Problème ! Window System 32

Réponse 21 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

re

je crois que tu n'as pas compris ce que je t'ai demandé, tu me remets ce que je t'ai écrit.

Tu n'as pas fait les manips avec hijackthis ? fixer les lignes et ensuite avec the avenger ?

Réponse 22 / 128

Sweet Devil

Et bien oui, bon je vais recommancer...

Réponse 23 / 128

Sweet Devil

Ok, j'ai revue ce que tu as écrit, et maitenant je n'ais plus rien à cocher, sauf un que j'ai due oublier, (le premier) sinon mes deux rapport sont en 21.

Est-ce que c'est correct ?

(maitenant je vais cocher celui que j'avais oublié et faire Fix)

Réponse 24 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

je crois que tu t'emmêles les pinceaux. QU'as tu fait avec la manip que je t'ai donné the avenger ?

as tu un rapport à me poster ou non ?

je remets la manip ici

* lance hiajckthis "do a system scan only" puis coche :

F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O2 - BHO: (no name) - {036C7917-26A1-48F9-AF95-7EAB7A139815} - (no file)
O2 - BHO: (no name) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: (no name) - {428B4950-16E5-4B66-A15A-BDFF47987B2F} - (no file)
O2 - BHO: (no name) - {457CD76E-394E-4140-A8C6-DA071658C8A5} - (no file)
O2 - BHO: (no name) - {6F6E975E-A2D8-4ABB-BBED-D98082BBB5CB} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {D0C3B9AB-6707-4A19-BCBA-04B148954E36} - (no file)
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\nnnnolk.dll
O2 - BHO: (no name) - {FD629340-DAC0-4BA0-83E2-5EA6121A4E0A} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: nnnnolk - C:\WINDOWS\SYSTEM32\nnnnolk.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)

* toutes applications fermées et HORS CONNEXION, clique sur FIX CHECKED

Puis

* Copie les lignes de la citation suivante, d'un trait :

Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs

Registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnolk
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzzd32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{036C7917-26A1-48F9-AF95-7EAB7A139815}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{428B4950-16E5-4B66-A15A-BDFF47987B2F}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{457CD76E-394E-4140-A8C6-DA071658C8A5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6E975E-A2D8-4ABB-BBED-D98082BBB5CB}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C3B9AB-6707-4A19-BCBA-04B148954E36}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD629340-DAC0-4BA0-83E2-5EA6121A4E0A}

Files to delete:
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\SYSTEM32\nnnnolk.dll
C:\WINDOWS\system32\pmkhh.exe

--> Clic droit / "copier"

Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".

* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)

* Télécharge à présent The Avenger
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc

après le redémarrage :

* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.
ainsi qu'un nouveau Log HijackThis

Réponse 25 / 128

Sweet Devil

Bien en faite je l'avais poté, voilà ''C:\avenger.txt''

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jnywtdlk

*******************

Script file located at: \??\C:\ixqnjxon.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wowfx.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\nnnnolk.dll deleted successfully.
File C:\WINDOWS\system32\pmkhh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnolk deleted successfully.
Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzzd32 deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{036C7917-26A1-48F9-AF95-7EAB7A139815} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{428B4950-16E5-4B66-A15A-BDFF47987B2F} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{457CD76E-394E-4140-A8C6-DA071658C8A5} deleted successfully.

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6E975E-A2D8-4ABB-BBED-D98082BBB5CB} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6E975E-A2D8-4ABB-BBED-D98082BBB5CB} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C3B9AB-6707-4A19-BCBA-04B148954E36} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD629340-DAC0-4BA0-83E2-5EA6121A4E0A} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

--------

Le log Hijack This :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30, on 2007-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Réponse 26 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

le rapport hijackthis date de 18h30

j'en voudrais un tout frais stp
relance hijackthis et poste un nouveau rapport

Réponse 27 / 128

Sweet Devil

Voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37, on 2007-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Réponse 28 / 128

Sweet Devil

Oh, et bien il était frais, c'est seulement que chez moi il est 18:38, heure du Canada =)

