Supprimer Trojan.Win32.BHO.aboRésolu/Fermé

Question

Bonjour,
 

voila maintenant 3 jours que j'essais de m'en debarasser et rien y fait, je viens de trouver ce "Post" et je m'apercoi que j'ai exactement la meme chose. 

dois-je faire exactement tout pareil que (AERO-D, http://www.commentcamarche.net/forum/affich 4215132 probleme trojan win32 bho abo) ? ou je dois vous afficher le rapport HijackThis et tous reprendre depuis le debut ? 

pouvez-vous m'aider? si quequ'un veux bien s'occuper de mon cas, ce serai extra.

Raptor68 · Answer

Salut !!!
Moi aussi j'ai recu cette jolie saloperie et voila ce que je te conseille :
 - télécharge l'anti-virus Bitdefender pour supprimer le virus
 - télécharge CCleaner pour passer un coup de balai ds ton pc
 - a la rigueur fais une defrag pour tout ranger
 - redemarre ton pc

FillPCA · Answer

Bonsoir,

Pas certain que ça suffise si c'est la même variante. Peux-tu éditer le rapport Hijackthis ?

FillPCA

Raptor68 · Answer

Moi perso j'ai reussi comme sa !!!

FillPCA · Answer

Re,

Tu as eu de la chance je crois car j'en ai nettoyé plusieurs, et ça ne s'est pas toujours fait aussi simplement.

FillPCA

latruff · Answer

ok c'est partis

Logfile of HijackThis v1.99.1
Scan saved at 22:56:49, on 13/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32	p4serv.exe
C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\MES Programes\Anti SPY et espions gator\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {E6986DA5-8FE5-457B-9D36-FF3205B06418} - C:\WINDOWS\System32\cam121.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\office2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.viewpoint.com/...
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - https://www.cartesianinc.com/Products/CPCViewAX/Sdk/CpcViewAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet/static/controls/root.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1178404640347
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5184/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

FillPCA · Answer

Re,

Mmm ! pas fameux.

1/     *  Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
          o afficher les fichiers et dossiers cachés,
          o décocher "masquer les extensions des fichiers dont le type est connu",
          o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

2/     *  Peux-tu tester ceci : C:\WINDOWS\System32\cam121.dll
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

FillPCA

latruff · Answer

MD5: bcf3a381bbe26d9c1ec24bac8b18f567 
Date 2007.12.12 08:11:27 (CET) [+1D] 
Résultats 23/32 
Permalink: resultado.html?11b1428b29a96f456db12125a8138eff 

File cam121.dll received on 12.12.2007 08:11:27 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED 


Result: 23/32 (71.88%)
Loading server information... 
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete. 
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file. 
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated. 
 Compact Print results  
Your file has expired or does not exists. 
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. 
 Email:  
  

Antivirus Version Last Update Result 
AhnLab-V3 - - - 
AntiVir - - TR/BHO.abo.5 
Authentium - - - 
Avast - - - 
AVG - - Generic9.AAUM 
BitDefender - - Trojan.Spy.Bzub.NGP 
CAT-QuickHeal - - Trojan.BHO.abo 
ClamAV - - Trojan.BHO-1130 
DrWeb - - Trojan.DownLoader.37561 
eSafe - - Win32.BHO.abo 
eTrust-Vet - - Win32/Kvol.I 
Ewido - - - 
FileAdvisor - - - 
Fortinet - - W32/BHO.ABO!tr 
F-Prot - - - 
F-Secure - - Trojan.Win32.BHO.abo 
Ikarus - - Trojan-PWS.Win32.Lmir 
Kaspersky - - Trojan.Win32.BHO.abo 
McAfee - - - 
Microsoft - - TrojanSpy:Win32/Bzub.GB.dll 
NOD32v2 - - Win32/BHO.ABO 
Norman - - W32/BHO.ATF 
Panda - - Adware/AVSystemCare 
Prevx1 - - Trojan.DoS.Win32.Opdos 
Rising - - - 
Sophos - - Troj/BHO-EE 
Sunbelt - - - 
Symantec - - Trojan Horse 
TheHacker - - Trojan/BHO.abo 
VBA32 - - Trojan.Win32.BHO.abo 
VirusBuster - - Trojan.BHO.OU 
Webwasher-Gateway - - Trojan.BHO.abo.5 
Additional information 
MD5: bcf3a381bbe26d9c1ec24bac8b18f567

FillPCA · Answer

Re,

1/     *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse avec un nouveau rapport Hijackthis.

2/     *  Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

FillPCA

latruff · Answer

ok je m'en occupe, en tout cas merci de t'en occuper.

aller c'est partis mon kiki, a tout a l'heure.

latruff · Answer

1er rapport :

ComboFix 07-12-12.3 - axel 2007-12-13 23:28:36.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.250 [GMT 1:00]
Running from: C:\Documents and Settings\axel\Bureau\ComboFix.exe
* Created a new restore point
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\sockspy.dll
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

((((((((((((((((((((((((((((( Fichiers créés 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.

