:\Program Files\Spyware Doctor\whitelist.sdp] [PC Tools, 5.0.5.1]
[C:\Program Files\Spyware Doctor\plugins\Browsers.SDP] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\plugins\grfiles.SDP] [PC Tools, 5.0.5.27]
[C:\Program Files\Spyware Doctor\plugins\grregistry.SDP] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3]
[C:\Program Files\Spyware Doctor\SH.dll] [PC Tools, 5.0.5.3]
[C:\Program Files\Spyware Doctor\plugins\Network.SDP] [PC Tools, 5.0.5.12]
[C:\Program Files\Spyware Doctor\plugins\Process.SDP] [PC Tools, 5.0.5.4]
[C:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP] [PC Tools, 5.0.5.0]
[C:\Program Files\Spyware Doctor\plugins\StartUp.SDP] [PC Tools, 5.0.5.2]
[PID: 2052 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2060 / Zando][C:\Program Files\Spyware Doctor\SDTrayApp.exe] [PC Tools, 5.0.5.31]
[C:\Program Files\Spyware Doctor\rtl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035]
[C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4]
[C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1]
[C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3]
[C:\Program Files\Spyware Doctor\cdialogs.dll] [PC Tools, 5.0.5.23]
[C:\Program Files\Spyware Doctor\pwindow.dll] [PC Tools, 5.0.5.2]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2076 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2136 / Zando][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2164 / Zando][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe] [Hewlett-Packard , 5, 1, 1, 2]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL] [Hewlett-Packard , 5, 1, 1, 2]
[C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL] [Hewlett-Packard , 5, 1, 1, 2]
[PID: 2208 / Zando][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2292 / Zando][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] [Hewlett-Packard Company, 1, 1, 1, 3]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2324 / Zando][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 5, 0, 2, 2]
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Devices, Inc., 5, 0, 2, 008]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2488 / Zando][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5160]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5160]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5160]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5160]
[PID: 2612 / Zando][C:\Program Files\Apoint2K\Apoint.exe] [Alps Electric Co., Ltd., 5.5.1.200]
[C:\Program Files\Apoint2K\ApResFR.dll] [Alps Electric Co., Ltd., 5.5.1.13]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.6]
[C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.2.248]
[C:\Program Files\Apoint2K\EzAuto.dll] [Alps Electric Co., Ltd., 4.5.1.83]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Apoint2K\EzLaunch.DLL] [Alps Electric Co., Ltd., 5.5.1.63]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2672 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2904 / Zando][C:\Program Files\Apoint2K\Apntex.exe] [Alps Electric Co., Ltd., 5.5.1.21]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.6]
[C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.2.248]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 3040 / Zando][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.51 2.1.51 03/04/2005 12:01:54]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 3252 / Zando][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 4.7.0.42]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 4.7.0.42]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 4.7.0.42]
[PID: 3268 / Zando][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.4279]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 3324 / Zando][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 3424 / Zando][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[PID: 3432 / Zando][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 4036 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 520 / Zando][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[PID: 1616 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1968 / Zando][C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] [Safer Networking Limited, 1, 5, 0, 9]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Spybot - Search & Destroy\advcheck.dll] [Safer Networking Limited, 1, 5, 3, 0]
[PID: 2172 / Zando][C:\PROGRA~1\INCRED~1\bin\IMApp.exe] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\PROGRA~1\INCRED~1\bin\ImUtilsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\PROGRA~1\INCRED~1\bin\ImNtUtilU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\PROGRA~1\INCRED~1\bin\ImLookU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\IncrediMail\bin\ImAppRU.dll] [, 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\ImComUtlU.dll] [, 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\ImSpoolU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\ImFoldrsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\ImServU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\ImJunkU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\ImNotfyU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\ImParserU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116]
[C:\Program Files\IncrediMail\bin\mimepp.dll] [Hunny Software, Ltd., 7, 0, 0, 0]
[PID: 2508 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 4.7.0.42]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 4.7.0.42]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 4.7.0.42]
[PID: 2868 / SYSTEM][C:\Program Files\HPQ\shared\hpqwmi.exe] [Hewlett-Packard Development Company, L.P., 1, 0, 4, 3]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2872 / Zando][C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.206.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.206.000]
[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll] [Hewlett-Packard Co., 53.0.20.000]
[C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Hp\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0]
[C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0]
[PID: 3176 / Zando][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.969.23408.beta]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Google\Google Updater\2.2.969.23408\ci.dll] [Google, 2.2.969.23408.beta]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858]
[PID: 3380 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 260 / Zando][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0]
[C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0]
[C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[PID: 3680 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[PID: 2888 / Zando][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8]
[C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5]
[C:\Program Files\Java\jre1.6.0_03\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[PID: 2084 / Zando][C:\Program Files\Alwil Software\Avast4\ashSimpl.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\actskin4.ocx] [, 4, 2, 7, 3]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\
0
Réponse 26 / 40
zandollydor
 
Re,

Et voilà, le dernier!