Réponse 29 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

ah ok, je ne savais pas

je regarde alors

Réponse 30 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

relance hijackthis "do a system scan only" puis coche ces lignes :

F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

toutes applications fermées et hors connexion, clique sur fix checked

reposte de suite après un nouveau rapport hijackthis

Réponse 31 / 128

Sweet Devil

Les messages ne s'affichent plus, par contre j'ai essayé 3 fois et je coche F3... et après avoir faites le rapport il est toujours là :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48, on 2007-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Réponse 32 / 128

Sweet Devil

Les messages ne s'affichent plus, par contre j'ai essayé 3 fois et je coche F3... et après avoir faites le rapport il est toujours là :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48, on 2007-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Réponse 33 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

alors on va réessayer combo autrement

tu vas renommer combo.exe en CF.exe

essaye ensuite de le relancer comme ceci :

IMPORTANT

*désactive ton antivirus, antispyware, et spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis

* Double clique combofix.exe.

* Tape sur la touche Y (Yes) pour démarrer le scan.

* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

je crois qu'il faudra ensuite continuer demain il commence à être tard, à force je ne vois plus rien

si jamais combo ne veut rien savoir

redémarre en mode sans échec et essaye de fixer cette ligne
F3

tu redémarres ensuite et tu repostes un nouveau rapport hijackthis

Réponse 34 / 128

Sweet Devil

Ok, je fais sa tantôt, je vais souper ;)

Réponse 35 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

bon appétit, moi c'est "dodo"
à demain

Réponse 36 / 128

Sweet Devil

Merci, bonne nuit aussi.

Voici le log de ComboFix, qui a marché.

ComboFix 07-12-21.4 - HP_Administrateur 2007-12-29 19:12:20.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.577 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrateur\Bureau\CF.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Ilbfejyj
C:\Program Files\Ilbfejyj\uiccdgun.dll
C:\Program Files\Pjagcdci
C:\Program Files\Pjagcdci\ndkyosqw.dll
C:\Program Files\qxmxctiz
C:\Program Files\qxmxctiz\utahuxmt.dll
C:\Program Files\vahorkhk
C:\Program Files\vahorkhk\zirqvyjg.dll
C:\Program Files\Ztgylkqg
C:\Program Files\Ztgylkqg\gkorjffk.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\pmkhh.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.