2007-12-13 21:37 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur.AXEL\Voisinage réseau
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur.AXEL\Voisinage d'impression
2007-12-13 21:37 . 2005-11-05 05:38 <REP> d--h----- C:\Documents and Settings\Administrateur.AXEL\Modèles
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur.AXEL\Mes documents
2007-12-13 21:37 . 2005-11-05 05:27 <REP> dr------- C:\Documents and Settings\Administrateur.AXEL\Menu Démarrer
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur.AXEL\Favoris
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur.AXEL\Bureau
2007-12-13 13:44 . 2007-12-13 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-13 13:30 . 2007-12-13 13:30 <REP> d-------- C:\kav
2007-12-13 12:16 . 2007-12-13 12:16 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-13 09:53 . 2007-12-13 09:53 <REP> d-------- C:\WINDOWS\McAfee.com
2007-12-13 02:18 . 2007-12-13 02:18 <REP> d-------- C:\Program Files\Alwil Software
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-12 17:11 . 2005-11-05 05:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-12 17:11 . 2005-11-05 05:27 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-12 17:04 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-12 03:53 . 2007-12-12 03:58 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-12-12 03:28 . 2007-12-12 15:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-11 19:38 . 2007-12-11 19:39 39,974,889 --a------ C:\WINDOWS\VPTNFILE.879
2007-12-10 21:11 . 19,456 C:\WINDOWS\system32\drivers\rjaebaxi.dat
2007-12-10 21:10 . 2006-11-08 12:27 84,992 --a------ C:\WINDOWS\system32\cam121.dll
2007-11-24 02:01 . 2007-11-24 02:06 <REP> d-------- C:\Program Files\BoontyGames
2007-11-24 01:43 . 2007-11-24 01:43 <REP> d-------- C:\videooutput
2007-11-24 01:42 . 2007-11-24 01:42 <REP> d-------- C:\Program Files\Smallvideosoft
2007-11-24 01:42 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2007-11-24 01:42 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2007-11-24 01:42 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2007-11-24 00:00 . 2007-11-24 00:09 34,620,950 --a------ C:\MIRAGE-2000.flv.AVI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 22:26 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-12-13 21:01 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-12-12 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 18:39 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-11 18:39 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-11 18:39 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-11 18:39 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-16 22:37 --------- d-----w C:\Documents and Settings\axel\Application Data\Notepad++
2007-10-16 22:29 --------- d-----w C:\Program Files\Notepad++
2007-09-13 01:28 2,062,336 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-01-19 16:23 67,048 ----a-w C:\Documents and Settings\axel\Application Data\GDIPFONTCACHEV1.DAT
2007-01-07 03:43 31 ----a-w C:\Documents and Settings\axel\getfile.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6986DA5-8FE5-457B-9D36-FF3205B06418}]
2006-11-08 12:27 84992 --a------ C:\WINDOWS\System32\cam121.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 19:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 11:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [2002-03-20 03:05 C:\WINDOWS\system32\tp4serv.exe]
"StorageGuard"="C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" [2002-02-28 01:00]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2002-03-26 01:24]
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" []
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2006-09-28 16:31]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2006-10-11 17:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-16 21:10]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-05 10:29]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 19:45]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-06 18:00:56]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-11-05 06:00:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2006-02-06 02:08:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"\\ALAIN-MAISON\EPSON Stylus CX3600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P41 "\\ALAIN-MAISON\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
"Auto EPSON Stylus CX3600 Series sur ALAIN-MAISON"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P48 "Auto EPSON Stylus CX3600 Series sur ALAIN-MAISON" /O25 "\\ALAIN-MAISON\Imprimante" /M "Stylus CX3600"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

R0 xvsjuzvj;xvsjuzvj;C:\WINDOWS\System32\drivers\rjaebaxi.dat
R1 TPPWR;TPPWR;C:\WINDOWS\System32\drivers\Tppwr.sys
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\System32\DRIVERS\tp4track.sys
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\System32\DRIVERS\usb8023.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 CAM1210;USB Video Camera;C:\WINDOWS\System32\Drivers\cam1210.sys
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-13 21:13:44 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\Bmmtask.exe
"2007-12-07 16:23:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 23:30:50
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
Completion time: 2007-12-13 23:32:15

2em :

Logfile of HijackThis v1.99.1
Scan saved at 23:35:17, on 13/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\tp4serv.exe
C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
D:\MES Programes\Anti SPY et espions gator\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {E6986DA5-8FE5-457B-9D36-FF3205B06418} - C:\WINDOWS\System32\cam121.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\office2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.viewpoint.com/...
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - https://www.cartesianinc.com/Products/CPCViewAX/Sdk/CpcViewAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet/static/controls/root.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1178404640347
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5184/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

et 3em:

[CODE]

2007-12-13,23:45:07

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TrackPointSrv><tp4serv.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<StorageGuard><"C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r> [VERITAS Software, Inc.]
<TPTRAY><C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE> [IBM Corp.]
<BMMGAG><RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor> [IBM Corp.]
<LVCOMS><C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<BDMCon><"C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg> [SOFTWIN S.R.L.]
<BDAgent><"C:\Program Files\Softwin\BitDefender10\bdagent.exe"> [SOFTWIN S.R.L.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><sockspy.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl> [N/A]

==================================
Startup Folders
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[DSLMON]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk --> C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe []><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[ZoneAlarm Pro]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ZoneAlarm Pro.lnk --> C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe [Zone Labs Inc.]><N>

==================================
Services
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[BitDefender Scan Server / bdss][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service><N/A>
[Boonty Games / Boonty Games][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"><BOONTY>
[EPSON V3 Service2(03) / EPSON_PM_RPCV2_01][Running/Auto Start]
<C:\WINDOWS\System32\E_S00RP1.EXE><SEIKO EPSON CORPORATION>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
<C:\WINDOWS\System32\ibmpmsvc.exe><>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService][Stopped/Manual Start]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[BitDefender Desktop Update Service / LIVESRV][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service><SOFTWIN S.R.L.>
[TuneUp WinStyler Theme Service / TUWinStylerThemeSvc][Running/Auto Start]
<"C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"><TuneUp Software GmbH>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs Inc.>
[BitDefender Virus Shield / VSSERV][Running/Auto Start]
<"C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service><SOFTWIN S.R.L.>
[Service de numéro de série du lecteur multimédia portable / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
[BitDefender Communicator / XCOMM][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service><Softwin>

==================================
Drivers
[Service d'installation du pilote audio Intel(r) 82801 (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Auto Start]
<System32\Drivers\adildr.sys><Analog Deivces>
[USB ADSL WAN Adapter / adiusbaw][Stopped/Manual Start]
<System32\DRIVERS\adiusbaw.sys><Analog Devices Inc.>
[bdfdll / bdfdll][Running/Manual Start]
<\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFsDrv / BDFsDrv][Running/Manual Start]
<\??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[BDRSDRV / BDRSDRV][Running/Auto Start]
<\??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys><N/A>
[USB Video Camera / CAM1210][Stopped/Manual Start]
<System32\Drivers\cam1210.sys><USB Generic Camera>
[Crystal WDM Audio Codec Driver / cs429x][Running/Manual Start]
<system32\drivers\cwawdm.sys><Cirrus Logic, Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
<\SystemRoot\system32\drivers\drvmcdb.sys><VERITAS Software, Inc.>
[drvnddm / drvnddm][Running/Auto Start]
<system32\drivers\drvnddm.sys><VERITAS Software, Inc.>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
<System32\DRIVERS\ibmpmdrv.sys><Lenovo.>
[LT Modem Driver / ltmodem5][Running/Manual Start]
<System32\DRIVERS\ltmdmnt.sys><LT>
[MRENDIS5 NDIS Protocol Driver / MRENDIS5][Stopped/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS><Motive, Inc.>
[Pilote de périphérique infrarouge NSC / NSCIRDA][Running/Manual Start]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Profos / Profos][Stopped/Manual Start]
<\??\C:\Program Files\Softwin\BitDefender10\profos.sys><N/A>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><VERITAS Software, Inc.>
[Logitech QuickCam Express / QCMerced][Running/Manual Start]
<System32\DRIVERS\LVCM.sys><Logitech Inc.>
[S3SSavage / S3SSavage][Running/Manual Start]
<System32\DRIVERS\s3ssavm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Smapint / Smapint][Running/System Start]
<System32\drivers\Smapint.sys><Microsoft Corporation>
[DualCamera / SQTECH905C][Stopped/Manual Start]
<System32\Drivers\Capt905c.sys><Service & Quality Technology.>
[sscdbhk5 / sscdbhk5][Running/System Start]
<system32\drivers\sscdbhk5.sys><VERITAS Software, Inc.>
[ssrtln / ssrtln][Running/System Start]
<system32\drivers\ssrtln.sys><VERITAS Software, Inc.>
[TDSMAPI / TDSMAPI][Running/System Start]
<System32\Drivers\TDSMAPI.SYS><N/A>
[tfsnboio / tfsnboio][Running/Auto Start]
<system32\dla\tfsnboio.sys><VERITAS Software, Inc.>