Rapport GenProc 0.72 [1] effectué le 09/12/2007 à 12:06:47,57 - SystemRoot = C:\WINDOWS

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

- combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau


***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "Zando") *****


# Etape 2/

* Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

* Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;


Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
0
Réponse 27 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Je m'absente cet après-midi mais j'examine ceci ce soir.

FillPCA
0
Réponse 28 / 40
zandollydor
 
D'accord, merci. Bonne après-midi.
0
Réponse 29 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

2/ * Peux-tu tester ceci : C:\WINDOWS\system32\drivers\MS1000.sys
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

FillPCA
0
zandollydor
 
Re,
La bonne nouvelle c'est qu'Avast ne détecte plus rien. Mais le ralentissement est notoire alors je comprends pas. J'effectue une défragmentation pour voir.
Voici les résultats du rapport :

File ms1000.sys received on 11.22.2007 12:43:19 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.11.22.1 2007.11.22 -
AntiVir 7.6.0.34 2007.11.22 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.21 -
AVG 7.5.0.503 2007.11.21 -
BitDefender 7.2 2007.11.22 -
CAT-QuickHeal 9.00 2007.11.22 -
ClamAV 0.91.2 2007.11.22 -
DrWeb 4.44.0.09170 2007.11.22 -
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5316 2007.11.22 -
Ewido 4.0 2007.11.21 -
FileAdvisor 1 2007.11.22 -
Fortinet 3.14.0.0 2007.11.22 -
F-Prot 4.4.2.54 2007.11.22 -
F-Secure 6.70.13030.0 2007.11.22 -
Ikarus T3.1.1.12 2007.11.22 -
Kaspersky 7.0.0.125 2007.11.21 -
McAfee 5168 2007.11.21 -
Microsoft 1.3007 2007.11.22 -
NOD32v2 2677 2007.11.22 -
Norman 5.80.02 2007.11.21 -
Panda 9.0.0.4 2007.11.22 -
Prevx1 V2 2007.11.22 -
Rising 20.19.31.00 2007.11.22 -
Sophos 4.23.0 2007.11.22 -
Sunbelt 2.2.907.0 2007.11.22 -
Symantec 10 2007.11.22 -
TheHacker 6.2.9.136 2007.11.21 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.21 -
Webwasher-Gateway 6.0.1 2007.11.22 -
Additional information
File size: 5376 bytes
MD5: fbbb1a51eb6e43b40144a05932766d6c
SHA1: d1815dd1360fef55104e7c463d588fc1a6e6fd65
0
Réponse 30 / 40
zandollydor
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\E37JRI7R\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 31 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ * Imprime ceci.
* Télécharge Brute Force Uninstaller (de Merijn).
* Créé un nouveau dossier directement sur le C:\ et nomme-le BFU.
* Décompresse le fichier téléchargé dans ce nouveau dossier au moyen d'un clic droit (Extraire vers...C:\BFU).
* Ouvre le bloc-note de windows.
* Copie-colle ces lignes dans la fenêtre du bloc-note :

OptionUnloadShell

RegDeleKey HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b6ff 6c-6675-11dc-a791-001500393860}

FileDelete %SYSDIR%\rtstv.bak2
FileDelete %SYSDIR%\rtstv.bak1
FileDelete %SYSDIR%\rtstv.ini
FileDelete E:\setupSNK.exe

SystemEmptyTempFolder
SystemEmptyInternetCache
SystemEmptyRecycleBin

* Enregistre le fichier sur le bureau en fix.txt
* Fais un clic droit sur ce fichier, choisis Renommer et dans la case, indique le nom fix.BFU.
* Déplace-le dans le même dossier que Brute Force Uninstaller soit dans c:\BFU
* Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : fix.bfu et BFU.exe (très important).
* Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 (ou F5); tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
* Configure BFU comme ceci :
http://img160.imageshack.us/img160/5732/bfuyg7.jpg
* Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : fix.bfu.
* Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\fix.bfu
* Clique sur Execute et laisse-le faire son travail.
* Attendre que Complete script execution apparaîsse et clique sur OK.
* Clique sur save et enregistre le rapport sur le bureau : rapport.txt
* Clique Exit pour fermer le programme BFU.
* Redémarre normalement ton PC et édite le contenu de rapport.txt dans ta prochaine réponse.

2/ Désactive ton antivirus.

3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Panda
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

4/ Ré-active ton antivirus et édite le rapport Panda avec un nouveau rapport Hijackthis.

FillPCA
0
zandollydor
 
Bonjour,
Je viens de lire votre post. J'essaie les manipulations en rentrant ce soir.
Bonne journée.
Zando.
0
zandollydor
 
Bonsoir,
Je viens de terminer l'étape 1. Voici les résultats, le scan panda est en cours....