2007-12-29 19:19 . 2007-12-29 19:19 344,576 --------- C:\WINDOWS\system32\pmkhh.dll
2007-12-29 18:48 . 2007-12-29 18:48 348,160 --a------ C:\WINDOWS\system32\RCX15.tmp
2007-12-29 18:23 . 2007-12-29 19:20 348,160 --a------ C:\WINDOWS\system32\pmkhh.exe
2007-12-29 17:30 . 2007-12-29 17:30 348,160 --a------ C:\WINDOWS\system32\RCX18.tmp
2007-12-29 16:05 . 2007-12-29 16:05 348,160 --a------ C:\WINDOWS\system32\RCX17.tmp
2007-12-29 15:19 . 2007-12-29 15:19 348,160 --a------ C:\WINDOWS\system32\RCX12.tmp
2007-12-29 13:32 . 2007-12-29 13:32 348,160 --a------ C:\WINDOWS\system32\RCX564.tmp
2007-12-29 13:12 . 2007-12-29 13:12 348,160 --a------ C:\WINDOWS\system32\RCX282.tmp
2007-12-29 13:00 . 2007-12-29 13:00 348,160 --a------ C:\WINDOWS\system32\RCX11.tmp
2007-12-29 12:55 . 2007-12-29 13:02 <REP> d-------- C:\Documents and Settings\HP_Administrateur\amsn
2007-12-29 11:29 . 2007-12-29 11:29 <REP> d-------- C:\Documents and Settings\HP_Administrateur\LimeWire Store Purchased
2007-12-29 11:03 . 2007-12-29 11:03 <REP> d-------- C:\VundoFix Backups
2007-12-29 10:54 . 2007-12-29 10:54 <REP> d-------- C:\Program Files\Trend Micro
2007-12-28 22:31 . 2007-12-29 10:09 <REP> d-------- C:\Program Files\MKVtoolnix
2007-12-28 22:26 . 2007-12-29 10:10 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-28 22:23 . 2007-12-28 22:28 <REP> d-------- C:\Program Files\Ripp-it_AM
2007-12-28 22:19 . 2007-12-28 22:19 0 --a------ C:\output.avi
2007-12-28 22:17 . 2007-12-29 10:10 <REP> d-------- C:\Program Files\Matroska Playback Pack
2007-12-28 20:55 . 2007-12-28 20:55 <REP> d-------- C:\Documents and Settings\Kristina\LimeWire Store Purchased
2007-12-28 20:51 . 2007-12-28 20:51 <REP> d-------- C:\Program Files\LimeWire
2007-12-28 17:34 . 2007-12-28 17:34 348,160 --a------ C:\WINDOWS\system32\RCXE.tmp
2007-12-28 17:27 . 2004-01-31 20:02 393,216 --a------ C:\WINDOWS\system32\LameACM.acm
2007-12-28 17:27 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-28 17:27 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-12-28 17:27 . 2004-01-31 20:02 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-28 17:26 . 2007-12-28 17:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-28 17:26 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-28 17:26 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-28 17:26 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2007-12-28 17:26 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-28 17:26 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-12-28 17:26 . 2004-01-25 11:18 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-28 17:26 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-28 17:26 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-28 16:52 . 2007-12-28 16:52 348,160 --a------ C:\WINDOWS\system32\RCX462.tmp
2007-12-28 16:18 . 2007-12-28 22:39 <REP> d-------- C:\Program Files\WinXMedia
2007-12-28 15:23 . 2007-12-28 15:23 <REP> d-------- C:\Program Files\Bonjour
2007-12-28 15:10 . 2007-12-28 15:10 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-12-28 15:05 . 2007-12-28 15:05 348,160 --a------ C:\WINDOWS\system32\RCX2A.tmp
2007-12-28 13:03 . 2007-12-28 13:03 348,160 --a------ C:\WINDOWS\system32\RCXD.tmp
2007-12-28 12:09 . 2007-12-28 12:09 348,160 --a------ C:\WINDOWS\system32\RCX26.tmp
2007-12-28 10:48 . 2007-12-29 10:20 53,760 --a------ C:\WINDOWS\keygen.exe
2007-12-27 19:49 . 2007-12-27 19:49 348,160 --a------ C:\WINDOWS\system32\RCX25.tmp
2007-12-27 13:28 . 2007-12-27 13:28 348,160 --a------ C:\WINDOWS\system32\RCX32BA.tmp
2007-12-27 12:02 . 2007-12-27 12:02 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-12-27 11:06 . 2007-12-27 11:06 <REP> d-------- C:\WINDOWS\system32\Futuremark
2007-12-27 11:06 . 2007-12-27 11:06 <REP> d-------- C:\Program Files\Futuremark
2007-12-27 11:06 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-27 11:06 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2007-12-27 11:06 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-12-27 11:06 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-12-27 10:30 . 2007-12-27 10:30 <REP> d-------- C:\Program Files\SystemRequirementsLab