[tfsncofs / tfsncofs][Running/Auto Start]
<system32\dla\tfsncofs.sys><VERITAS Software, Inc.>
[tfsndrct / tfsndrct][Running/Auto Start]
<system32\dla\tfsndrct.sys><VERITAS Software, Inc.>
[tfsndres / tfsndres][Running/Auto Start]
<system32\dla\tfsndres.sys><VERITAS Software, Inc.>
[tfsnifs / tfsnifs][Running/Auto Start]
<system32\dla\tfsnifs.sys><VERITAS Software, Inc.>
[tfsnopio / tfsnopio][Running/Auto Start]
<system32\dla\tfsnopio.sys><VERITAS Software, Inc.>
[tfsnpool / tfsnpool][Running/Auto Start]
<system32\dla\tfsnpool.sys><VERITAS Software, Inc.>
[tfsnudf / tfsnudf][Running/Auto Start]
<system32\dla\tfsnudf.sys><VERITAS Software, Inc.>
[tfsnudfa / tfsnudfa][Running/Auto Start]
<system32\dla\tfsnudfa.sys><VERITAS Software, Inc.>
[IBM PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start]
<System32\DRIVERS\tp4track.sys><IBM Corporation>
[TPPWR / TPPWR][Running/System Start]
<System32\drivers\Tppwr.sys><IBM Corp.>
[Trufos / Trufos][Stopped/Manual Start]
<\??\C:\Program Files\Softwin\BitDefender10\trufos.sys><N/A>
[TSMAPIP / TSMAPIP][Running/System Start]
<System32\drivers\TSMAPIP.SYS><N/A>
[Pilote de filtre de TrackPoint IBM PS/2 / TwoTrack][Stopped/Manual Start]
<System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[vsdatant / vsdatant][Running/Auto Start]
<\??\C:\WINDOWS\System32\vsdatant.sys><Zone Labs Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xvsjuzvj / xvsjuzvj][Running/Boot Start]
<\SystemRoot\system32\drivers\rjaebaxi.dat><N/A>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[]
{E6986DA5-8FE5-457B-9D36-FF3205B06418} <C:\WINDOWS\System32\cam121.dll, N/A>
[Java Plug-in 1.5.0_11]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\office2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Rawflow ICD Client]
{029FDBA6-3547-11D7-AA4C-0050BF051A00} <C:\WINDOWS\DOWNLO~1\Rawflow.ocx, RawFlow Ltd>
[CPC View ax Control]
{0F7A9297-7268-11D1-B81A-00A076C01B0A} <C:\WINDOWS\DOWNLO~1\CPCVIE~1.OCX, Cartesian Products, Inc. For more information, visit http://www.cartesianinc.com>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\System32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corp.>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[MUCatalogWebControl Class]
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} <C:\WINDOWS\System32\MicrosoftUpdateCatalogWebControl.dll, Microsoft Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[DivXBrowserPlugin Object]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[WScanCtl Class]
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} <C:\WINDOWS\Downloaded Program Files\webscan.dll, CA>
[Java Plug-in 1.5.0_11]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[Aurigma Image Uploader 3.5 Control]
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} <C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx, Aurigma Inc.>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[a-squared Scanner]
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, Emsi Software GmbH>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll, Sun Microsystems, Inc.>
[PB_Uploader Class]
{CE3409C4-9E26-4F8E-83E4-778498F9E7B4} <C:\WINDOWS\Downloaded Program Files\uploader_uni.ocx, Lateral Arts Limited>
[Zylom Loader Object]
{CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} <C:\WINDOWS\Downloaded Program Files\zylomloader.dll, Zylom Games>
[get_atlcom Class]
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, NOS Microsystems Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
[&Traduire à partir de l'anglais]
<, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[Pages liées]
<, N/A>
[Pages similaires]
<, N/A>
[Recherche &Google]
<, N/A>
[Version de la page actuelle disponible dans le cache Google]
<, N/A>

==================================
Running Processes
[PID: 580 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 812 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 836 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 892 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1072 / SYSTEM][C:\WINDOWS\System32\ibmpmsvc.exe] [, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1104 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1116 / SYSTEM][C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe] [TuneUp Software GmbH, 1.0.0.174]
[C:\Program Files\TuneUp Utilities 2006\rtl60.bpl] [Borland Software Corporation, 6.0.6.241]
[C:\Program Files\TuneUp Utilities 2006\vcl60.bpl] [Borland Software Corporation, 6.0.6.240]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1284 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1572 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1596 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1852 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\WINDOWS\system32\pdfcmnnt.dll] [N/A, ]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
[PID: 2020 / SYSTEM][C:\WINDOWS\System32\E_S00RP1.EXE] [SEIKO EPSON CORPORATION, 2.03]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 128 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[PID: 192 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 616 / SYSTEM][C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe] [Softwin, 1, 8, 11, 0]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 636 / SYSTEM][C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe] [N/A, ]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdcore.dll] [SOFTWIN SRL, 7, 0, 0, 2398]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdsubmit.dll] [SOFTWIN, 1, 0, 0, 143]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\libfn.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\avxdisk.dll] [N/A, ]
[PID: 692 / SYSTEM][C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe] [SOFTWIN S.R.L., 10, 0, 0, 5]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\HTTPGETF.dll] [N/A, ]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\zlib.dll] [, 1.1.3]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\bdch.dll] [SOFTWIN, 1, 0, 0, 266]
[C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\bdsubmit.dll] [SOFTWIN, 1, 0, 0, 143]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 784 / SYSTEM][C:\Program Files\Softwin\BitDefender10\vsserv.exe] [SOFTWIN S.R.L., 10, 0, 0, 40]
[C:\Program Files\Softwin\BitDefender10\zlib.dll] [, 1.1.3]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\procinf.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\mimeinf.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bdch.dll] [SOFTWIN, 1, 0, 0, 266]
[C:\Program Files\Softwin\BitDefender10\bdsubmit.dll] [SOFTWIN, 1, 0, 0, 143]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Softwin\BitDefender10\librtvr.dll] [Softwin SRL, 1, 3, 0, 0]
[C:\Program Files\Softwin\BitDefender10\bdfdll_x86.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\BDUtils.dll] [, 10, 0, 0, 4]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\privscan.dll] [SOFTWIN S.R.L., 10, 0, 0, 4]
[C:\Program Files\Softwin\BitDefender10\quarcore.dll] [SOFTWIN S.R.L., 10, 0, 0, 5]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\as2core.dll] [SOFTWIN S.R.L., 2, 1, 200, 0]
[C:\Program Files\Softwin\BitDefender10\asemlbr.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\asemldsp.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\asemlf.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\asemlimg.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\asemlnn.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\ashttpbr.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\ashttpdsp.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\ashttpf.mdl] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\mimepack.dll] [N/A, ]
[C:\WINDOWS\System32\XRegLib.dll] [N/A, ]
[C:\WINDOWS\System32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\WINDOWS\System32\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\Softwin\BitDefender10\iconv.dll] [Free Software Foundation, 1.9]
[C:\Program Files\Softwin\BitDefender10\asregex.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\sch_serv.dll] [SOFTWIN S.R.L., 10, 0, 0, 11]
[C:\Program Files\Softwin\BitDefender10\txmlx.dll] [Softwin, 1, 0, 0, 1]
[C:\Program Files\Softwin\BitDefender10\libmpack.dll] [BitDefender, 1, 6, 0, 45]
[C:\Program Files\Softwin\BitDefender10\htmlpack.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\Softwin\BitDefender10\bdpop3p.dll] [SOFTWIN S.R.L., 9, 0, 0, 0]
[C:\Program Files\Softwin\BitDefender10\bdsmtpp.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\httproxy.dll] [, 1, 0, 4, 0]
[PID: 1332 / axel][C:\WINDOWS\System32\tp4serv.exe] [IBM Corporation, 3.05]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\WINDOWS\System32\tp4uires.dll] [N/A, ]
[PID: 392 / axel][C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe] [VERITAS Software, Inc., 1.00.90a]
[C:\Program Files\VERITAS Software\StorageGuard\sus.dll] [VERITAS Software, Inc., 1.00.70a"]
[C:\Program Files\VERITAS Software\StorageGuard\VXHTTP.dll] [Veritas, 1.00.57a"]
[C:\Program Files\VERITAS Software\StorageGuard\sfcwall31.dll] [VERITAS Software Corporation, 3.10.0.0]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\VERITAS Software\StorageGuard\trayrFRA.dll] [VERITAS Software, Inc., 1.00.13b]
[C:\WINDOWS\System32\VxDMDBtn.OCX] [VERITAS Software, 4, 5, 0, 5]
[C:\Program Files\VERITAS Software\StorageGuard\AniGifDisplay.ocx] [VERITAS Software, Inc., 1.00.89a]
[C:\Program Files\VERITAS Software\StorageGuard\Graph.ocx] [VERITAS Software, Inc., 1.00.89a]
[PID: 372 / axel][C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE] [IBM Corp., 1, 0, 0, 0]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 444 / axel][C:\WINDOWS\System32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0]