BFU v1.10.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 17:45:35, on 10/12/2007

Option Unload Explorer: Yes
Warning: unknown command 'RegDeleKey HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b6ff 6c-6675-11dc-a791-001500393860}' on line #3
Failed: FileDelete C:\DOCUME~1\Zando\LOCALS~1\Temp\~DFB4AA.tmp (operation failed)
Script completed.

A tout à l'heure.
0
Réponse 32 / 40
zandollydor
 
Re,
Voici le rapport Panda,

Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zando\Cookies\zando@247realmedia[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Zando\Cookies\zando@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Zando\Cookies\zando@adviva[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Zando\Cookies\zando@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Zando\Cookies\zando@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Zando\Cookies\zando@doubleclick[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Zando\Cookies\zando@serving-sys[2].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Zando\Cookies\zando@smartadserver[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Zando\Cookies\zando@tribalfusion[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Zando\Cookies\zando@weborama[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Zando\Cookies\zando@xiti[1].txt
0
Réponse 33 / 40
zandollydor
 
Re,
19:21 10/12/2007Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\HIR7SD2S\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 34 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Pour moi, le rapport est propre et il n'y a plus d'infection. As-tu toujours des ennuis ?

On pourra éventuellement supprimer des entrées inutiles au démarrage si le pc est lent.

FillPCA
0
zandollydor
 
Bonjour,
Ce ralentissement est très probablement lié à une mauvaise gestion de ma part... Ce serait abuser de votre gentillesse si j'acceptais que vous m'éclairiez?
J'ajouterai ce soir un post sur le site que vous m'aviez conseillez pour "dénonceré le trojan.
Merci bonne journée.
Zando
0
Réponse 35 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Salut,
Il y a des entrées inutiles qui ralentissent le pc.

1/ * Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

2/ Dézippe Hijackthis dans un répertoire dédié comme c:\HJT

3/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

Clique sur fix/réparer.

Bon surf !

FillPCA
0
Réponse 36 / 40
Meggy
 
Bonjour, je suis moi aussi infectée par le cheval de Troie Win32:BHO-JK

Je viens de faire une analyse avec hijack mais c'est pour moi du chinois.
Quelqu'un pourrait-il m'aider à résoudre ce problème?
Je ne suis pas un as en informatique. Merci d'être clair dans votre aide.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:56:05, on 12/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\INCRED~1\BIN\IMAPP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CLAVELIERES\Mes documents\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Basic\Search Bar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S7F.tmp" /EF "HKLM"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .aiff: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .ivr: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} - http://www.easyclick.com/ie/pc/tf1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} - https://www.nordnet.com/securite
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {91285EE6-F2ED-11D4-B38C-0050BAE63BA3} (Mediaphora Agent) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} -
O16 - DPF: {FF690DE1-27F6-11D4-91BD-0048546A1450} (acx_install Class) - http://download.oreka.com/installer/httpload.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
0
Réponse 37 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Salut,

Il faut que tu crées ton propre sujet. Celui-ci est résolu.

FillPCA
0
Zandollydor
 
Bonsoir,
Merci de tous les conseils prodigué et du temps que vous m'avez accordée.
J'ai dispensé les "derniers soins" à mon pc.
Comme vous dites : "Bon surf"!
Zando
0
Réponse 38 / 40
aachrys
 
j ai reussit a detruire le trojan bho!!!!voici la page ou j ai ecrit 3 articles qui expliquent le cheminement jusqu a la fin j ai gagné ainsi jvous fait part de mon combat et vious souhaite bonne chance a tous!!! http://www.commentcamarche.net/forum/affich 3969523 infection par win32 bho df
0
Réponse 39 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

Pour info, l'appellation trojan BHO ne veut pas dire grand-chose. Les BHO sont des lignes qui apparaissent en 02 dans Hijackthis. Les infections peuvent être de type Vundo/Virtumonde comme c'était le cas ici. Ca peut aussi être du Delf, et là, malwarebyte's n'y peut pas grand-chose.
Les infection smitfraud peuvent aussi insérer des 02.

Bonne journée.

FillPCA
0
Réponse 40 / 40
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

Un bonjour ou une formule de politesse sont toujours appréciables, ainsi que quelques mots d'explications pour donner des précisions sur l'origine du problème...
D'autre part, la règle veut qu'on crée un nouveau sujet en cas de problème plutôt que d'insérer sa demande dans une autre déjà formulée.

Le fichier hosts a été modifié ce qui semble montrer une infection, peut-être de type Brontok, mais je ne fais plus de désinfection sur ce forum.

Crée ton propre sujet en respectant quelques règles élémentaires de courtoisie, et je suis sûr qu'un helpeur se fera un plaisir de t'apporter une assistance.

FillPCA
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses