PAR PITIE Solution pour supprimer dll infecté

Question

Bonjour concitoyens internautes!

Quelqu'un pourrait-il me venir en aide s'il vous plaît?

Antivirus : AVAST
Système d'exploitation : WINDOWS XP SERVICE PACK 2

Voilà, en fait Avast me signale qu'un de mes fichiers système d'extension .dll est infecté par un cheval de Troie.
Les 3 actions proposées (mettre en quarantaine, supprimer ou renommer) ne fonctionnent pas.
Je me suis donc dit " Allons donc le supprimer à la source!". Seul problème, c'est que je ne peux, car un message m'indique qu'il est protégé ou gnagnagna, on connaît déjà tous le truc... Enfin bref, j'ai cherché des solutions sur le forum, mais unlocker ne me permet toujours pas de le supprimer même au redémarrage,  le fichier .dll n'aparait pas dans le gestionnaire des tâches, le mode sans échec ne me permet toujours pas de l'effacer, la case "lecture seule" n'est pas cochée, et dans les autorisations effectives en mode sans échec pour ce fichier je suis soit disant autorisée à la suppression...

J'aimerais sincèrement que quelqu'un me file un p'tit coup de pouce, s'il vous plaîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîît!

Merci d'avance à celui qui m'aidera.

[en attente d'une réponse...]

kinvara

reto78 · Answer

recupere tes données et formate si unlocker ne veut pas je voi pas comment on peut le supprimer

FillPCA · Answer

Bonjour,

Edite un rapport Hijackthis.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm


Fais un scan et poste l'analyse.

FillPCA

Pascal-du-78 · Answer

Bonsoir, essayez de redémarrer en mode sans echec et allez chercher ce fichier ou faites une analyse anti virus avec avast. 
Généralement les analyse anti virus sont bien plus performante en mode sans echec.

J'espère que cela vous aidera et tenez moi au courant

Amicalement

Pascal

lewis34 · Answer

bonsoir,
essaye çette manip

ctrl+alt+supr
t'affiche les processus tu recherche celui ou ceux qui on le nom de ton fichier
tu les arrete  manuellement (clic droit dessu puis arrter l'arbrescence du processus)

ensuite tu va chercher ton fichier à la source comme tu dis ,mais au lieu de le supprimer tu le renomme en .old

par fichier.dll==>fichier.dll.old
ca c'est au cas ou ca te provoque un pb. tu pourra  le renommer en virant l'extension old
tiens nous au  courant
@+

jalobservateur · Answer

--

S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA) 

Salut !!!!
Lis le post 2 ;-)

lewis34 · Answer

j'ai vu le post 2..^^
ma manip n'a que le mérite d'etre rapide....et au moins tu sais ce que tu vire..
apres rien n'empeche de faire un hitjackis

FillPCA · Answer

Bonjour,

Arrêtons d'épiloguer. Il me faut un rapport Hijackthis.

FillPCA

kinvara · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:39, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Visual Tooltip\VisualToolTip.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell sans fil\PRISMCFG.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Jenny\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2339DDB6-4B01-4A84-9245-9AD0B602D210} - C:\WINDOWS\system32\ATHPRX.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32
sk17.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual Tooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire de carte WLAN sans fil USB 2.0.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\binesources\WebMenuImg.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

FillPCA · Answer

Bonsoir,

1/     *  Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
          o afficher les fichiers et dossiers cachés,
          o décocher "masquer les extensions des fichiers dont le type est connu",
          o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

2/     *  Peux-tu tester ceci : C:\WINDOWS\system32\ATHPRX.dll
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

Edite ce rapport.

FillPCA

kinvara · Answer

est-ce normal ça?! :

0 bytes size received / Se ha recibido un archivo vacio

FillPCA · Answer

Re,

Non. On fait autrement.

# Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

FillPCA

kinvara · Answer

---------------------------------- En attendant que ça se fasse, un grand merci de répondre aussi vite FillPCA--------------------------------------
                                                                          [ En cours de Checking par SDFix]

kinvara · Answer

SDFix: Version 1.125

Run by Jenny on 09/01/2008 at 18:22

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
evwmtjsh

Path:
system32\drivers\lvbuawzi.dat 

evwmtjsh - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service evwmtjsh - Deleted after Reboot

Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\system32\drivers\lvbuawzi.dat - Deleted
C:\WINDOWS\SYSTEM32\ATHPRX.DLL - Deleted
C:\Documents and Settings\Jenny\Local Settings\Temp	mp1F.tmp.exe - Deleted
C:\Documents and Settings\Jenny\Local Settings\Temp	mp27.tmp.exe - Deleted
C:\Documents and Settings\Jenny\Local Settings\Temp	mp2E.tmp.exe - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 18:28:42
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000093
"TracesSuccessful"=dword:00000007