[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] [IBM Corp., 1, 0, 0, 0]
[PID: 508 / axel][C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE] [Logitech Inc., 7.3.0.1113]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 264 / axel][C:\Program Files\Softwin\BitDefender10\bdmcon.exe] [SOFTWIN S.R.L., 10, 0, 0, 2]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\procinf.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\TxTools.dll] [SOFTWIN S.R.L, 9, 0, 0, 0]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Softwin\BitDefender10\bdch.dll] [SOFTWIN, 1, 0, 0, 266]
[C:\Program Files\Softwin\BitDefender10\bdsubmit.dll] [SOFTWIN, 1, 0, 0, 143]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Softwin\BitDefender10\bdGUICtl.dll] [Softwin, 2, 2, 0, 4]
[C:\Program Files\Softwin\BitDefender10\txmlx.dll] [Softwin, 1, 0, 0, 1]
[C:\Program Files\Softwin\BitDefender10\BDUtils.dll] [, 10, 0, 0, 4]
[C:\Program Files\Softwin\BitDefender10\NAG.dll] [TODO: <Company name>, 10.0.0.0]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\popup.dll] [SOFTWIN S.R.L., 10, 0, 0, 6]
[C:\Program Files\Softwin\BitDefender10\agentreg.dll] [TODO: <Company name>, 10.0.0.0]
[C:\Program Files\Softwin\BitDefender10\getfile.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bdusers.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\Softwin\BitDefender10\main.dll] [SOFTWIN S.R.L., 10, 0, 0, 2]
[C:\Program Files\Softwin\BitDefender10\antivirus.dll] [SOFTWIN S.R.L., 10, 0, 0, 20]
[C:\Program Files\Softwin\BitDefender10\firewall.dll] [SOFTWIN S.R.L., 10, 0, 0, 44]
[C:\Program Files\Softwin\BitDefender10\Wizards.dll] [SOFTWIN S.R.L., 10, 0, 0, 9]
[C:\Program Files\Softwin\BitDefender10\dbokf.dll] [SOFTWIN, 1.0.0.1]
[C:\Program Files\Softwin\BitDefender10\antispam.dll] [SOFTWIN S.R.L, 10.0.0.1]
[C:\Program Files\Softwin\BitDefender10\antispy.dll] [SOFTWIN S.R.L., 10, 0, 0, 24]
[C:\Program Files\Softwin\BitDefender10\live.dll] [SOFTWIN S.R.L., 10, 0, 0, 9]
[C:\Program Files\Softwin\BitDefender10\vshield.dll] [SOFTWIN S.R.L., 10, 2, 1, 121]
[C:\Program Files\Softwin\BitDefender10\vscan.dll] [SOFTWIN S.R.L., 10, 0, 0, 25]
[C:\Program Files\Softwin\BitDefender10\quar.dll] [SOFTWIN S.R.L., 10, 0, 0, 34]
[C:\Program Files\Softwin\BitDefender10\quarcore.dll] [SOFTWIN S.R.L., 10, 0, 0, 5]
[C:\Program Files\Softwin\BitDefender10\bwlist.dll] [SOFTWIN S.R.L., 10.0.0.0]
[C:\Program Files\Softwin\BitDefender10\UnicoWS.dll] [Microsoft Corporation, 1.0.4018.0]
[C:\Program Files\Softwin\BitDefender10\ashield.dll] [SOFTWIN S.R.L., 10, 2, 0, 87]
[C:\Program Files\Softwin\BitDefender10\privintf.dll] [SOFTWIN S.R.L., 10, 0, 0, 17]
[C:\Program Files\Softwin\BitDefender10\sysinfo.dll] [SOFTWIN S.R.L., 10, 0, 0, 1041]
[C:\Program Files\Softwin\BitDefender10\bdoe.dll] [SOFTWIN S.R.L., 10, 0, 0, 0]
[PID: 548 / axel][C:\Program Files\Softwin\BitDefender10\bdagent.exe] [SOFTWIN S.R.L., 10, 0, 0, 4]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\bdch.dll] [SOFTWIN, 1, 0, 0, 266]
[C:\Program Files\Softwin\BitDefender10\bdsubmit.dll] [SOFTWIN, 1, 0, 0, 143]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Softwin\BitDefender10\BDUtils.dll] [, 10, 0, 0, 4]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bdoe.dll] [SOFTWIN S.R.L., 10, 0, 0, 0]
[PID: 756 / axel][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3427]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[PID: 1096 / axel][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bdoe.dll] [SOFTWIN S.R.L., 10, 0, 0, 0]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\BDUtils.dll] [, 10, 0, 0, 4]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 1520 / axel][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 1128, 5462]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_fr.dll] [Google Inc., 1, 2, 1128, 5462]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll] [Google Inc., 1, 2, 1128, 5462]
[PID: 2168 / axel][C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\SAGEM\SAGEM F@st 800-840\Languages\French.dll] [, 1, 0, 0, 1]
[PID: 4492 / axel][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
[C:\Program Files\Softwin\BitDefender10\bdoe.dll] [SOFTWIN S.R.L., 10, 0, 0, 0]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\BDUtils.dll] [, 10, 0, 0, 4]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\PowerArchiver\PASHLEXT.DLL] [ConeXware, Inc., 8.7.0.0]
[C:\Program Files\TuneUp Utilities 2006\sdshelex.dll] [TuneUp Software GmbH, 1.0.0.250]
[C:\Program Files\TuneUp Utilities 2006\rtl60.bpl] [Borland Software Corporation, 6.0.6.241]
[C:\Program Files\TuneUp Utilities 2006\vcl60.bpl] [Borland Software Corporation, 6.0.6.240]
[C:\Program Files\Notepad++\nppcm.dll] [Burgaud.com, 1.2.1]
[C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll] [Visicom Media Inc., 3.6.2.0]
[C:\Program Files\Softwin\BitDefender10\bdshelxt.dll] [, 1, 0, 0, 2]
[C:\Program Files\Fichiers communs\Adobe\Shell\PSICON.DLL] [, ]
[PID: 5100 / axel][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bdoe.dll] [SOFTWIN S.R.L., 10, 0, 0, 0]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\BDUtils.dll] [, 10, 0, 0, 4]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.110.3]
[C:\WINDOWS\System32\cam121.dll] [N/A, ]
[C:\Program Files\Microsoft Office\office2\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[PID: 2632 / axel][C:\Documents and Settings\axel\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\System32\sockspy.dll] [N/A, ]
[C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll] [N/A, ]
[C:\Program Files\Softwin\BitDefender10\bdoe.dll] [SOFTWIN S.R.L., 10, 0, 0, 0]
[C:\WINDOWS\System32\XCOMM.dll] [Softwin, 1, 8, 12, 0]
[C:\Program Files\Softwin\BitDefender10\BDUtils.dll] [, 10, 0, 0, 4]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Documents and Settings\axel\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================