2007-12-27 10:30 . 2007-12-27 10:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-27 10:23 . 2007-12-27 10:23 <REP> d-------- C:\Program Files\Sony Setup
2007-12-27 08:40 . 2007-12-27 08:40 348,160 --a------ C:\WINDOWS\system32\RCX10.tmp
2007-12-26 17:11 . 2007-12-28 16:52 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-26 14:37 . 2007-12-26 14:37 348,160 --a------ C:\WINDOWS\system32\RCX20.tmp
2007-12-26 14:34 . 2007-12-27 19:33 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-26 14:30 . 2007-12-26 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-26 10:05 . 2007-12-26 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Bell
2007-12-26 10:04 . 2007-12-26 10:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Druide
2007-12-26 09:55 . 2007-12-26 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 16:46 . 2007-12-25 16:46 <REP> d-------- C:\Temp
2007-12-25 16:34 . 2002-07-16 21:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-12-25 16:34 . 2002-07-16 20:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-25 16:20 . 2007-12-25 16:20 <REP> d-------- C:\WINDOWS\ppqvmpqr
2007-12-25 16:20 . 2007-12-25 16:48 1,283,174 --a------ C:\Install
2007-12-25 16:20 . 2007-12-25 16:20 208,896 --a------ C:\WINDOWS\system32\ndaTqsVqrX.dll
2007-12-25 15:58 . 2007-12-25 15:58 <REP> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2007-12-25 15:50 . 2007-12-25 15:50 <REP> d-------- C:\Program Files\DivX_311alpha
2007-12-25 14:26 . 2007-12-25 14:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-25 14:15 . 2007-12-25 14:15 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\CyberLink
2007-12-25 14:02 . 2007-12-25 14:02 <REP> d-------- C:\Program Files\CD_DVD-ROM Generator 2.00
2007-12-25 13:55 . 2007-12-25 13:55 <REP> d-------- C:\Program Files\Dummy File Creator
2007-12-25 11:41 . 2007-12-26 21:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Azureus
2007-12-25 11:41 . 2007-12-25 11:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-25 11:39 . 2007-12-25 11:40 <REP> d-------- C:\Program Files\Azureus
2007-12-25 11:34 . 2007-12-25 11:34 <REP> d-------- C:\test
2007-12-25 02:42 . 2007-12-25 02:42 <REP> d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-12-25 02:41 . 2007-12-27 10:24 <REP> d-------- C:\Program Files\Sony
2007-12-22 22:53 . 2007-12-22 22:59 <REP> d-------- C:\Program Files\Internet Download Manager
2007-12-22 21:28 . 2007-12-22 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-22 21:27 . 2007-12-22 21:27 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-22 21:27 . 2007-12-22 21:27 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-22 21:27 . 2007-12-22 21:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-21 21:47 . 2007-12-21 21:47 <REP> d-------- C:\Program Files\aMSN
2007-12-17 10:18 . 2007-12-17 10:18 <REP> d-------- C:\Program Files\abrViewer.NET
2007-12-17 09:53 . 2007-12-17 14:51 <REP> d-------- C:\Documents and Settings\Kristina\.gimp-2.4
2007-12-17 09:42 . 2007-12-17 09:49 <REP> d-------- C:\Program Files\Paint.NET
2007-12-13 17:48 . 2007-12-13 17:48 <REP> d-------- C:\Program Files\Viewpoint
2007-12-13 17:48 . 2007-12-15 11:47 <REP> d-------- C:\Program Files\Fichiers communs\AOL
2007-12-13 17:48 . 2007-12-13 17:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-13 17:48 . 2007-12-13 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-13 17:48 . 2007-12-15 11:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-12-13 17:48 . 2007-12-13 17:48 441 --ah----- C:\IPH.PH
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-02 18:20 . 2007-12-02 18:20 1,043,439 --a------ C:\WINDOWS\Nintendo Zelda.scr
2007-12-02 18:20 . 2007-12-02 18:21 12 --a------ C:\WINDOWS\screenmx.ini
2007-12-02 17:47 . 2007-12-02 17:48 <REP> d-------- C:\WINDOWS\system32\The Legend of Zelda Phantom Hourglass dir

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 00:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 21:08 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2007-12-29 18:10 --------- d-----w C:\Program Files\QuickTime
2007-12-29 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-28 20:44 --------- d-----w C:\Program Files\DivX
2007-12-28 20:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-27 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 22:11 523,264 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2007-12-26 15:38 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2007-12-25 07:40 --------- d-----w C:\Program Files\Common Files
2007-12-23 17:30 --------- d-----w C:\Program Files\Google
2007-12-22 18:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-17 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-15 19:05 --------- d-----w C:\Program Files\Styler
2007-12-02 22:47 520,192 ----a-w C:\WINDOWS\system32\The Legend of Zelda Phantom Hourglass.scr
2007-12-02 03:13 --------- d-----w C:\Program Files\EA GAMES
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-18 23:41 --------- d-----w C:\Program Files\Yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 00:32 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-01 23:30 --------- d-----w C:\Program Files\Alwil Software
2007-11-01 23:19 --------- d-----w C:\Program Files\Symantec
2007-11-01 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-31 02:30 --------- d-----w C:\Program Files\Druide
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-19 22:36 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-19 22:36 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-09 01:27 494,989 ----a-w C:\WINDOWS\The Legend of Zelda Screensaver.scr
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-07-20 15:52 1,727 ----a-w C:\Program Files\INSTALL.LOG
2007-07-19 22:52 174 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2007-07-23 01:15 8 --sh--r C:\WINDOWS\system32\[u]0[/u]E53E5E06B.sys
2007-07-22 03:01 56 --sh--r C:\WINDOWS\system32\6BE0E5530E.sys
2007-07-23 01:16 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{036C7917-26A1-48F9-AF95-7EAB7A139815}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{188E09DC-2205-44CE-ABE9-136CB7705E5F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2920634A-75F3-48C5-84EE-57A07CFB4909}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{428B4950-16E5-4B66-A15A-BDFF47987B2F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{457CD76E-394E-4140-A8C6-DA071658C8A5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0C3B9AB-6707-4A19-BCBA-04B148954E36}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5EC8C80-CC07-4CAE-96D3-A723BC635317}]
2007-12-29 19:19 344576 --------- C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD629340-DAC0-4BA0-83E2-5EA6121A4E0A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2007-12-28 16:51]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 16:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"slide.exe"="c:\program files\slide\slide.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-28 16:52]
"CrypticDisk"="C:\Program Files\Cryptic Disk\CrypticDisk.exe" []
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-12-28 16:52]
"Gestionnaire Antidote .exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote .exe" [2007-12-29 19:20]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-12-28 16:52]
"Gestionnaire Antidote .exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote .exe" [2007-12-29 19:20]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-12-28 16:36]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-28 16:36]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\RPS.exe" []
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-12-29 19:20]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-28 16:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnolk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\pmkhh.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^autorun.exe]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^findfast.exe]
path=C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^Styler.lnk]
path=C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-04-13 08:05 90112 --a------ c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 19:34 64512 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]
2007-12-28 16:52 987136 --a------ C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE REBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-18 12:36 28672 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnodcvcl]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\mnodcvcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-04-01 20:00 1953792 --------- C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwjefitg]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\nwjefitg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2007-12-28 16:51 429568 --a------ C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]
C:\WINDOWS\system32\printer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qxmxctiz]
rundll32.exe C:\Program Files\qxmxctiz\utahuxmt.dll,Init

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-22 21:14 237568 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 01:23 663552 --a------ C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 19:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-28 16:51 444928 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-10-25 09:25]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-10-25 09:27]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-10-25 09:25]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-10-25 09:26]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-23 07:35]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-10-25 09:27]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-15 18:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69463808-326e-11db-9173-a37dfb3081bd}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{55F06C68-50DF-B6DF-9F2A-1A9748CC34BE}]
C:\WINDOWS\system32: .exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 19:20:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\hhkmp.ini 319 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\pmkhh.dll
.
Completion time: 2007-12-29 19:22:16 - machine was rebooted [Kristina]
.
2007-12-13 03:24:55 --- E O F ---

Réponse 37 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

bonjour,

il reste encore du boulot. Me faudrait un nouveau rapport hijackthis stp

et ceci :

Télécharge System Repair Engineer - SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
(clic droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

Réponse 38 / 128

Sweet Devil

Bonjour, pas de problème, voilà :

[CODE]

2007-12-30,10:24:31

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<ccleaner><"C:\Program Files\CCleaner\CCleaner.exe" /AUTO> [(Verified)Piriform Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\system32\pmkhh.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<egui><"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice> []
<SSA.exe><"C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{55F06C68-50DF-B6DF-9F2A-1A9748CC34BE}]
<N/A><C:\WINDOWS\system32: .exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<AlwaysReady Power Message APP><; ARPWRMSG.EXE> [(Verified)Microsoft Windows Publisher]
<avp><; C:\WINDOWS\avp.exe> [N/A]
<ccApp><; "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DMAScheduler><; "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"> [Sonic Solutions]
<ehTray><; C:\WINDOWS\ehome\ehtray.exe> [(Verified)Microsoft Windows Publisher]
<Emurayden PSX Emulator><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<ftutil2><; rundll32.exe ftutil2.dll,SetWriteCacheMode> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Gestionnaire Antidote.exe><; C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Development Company, L.P.]
<HPBootOp><; "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run> [Hewlett-Packard Company]
<IcoSet><; c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon> [N/A]
<IS CfgWiz><; c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"> [N/A]
<ISUSPM Startup><; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [N/A]
<ISUSScheduler><; "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start> [N/A]
<Microsoft Works Update Detection><; C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe> [Microsoft® Corporation]
<mnodcvcl><; regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mnodcvcl.dll"> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<NBJ><; "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"> [Ahead Software AG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><; nwiz.exe /install> []
<nwjefitg><; regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nwjefitg.dll"> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<OM_Monitor><; C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PCDrProfiler><; "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r> []
<Printer><; C:\WINDOWS\system32\printer.exe> [N/A]
<QuickTime Task><; "C:\Program Files\QuickTime\QTTask.exe" -atboottime> []
<qxmxctiz><; rundll32.exe "C:\Program Files\qxmxctiz\utahuxmt.dll",Init> [N/A]
<Recguard><; C:\WINDOWS\SMINST\RECGUARD.EXE> []
<Reminder><; "C:\Windows\Creator\Remind_XP.exe"> [SoftThinks]
<SSA.exe><; "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN> []
<SSC_UserPrompt><; c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe> [N/A]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe> [Sun Microsystems, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<swg><; C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]

==================================
Startup Folders
N/A

==================================
Services
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler][Stopped/Disabled]
<"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"><Symantec Corporation>
[Boonty Games / Boonty Games][Stopped/Disabled]
<"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"><BOONTY>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
<"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><N/A>
[Eset Service / ekrn][Running/Auto Start]
<"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
<"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[LiveUpdate / LiveUpdate][Stopped/Disabled]
<"C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE"><Symantec Corporation>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Stopped/Disabled]
<"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll><N/A>
[MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"><Sony Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"><>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"><Sony Corporation>
[Viewpoint Manager Service / Viewpoint Manager Service][Running/Auto Start]
<"C:\Program Files\Viewpoint\Common\ViewpointService.exe"><Viewpoint Corporation>
[a-squared Free Service / a2free][Running/Auto Start]
<C:\Program Files\a-squared Free\a2service.exe><Emsi Software GmbH>