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 27


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue  6 Nov 2007     5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed  3 May 2006       163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007        31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Thu  8 Nov 2007            13 ...H. --- "C:\Documents and Settings\All Users\Application Data\1Þ13.sys"
Tue  6 Nov 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005       616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005        45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Thu  8 Nov 2007        72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006        15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 31 Aug 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue  4 Jun 2002        84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue  4 Jun 2002        44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002        73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002        65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun  9 Jun 2002        36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue  4 Jun 2002        20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002       102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002       176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002       208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002       217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun  9 Jun 2002        40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat  3 Nov 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004       232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderaac.dll"
Sun  9 Jun 2002       525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernco3260.dll"
Tue 10 Dec 2002       245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernlt3260.dll"
Tue 10 Dec 2002        45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv103260.dll"
Tue 10 Dec 2002        98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv203260.dll"
Tue 10 Dec 2002        94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv303260.dll"
Tue 10 Dec 2002        90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv403260.dll"
Tue 10 Dec 2002       102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun  9 Jun 2002        49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder	okr3260.dll"
Mon 26 Nov 2007           444 ...HR --- "C:\Documents and Settings\Jenny\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

FillPCA · Answer

Re,

Il me faut aussi un rapport Hijackthis.

Fais aussi ceci :
    *  Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

FillPCA

kinvara · Answer

[CODE] 2008-01-09,18:47:17 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [IncrediMail, Ltd.] <"C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"> [] [N/A] <"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A] [N/A] <"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background> [Orb Networks] [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Spyware Doctor\SDTrayApp.exe"> [(Verified)PC Tools] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [InstallShield Software Corporation] <"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation] <"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"> [CyberLink Corp.] [Christian Salmon] <"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"> [(Verified)Intel Corporation] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] [Sonic Solutions] [SigmaTel, Inc.] <"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.] [Logitech Inc.] [Logitech Inc.] [Logitech Inc.] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] [(Verified)ALWIL Software] [N/A] [(Verified)"Ulead Systems, Inc."] [N/A] [N/A] <"C:\Program Files\Unlocker\UnlockerAssistant.exe"> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PRISMAPI.DLL] [Conexant Systems, Inc.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== Startup Folders [Logitech Desktop Messenger] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [Logitech Inc.]> [Microsoft Office] C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]> [Outil de mise à jour Google] C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [Google]> [Utilitaire de carte WLAN sans fil USB 2.0] C:\PROGRA~1\DELLSA~1\PRISMCFG.exe [Dell Inc.]> [Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter] C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [ ]> [RocketDock] C:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [N/A]> [StarOffice 8] C:\PROGRA~1\Sun\STAROF~1\program\QUICKS~1.EXE [N/A]> [TransBar] C:\WINDOWS\BRICOP~1\VISTAI~1\TransBar\TransBar.exe [AKSoftware]> [UberIcon] C:\WINDOWS\BRICOP~1\VISTAI~1\UberIcon\UBERIC~1.EXE [N/A]> [Y'z Shadow] C:\WINDOWS\BRICOP~1\VISTAI~1\YzShadow\YzShadow.exe [Y'z@Home]> ================================== Services [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]