latruff · Answer

j'ai aussi un autre probleme qui (je pense est lier) 

lorsuque j'ouvre une page internet 1 fois sur 2 ca m'ouvre une autre page que celle que j'ai voulut " https://www.aircorsica.com/ ou une autre mais j'ai pas le temps de fair un copier coller de l'adresse.

FillPCA · Answer

Re,

    *  Sélectionne le texte suivant :

Driver::
xvsjuzvj

Registry::
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6986DA5-8FE5-457B-9D36-FF3205B06418}]

File::
C:\WINDOWS\System32\cam121.dll
C:\WINDOWS\System32\drivers\rjaebaxi.dat

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite aussi un rapport Hijackthis avec le rapport Combofix.

FillPCA

latruff · Answer

ComboFix 07-12-12.3 - axel 2007-12-14 0:00:46.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.208 [GMT 1:00]
Running from: C:\Documents and Settings\axel\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\axel\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\System32\cam121.dll
C:\WINDOWS\System32\drivers\rjaebaxi.dat
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\sockspy.dll
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\System32\cam121.dll
C:\WINDOWS\System32\drivers\rjaebaxi.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_XVSJUZVJ
-------\xvsjuzvj

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.

2007-12-13 21:37 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur.AXEL\Voisinage r‚seau
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur.AXEL\Voisinage d'impression
2007-12-13 21:37 . 2005-11-05 05:38 <REP> d--h----- C:\Documents and Settings\Administrateur.AXEL\ModŠles
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur.AXEL\Mes documents
2007-12-13 21:37 . 2005-11-05 05:27 <REP> dr------- C:\Documents and Settings\Administrateur.AXEL\Menu D‚marrer
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur.AXEL\Favoris
2007-12-13 21:37 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur.AXEL\Bureau
2007-12-13 13:44 . 2007-12-13 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-13 13:30 . 2007-12-13 13:30 <REP> d-------- C:\kav
2007-12-13 12:16 . 2007-12-13 12:16 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-13 09:53 . 2007-12-13 09:53 <REP> d-------- C:\WINDOWS\McAfee.com
2007-12-13 02:18 . 2007-12-13 02:18 <REP> d-------- C:\Program Files\Alwil Software
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-12 17:11 . 2005-11-05 05:38 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-12 17:11 . 2005-11-05 05:27 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-12 17:11 . 2005-11-05 05:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-12 17:04 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-12 03:53 . 2007-12-12 03:58 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-12-12 03:28 . 2007-12-12 15:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-11 19:38 . 2007-12-11 19:39 39,974,889 --a------ C:\WINDOWS\VPTNFILE.879
2007-11-24 02:01 . 2007-11-24 02:06 <REP> d-------- C:\Program Files\BoontyGames
2007-11-24 01:43 . 2007-11-24 01:43 <REP> d-------- C:\videooutput
2007-11-24 01:42 . 2007-11-24 01:42 <REP> d-------- C:\Program Files\Smallvideosoft
2007-11-24 01:42 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2007-11-24 01:42 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2007-11-24 01:42 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2007-11-24 00:00 . 2007-11-24 00:09 34,620,950 --a------ C:\MIRAGE-2000.flv.AVI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 22:59 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-12-12 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 18:39 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-11 18:39 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-11 18:39 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-11 18:39 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-16 22:37 --------- d-----w C:\Documents and Settings\axel\Application Data\Notepad++
2007-10-16 22:29 --------- d-----w C:\Program Files\Notepad++
2007-01-19 16:23 67,048 ----a-w C:\Documents and Settings\axel\Application Data\GDIPFONTCACHEV1.DAT
2007-01-07 03:43 31 ----a-w C:\Documents and Settings\axel\getfile.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-13_23.30.58,72 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 19:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 11:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [2002-03-20 03:05 C:\WINDOWS\system32\tp4serv.exe]
"StorageGuard"="C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" [2002-02-28 01:00]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2002-03-26 01:24]
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" []
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2006-09-28 16:31]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2006-10-11 17:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-16 21:10]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-05 10:29]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 19:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"\\ALAIN-MAISON\EPSON Stylus CX3600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P41 "\\ALAIN-MAISON\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
"Auto EPSON Stylus CX3600 Series sur ALAIN-MAISON"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P48 "Auto EPSON Stylus CX3600 Series sur ALAIN-MAISON" /O25 "\\ALAIN-MAISON\Imprimante" /M "Stylus CX3600"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

R1 TPPWR;TPPWR;C:\WINDOWS\System32\drivers\Tppwr.sys
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\System32\DRIVERS\tp4track.sys
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\System32\DRIVERS\usb8023.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 CAM1210;USB Video Camera;C:\WINDOWS\System32\Drivers\cam1210.sys
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-13 21:13:44 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\Bmmtask.exe
"2007-12-07 16:23:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 00:07:22
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 0:08:05 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-13 23:32

et :

Logfile of HijackThis v1.99.1
Scan saved at 00:10:38, on 14/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\tp4serv.exe
C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
D:\MES Programes\Anti SPY et espions gator\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\office2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.viewpoint.com/...
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - https://www.cartesianinc.com/Products/CPCViewAX/Sdk/CpcViewAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet/static/controls/root.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1178404640347
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5184/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

FillPCA · Answer

Re,

Bien joué !

1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

3/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

Edite le rapport AVGantispyware et le rapport Kaspersky.

A demain.

FillPCA

latruff · Answer

ok merci a demain

latruff · Answer

dans Ccleanner je selectionne quoi ?

latruff · Answer

salut,

j'espere que tu a la forme car mon ordi cest pas encore le cas.

voici les 2 rapport:



---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	01:59:54 14/12/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\axel\Cookies\axel@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\axel\Cookies\axel@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
D:\MES Programes\AUTRES\MORPH31E.EXE -> Worm.Brontok.a : Nettoyé.


Fin du rapport


et le scn KAPERSKY



Friday, December 14, 2007 7:45:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/12/2007
Kaspersky Anti-Virus database records: 451449
 
 
Scan Settings 
Scan using the following antivirus database standard 
Scan Archives true 
Scan Mail Bases true 
 
Scan Target My Computer 
C:\
D:\
E:\  
 
Scan Statistics 
Total number of scanned objects 63045 
Number of viruses found 3 
Number of infected objects 4 
Number of suspicious objects 0 
Duration of the scan process 02:15:10 

Infected Object Name Virus Name Last Action 
C:\Documents and Settings\axel\Application Data\Bitdefender\Desktop\Profiles\asdict.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\axel\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel\Local Settings\Historique\History.IE5\MSHist012007121420071215\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel\Local Settings\Temp\Perflib_Perfdata_128.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel
tuser.dat  Object is locked  skipped  
 
C:\Documents and Settings\axel
tuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService
tuser.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService
tuser.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  Object is locked  skipped  
 
C:\Program Files\Softwin\BitDefender10\aspdict.dat  Object is locked  skipped  
 
C:\qoobox\Quarantine\C\WINDOWS\system32\driversjaebaxi.dat.vir  Object is locked  skipped  
 
C:\qoobox\Quarantine\catchme2007-12-14_ 00713.11.zip/cam121.dll  Infected: Trojan.Win32.BHO.abo  skipped  
 