==================================
Drivers
[Pilote de processeur AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[Aspi32 / Aspi32][Running/Auto Start]
<System32\drivers\aspi32.sys><Adaptec>
[Promise driver accelerator / bb-run][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\Kristina\LOCALS~1\Temp\catchme.sys><N/A>
[Dynamic Virus Protection / CSS DVP][Running/Auto Start]
<system32\DRIVERS\css-dvp.sys><Authentium, Inc.>
[eamon / eamon][Running/Auto Start]
<system32\DRIVERS\eamon.sys><Eset>
[easdrv / easdrv][Running/System Start]
<system32\DRIVERS\easdrv.sys><ESET>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[Speedstream Ethernet USB Adapter / ENETHUSB][Stopped/Manual Start]
<system32\DRIVERS\enethusb.sys><Efficient Networks, Inc.>
[ENTECH / ENTECH][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[epfwtdir / epfwtdir][Running/System Start]
<system32\DRIVERS\epfwtdir.sys><N/A>
[ftsata2 / ftsata2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ftsata2.sys><Promise Technology, Inc.>
[Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[HSXHWBS2 / HSXHWBS2][Running/Manual Start]
<system32\DRIVERS\HSXHWBS2.sys><Conexant Systems, Inc.>
[HSX_DP / HSX_DP][Running/Manual Start]
<system32\DRIVERS\HSX_DP.sys><Conexant Systems, Inc.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Pilote de processeur Intel / intelppm][Stopped/System Start]
<system32\DRIVERS\intelppm.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MRENDIS5 NDIS Protocol Driver / MRENDIS5][Stopped/Manual Start]
<\??\c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS><Motive, Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[VSO Software pcouffin / pcouffin][Stopped/Manual Start]
<System32\Drivers\pcouffin.sys><VSO Software>
[Ps2 / Ps2][Running/Manual Start]
<system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Symantec Network Security Intermediate Filter Service / SymIM][Stopped/Manual Start]
<system32\DRIVERS\SymIM.sys><N/A>
[SymIMMP / SymIMMP][Stopped/Manual Start]
<system32\DRIVERS\SymIM.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[winachsx / winachsx][Running/Manual Start]
<system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[MEMSWEEP2 / MEMSWEEP2][Running/Manual Start]
<\??\C:\WINDOWS\system32\43C.tmp><N/A>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[]
{395C50C1-9311-42D1-8FB6-D1A76418B07B} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[]
{4777A01C-B8B1-4B7B-BED7-7FF4EC0C4318} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Barre de recherche Encarta]
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} <c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL, Microsoft Corporation>
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Aide à la connexion]
{E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Correcteur]
{F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} <, N/A>
[Dictionnaires]
{F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} <, N/A>
[Guides]
{FA089E36-3F1B-4c51-9A1A-C4E7012483AF} <, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[]
{1B6E2011-3764-4C7F-899A-29A85E202D85} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[]
{31E8B377-5C55-4835-A881-EF021BCF17AC} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[]
{395C50C1-9311-42D1-8FB6-D1A76418B07B} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[]
{4777A01C-B8B1-4B7B-BED7-7FF4EC0C4318} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[]
{972F3CCB-B7B3-4560-A39E-3424152FB688} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Helper Class]
{BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
[]
{C14B68DA-96E3-484E-8A75-FADAD18A9B22} <C:\WINDOWS\system32\pmkhh.dll, N/A>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[StylerToolBar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} <C:\Program Files\Styler\TB\StylerTB.dll, StyleFantasist>
[Google Updater Class]
{D6A5A215-FBF3-45E5-ABF8-22FF50916184} <C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll, Google>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Runclose Control]
{F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\System32\RUNCLOSE.OCX, Hewlett-Packard Company>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>

==================================
Running Processes
[PID: 672 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 988 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1172 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 1228 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1340 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1596 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.005]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 6.01.00.009]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\hpz3l054.dll] [Hewlett-Packard Company, 60.054.45.00]
[C:\WINDOWS\system32\pdfcmnnt.dll] [N/A, ]
[C:\WINDOWS\system32\virport.dll] [N/A, ]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll] [Hewlett-Packard Corporation, 60.054.45.00]
[PID: 1716 / SYSTEM][C:\WINDOWS\arservice.exe] [Microsoft, 6.0.0160.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1788 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 1800 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 1820 / SYSTEM][C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe] [ESET, 3.0.551 ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll] [ESET, 3.0.551 ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll] [ESET, 3.0.551 ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll] [ESET, 3.0.551 ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll] [ESET, 3.0.551 ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll] [ESET, 3.0.551 ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll] [ESET, 3.0.551 ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll] [ESET, 3.0.551 ]
[PID: 1860 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
[PID: 1928 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.105.1]
[C:\Program Files\Fichiers communs\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.105.1]
[C:\Program Files\Fichiers communs\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.105.1]
[PID: 2016 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8208]
[PID: 328 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe] [HP, 10, 1, 1, 5]
[PID: 508 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpowiax2.dll] [Hewlett-Packard, 7.0.0.177]
[PID: 588 / SYSTEM][C:\Program Files\Viewpoint\Common\ViewpointService.exe] [Viewpoint Corporation, 2, 0, 0, 54]
[PID: 716 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 1268 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1644 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2328 / HP_Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\pmkhh.dll] [N/A, ]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8]
[C:\PROGRA~1\IZArc\IZArcCM.dll] [N/A, ]
[C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll] [ESET, 3.0.551 ]
[C:\Program Files\Axon Data\AxCrypt\1.6.3-1\AxCrypt.dll] [Axantum Software AB, 1, 6, 3, 0]
[C:\Program Files\a-squared Free\a2freecontmenu.dll] [Emsi Software GmbH, 3. 0. 0. 57]
[PID: 2516 / HP_Administrateur][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 2772 / HP_Administrateur][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\pmkhh.dll] [N/A, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 3024 / HP_Administrateur][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\pmkhh.dll] [N/A, ]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll] [Yahoo! Inc., 2006, 10, 26, 1]
[C:\Program Files\Yahoo!\Companion\Installs\cpn0\pubmod.dll] [Yahoo! Inc., 2005, 12, 16, 1]
[C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll] [Yahoo! Inc., 2006.1.25.01]
[PID: 2112 / SYSTEM][C:\Program Files\a-squared Free\a2service.exe] [Emsi Software GmbH, 3.0.0.320]
[C:\Program Files\a-squared Free\a2update.dll] [Emsi Software GmbH, 3.0.0.228]
[C:\Program Files\a-squared Free\engine.dll] [Emsi Software GmbH, 3.0.0.307]
[C:\Program Files\a-squared Free\cabinet.dll] [Microsoft Corporation, 1.00.601.0]
[C:\Program Files\a-squared Free\unrar.dll] [N/A, ]
[PID: 2192 / HP_Administrateur][C:\Program Files\a-squared Free\a2free.exe] [Emsi Software GmbH, 3.0.0.357]
[C:\Program Files\a-squared Free\a2framework.dll] [Emsi Software GmbH, 3.0.0.414]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 3840 / HP_Administrateur][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll] [Yahoo! Inc., 2006, 10, 26, 1]
[C:\WINDOWS\system32\pmkhh.dll] [N/A, ]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2044 / HP_Administrateur][C:\Documents and Settings\HP_Administrateur\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[/CODE]