[Capture Device Service / Capture Device Service][Running/Auto Start] <"C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe"> [Firebird Server - MAGIX Instance / FirebirdServerMAGIXInstance][Stopped/Manual Start] [Google Updater Service / gusvc][Running/Auto Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start] [PRISMSVC / PRISMSVC][Running/Auto Start] [PC Tools Auxiliary Service / sdAuxService][Running/Auto Start] [PC Tools Security Service / sdCoreService][Running/Auto Start] [Ulead Burning Helper / UleadBurningHelper][Running/Auto Start] [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><> ================================== Drivers [AEGIS Protocol (IEEE 802.1x) v3.4.3.0 / AegisP][Running/Auto Start] [atksgt / atksgt][Running/Auto Start] [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\Jenny\LOCALS~1\Temp\catchme.sys> [DLABOIOM / DLABOIOM][Running/Auto Start] [DLACDBHM / DLACDBHM][Running/System Start] [DLADResN / DLADResN][Running/Auto Start] [DLAIFS_M / DLAIFS_M][Running/Auto Start] [DLAOPIOM / DLAOPIOM][Running/Auto Start] [DLAPoolM / DLAPoolM][Running/Auto Start] [DLARTL_N / DLARTL_N][Running/System Start] [DLAUDFAM / DLAUDFAM][Running/Auto Start] [DLAUDF_M / DLAUDF_M][Running/Auto Start] [driverhardwarev2 / driverhardwarev2][Stopped/Manual Start] <\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys> [drvmcdb / drvmcdb][Running/Boot Start] <\SystemRoot\System32\Drivers\DRVMCDB.SYS> [drvnddm / drvnddm][Running/Auto Start] [Intel(R) PRO/1000 PCI Express Network Connection Driver / e1express][Running/Manual Start] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [ialm / ialm][Running/Manual Start] [Intel RAID Controller / iastor][Running/Boot Start] <\SystemRoot\system32\DRIVERS\iaStor.sys> [File Security Driver / IKFileSec][Running/Boot Start] <\SystemRoot\system32\drivers\ikfilesec.sys> [System Filter Driver / IKSysFlt][Running/System Start] [System Security Driver / IKSysSec][Running/System Start] [lirsgt / lirsgt][Running/Auto Start] [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start] [PCANDIS5 Protocol Driver / PCANDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCANDIS5.SYS> [Volume Adapter / pepifilter][Running/Manual Start] [QuickCam IM(PID_08A0) / PID_08A0][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Secdrv / Secdrv][Stopped/Manual Start] [SAGEM 802.11g XG760 1211 Driver / SG760_XP][Stopped/Manual Start] [SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start] [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] [ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ZDCndis5.SYS> [ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Running/Manual Start] <\??\C:\WINDOWS\system32\ZDPNDIS5.SYS> ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Dcads Search Assistant] {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} [Winamp Toolbar BHO] {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} [VMN Toolbar] {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} [dcads] {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [VMN Toolbar] {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [Winamp Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [SysProWmi Class] {01A88BB1-1174-41EC-ACCB-963509EAE56B} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Dell PC Checkup Installer Control] {E856B973-45FD-4559-8F82-EAB539144667} [SysProWmi Class] {01A88BB1-1174-41EC-ACCB-963509EAE56B} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Dcads Search Assistant] {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [Winamp Toolbar BHO] {25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [VMN Toolbar] {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [dcads] {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [browser optimizer superiorads] {8E015787-B1E3-404A-95DE-3E71E1FA0305} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Dell PC Checkup Installer Control] {E856B973-45FD-4559-8F82-EAB539144667} [Winamp Toolbar] {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [&Add animation to IncrediMail Style Box] [&Winamp Toolbar Search] [E&xporter vers Microsoft Excel] ================================== Running Processes [PID: 604 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 652 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 676 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\PRISMAPI.DLL] [Conexant Systems, Inc., 2.03.17] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 732 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 924 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 992 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1088 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1160 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1300 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1412 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1488 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1852 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1936 / Jenny][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL] [Shedko software, 1.5.0.0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [C:\Program Files\Labtec\Mouse\2.1\MOUDL32A.DLL] [, 3, 0, 2, 0] [C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll] [Sun Microsystems, Inc., 8.0.0.9118] [C:\Program Files\Sun\StarOffice 8\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9180] [C:\Program Files\Sun\StarOffice 8\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sun\StarOffice 8\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120] [C:\Program Files\Sun\StarOffice 8\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [PID: 1944 / Jenny][C:\WINDOWS\system32\PRISMSVR.EXE] [Conexant Systems, Inc., 2.03.17] [C:\WINDOWS\system32\PRISME5.DLL] [Meetinghouse Data Communications, 3, 0, 11, 0] [C:\WINDOWS\system32\PRISMAPI.DLL] [Conexant Systems, Inc., 2.03.17] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 1608 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [C-Dilla Ltd, 4.11.050] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 220 / SYSTEM][C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe] [InterVideo Inc., 1.0.0.1] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 288 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 400 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 444 / SYSTEM][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe] [Intel Corporation, 7.6.0.1011] [C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll] [Intel Corporation, 7.6.0.1011] [C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_FRA.dll] [Intel Corporation, 7.6.0.1011] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 488 / SYSTEM][C:\WINDOWS\system32\PRISMSVC.EXE] [Conexant Systems, Inc., 2.03.17] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 504 / SYSTEM][C:\Program Files\Spyware Doctor\svcntaux.exe] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 872 / SYSTEM][C:\Program Files\Spyware Doctor\swdsvc.exe] [PC Tools, 5.0.5.23] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\commhlpr.dll] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\RegHelper.