C:\qoobox\Quarantine\catchme2007-12-14_ 00713.11.zip/rjaebaxi.dat  Infected: Rootkit.Win32.Agent.ql  skipped  
 
C:\qoobox\Quarantine\catchme2007-12-14_ 00713.11.zip  ZIP: infected - 2  skipped  
 
C:\System Volume Information\MountPointManagerRemoteDatabase  Object is locked  skipped  
 
C:\System Volume Information\_restore{B21EC8B2-37DB-4FFD-B99E-29D428CE91D0}\RP3\A0007152.exe  Infected: Trojan-Downloader.Win32.Small.gxp  skipped  
 
C:\System Volume Information\_restore{B21EC8B2-37DB-4FFD-B99E-29D428CE91D0}\RP7\change.log  Object is locked  skipped  
 
C:\WINDOWS\Debug\oakley.log  Object is locked  skipped  
 
C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs\AXEL.ldb  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs\IAMDB.RDB  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs	vDebug.log  Object is locked  skipped  
 
C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped  
 
C:\WINDOWS\Sti_Trace.log  Object is locked  skipped  
 
C:\WINDOWS\system32\bdss.log  Object is locked  skipped  
 
C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\default  Object is locked  skipped  
 
C:\WINDOWS\system32\config\default.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SAM  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\software  Object is locked  skipped  
 
C:\WINDOWS\system32\config\software.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\system  Object is locked  skipped  
 
C:\WINDOWS\system32\config\system.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat  Object is locked  skipped  
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\WINDOWS\system32\h323log.txt  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked  skipped  
 
C:\WINDOWS\Temp	mp000050c1	mp00000000  Object is locked  skipped  
 
C:\WINDOWS\Temp\ZLT050c1.TMP  Object is locked  skipped  
 
C:\WINDOWS\wiadebug.log  Object is locked  skipped  
 
C:\WINDOWS\wiaservc.log  Object is locked  skipped  
 
D:\System Volume Information\MountPointManagerRemoteDatabase  Object is locked  skipped  
 
D:\System Volume Information\_restore{B21EC8B2-37DB-4FFD-B99E-29D428CE91D0}\RP7\change.log  Object is locked  skipped  
 
Scan process completed.

FillPCA · Answer

Salut,

Ce n'est pas si mal. Les infections trouvées se trouvent dans la quarantaine de combofix.

1/  *  Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

2/ Tu dois désactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur appliquer>OK.
Décoche cette case, clique sur "appliquer">OK et redémarre le PC.

Comment le pc se porte-t-il ?

FillPCA

latruff · Answer

alors,

l'ordi me parait plus leger (en tout cas plus rapide, comme s'il avait retrouver ca vitesse d'origine que je n'ai pas connu....loool).
ensuite, la corbeille est pleinne de progreammes (comme tu l'as dit) mais tout ce qui est sur le bureau est rester, je les enleverai a la main.

pour l'instant on va dire que tout va bien en apparence, le probleme de page internet qui me donne pas la bonne adresse, on dirrai que ca a disparu aussi.

j'essai encore quelque manipe pour voir si tout fonctionne et je te tien au courrant d'ici la fin de journée.

pour la corbeille, je la vide ?

AVG je le garde ou pas ? (je dirrai que oui mais j'attend t'as confirmation)

voila.

FillPCA · Answer

Re,

1/ Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
2/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
Tu peux par contre, garder AVG Antispyware et CCleaner.
3/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois  ouvrir une session Administrateur sous Windows XP. 
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. 
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs" 
> Appliquer et Ok. Redémarrer l'ordinateur.
4/ Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902 
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp 
5/ Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Ton infection : Delf ***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM 
6/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
7/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

FillPCA

latruff · Answer

ok pour tout ca,

alors, j'ai nettoyer le disuque, vider internet memoy files d'internet explorer, defragmenter et j'ai redemarer.

j'ai observer que le demarrage ce fait un peut plus long que d'habitude, mais je pense que c'est due a AVG sinon le reste a lair de fonctionner comme avant (voir un peu mieux).

encore merci de ton aide, je vais m'occuper d'aller fair ce que m'a dit.

en 4 ans d'internet c'est mon 1er que je n'arrive pas a resoudre (c'est plutot une bonne moyenne loool)

passe un bon WE et merci.

FillPCA · Answer

Re,

Oui, mais cette infection peut être parfois presque impossible à virer. La meilleure protection, c'est la prudence. C'est pas parce qu'on a une ceinture de sécurité et des airbags qu'on peut rouler à 150 km/h en ayant bu 3 L de rouge lol !

En 9 ans d'Internet, pas une infection...

Bon surf !

FillPCA

latruff · Answer

salut,

comment on met (resolut) sur le sujet ?

FillPCA · Answer

Bonjour,

C'est en haut, juste au-dessus du 1er message : modifier le statut de la discussion.

FillPCA

latruff · Answer

bein excuse moi, mais je n'est pas cette phrase,

j'ai le statut, le jour et l'heure avec les 2 icones (discution suivante et une bulle) sur la droite et a gauche le titre du message et mon pseudo.

est ce normal ??

ou je suis pas encore bien reveillé ? loool

FillPCA · Answer

Re,

Je l'ai fait.

FillPCA

bob · Answer

salut les gars
nous avons je pense les même genre de problemes à la seul ,diference que l'informatique et nous ne fait pas bon ménage

Supprimer Trojan.Win32.BHO.abo

27 réponses

Newsletters