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25, on 2007-12-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkhh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SSA.exe] ; "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ; ARPWRMSG.EXE
O4 - HKLM\..\Run: [avp] ; C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ccApp] ; "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DMAScheduler] ; "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [ehTray] ; C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Emurayden PSX Emulator] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ftutil2] ; rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HP Software Update] ; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPBootOp] ; "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [IcoSet] ; c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [IS CfgWiz] ; c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] ; C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mnodcvcl] ; regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mnodcvcl.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [nwjefitg] ; regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nwjefitg.dll"
O4 - HKLM\..\Run: [PCDrProfiler] ; "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [Printer] ; C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [qxmxctiz] ; rundll32.exe "C:\Program Files\qxmxctiz\utahuxmt.dll",Init
O4 - HKLM\..\Run: [Recguard] ; C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] ; "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] ; c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] ; C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] ; "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [OM_Monitor] ; C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\PROGRA~1\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Réponse 39 / 128

Sweet Devil

Juste pour te dire que je part, je vais revenir tantôt.

Réponse 40 / 128

philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention 206

bonjour,

je me demande si on va arriver à s'en sortir, il faut que tu fasses ceci :

* Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe le à la racine de C

* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

----

et

Télécharge BTFix 1.017 (de bibi26)
http://cluster1.easy-hebergement.net/

* Décompresse l'archive sur ton Bureau
* Ouvre le dossier BTFix
* Double clique sur BTFix.exe
* Clique sur Rechercher
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

et je voudrais vérifier qq chose aussi :

Télécharge navilog1 (Merci il.mafioso!)

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

* Ensuite double clique sur navilog1.exe pour lancer l'installation.

* Une fois l'installation terminée, le fix s'exécutera automatiquement.

* (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

* Laisse-toi guider. Au menu principal, choisis 1 et valides.

/*\ Ne fais pas le choix 2,3 ou 4 sans notre avis/accord /*\

* Patiente jusqu'au message : *** Analyse terminée le ..... ***

* Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.

* Copie-colle l'intégralité du rapport dans ta prochaine réponse. Referme le Bloc-notes.

* Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

c'est quoi ca

C:\WINDOWS\keygen.exe

Problème ! Window System 32

128 réponses

Votre réponse

Discussions similaires