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\inethlpr.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\filehlpr.dll] [PC Tools, 5.0.5.21] [C:\Program Files\Spyware Doctor\sdcore.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Spyware Doctor\FileStorage.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\Settings.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\IDBLib.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\SDInfo.sdp] [PC Tools, 5.0.5.8] [C:\Program Files\Spyware Doctor\SDExtra.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\PCTWSC.dll] [PC Tools, 1, 0, 0, 7] [C:\Program Files\Spyware Doctor\Immunizer.sdp] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\Localizer.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\NfyMan.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\quarantine.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\BH.dll] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\RebootManager.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\scaneng.sdp] [PC Tools, 5.0.5.5] [C:\Program Files\Spyware Doctor\stasks.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\SystemMonitor.sdp] [PC Tools, 5.0.5.44] [C:\Program Files\Spyware Doctor\whitelist.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\plugins\Browsers.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\plugins\grfiles.SDP] [PC Tools, 5.0.5.27] [C:\Program Files\Spyware Doctor\plugins\grregistry.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\SH.dll] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\plugins\Network.SDP] [PC Tools, 5.0.5.12] [C:\Program Files\Spyware Doctor\plugins\Process.SDP] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\plugins\StartUp.SDP] [PC Tools, 5.0.5.2] [PID: 1052 / Jenny][C:\Program Files\Spyware Doctor\SDTrayApp.exe] [PC Tools, 5.0.5.31] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\cdialogs.dll] [PC Tools, 5.0.5.23] [C:\Program Files\Spyware Doctor\pwindow.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 1064 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\eswia30.dll] [SEIKO EPSON CORP., 1.12] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1128 / SYSTEM][C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 5] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1684 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpmde.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmdrmdev.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Documents and Settings\All Users\DRM\Cache\Indiv01.key] [Microsoft Corporation, 11.0.6000.7000] [C:\WINDOWS\system32\wmdrmnet.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [PID: 2828 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2884 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 3096 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2968 / Jenny][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2992 / Jenny][C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 10, 100, 1155] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 3144 / Jenny][C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe] [CyberLink Corp., 3.00.0000] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 3184 / Jenny][C:\Program Files\Visual Tooltip\VisualToolTip.exe] [Christian Salmon, 2.2.0.0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [C:\Program Files\Labtec\Mouse\2.1\MOUDL32A.DLL] [, 3, 0, 2, 0] [PID: 3232 / Jenny][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] [Intel Corporation, 7.6.0.1011] [C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll] [Intel Corporation, 7.6.0.1011] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_FRA.dll] [Intel Corporation, 7.6.0.1011] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 3248 / Jenny][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 6.14.10.4859] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 3260 / Jenny][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 6.14.10.4859] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 3280 / Jenny][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 6.14.10.4859] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4859] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 3288 / Jenny][C:\Program Files\Labtec\Mouse\2.1\moffice.exe] [, 1, 0, 0, 1] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Labtec\Mouse\2.1\ofmdll.dll] [, 1, 0, 0, 1] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 3304 / Jenny][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 6.14.10.4859] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4859] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 6.14.10.4859] [PID: 3328 / Jenny][C:\WINDOWS\System32\DLA\DLACTRLW.EXE] [Sonic Solutions, 5.20.12a] [C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.12a] [C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.12a] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\VxBlock.dll] [Sonic Solutions, 1.00.83a] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 3340 / Jenny][C:\WINDOWS\stsystra.exe] [SigmaTel, Inc., 1.0.4991.0 nd444 cp1] [C:\WINDOWS\system32\STLang.dll] [SigmaTel, Inc., 1.6.4947.0 nd229 cp1] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\stacapi.dll] [SigmaTel, Inc., 1.0.4991.0 nd444 cp1] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 3372 / Jenny][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 3392 / Jenny][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.020] [C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.6.1012] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [PID: 2116 / Jenny][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.4043] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 3440 / Jenny][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [C:\Program Files\Labtec\Mouse\2.1\MOUDL32A.DLL] [, 3, 0, 2, 0] [PID: 1696 / Jenny][C:\Program Files\Unlocker\UnlockerAssistant.exe] [N/A, ] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [PID: 324 / Jenny][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 1020 / Jenny][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSACM32.dll] [iAvatars.com, 1, 0, 0, 4] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 50, 0, 312] [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ] [C:\Program Files\StuffPlug3\StuffPlug3.dll] [N/A, ] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 50, 0, 312] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\Program Files\Fake Webcam\Vcam.ax] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Labtec\Mouse\2.1\MOUDL32A.DLL] [, 3, 0, 2, 0] [C:\PROGRA~1\BADGES~1.0\SHELL_~1.DLL] [Shedko software, 1.5.0.0] [PID: 3652 / Jenny][C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe] [N/A, ] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Labtec\Mouse\2.1\MOUDL32A.DLL] [, 3, 0, 2, 0] [PID: 3744 / Jenny][C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE] [, 3.0.1.0] [C:\Program Files\Labtec\Mouse\2.1\MOUDL32A.DLL] [, 3, 0, 2, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 3756 / Jenny][C:\Program Files\Winamp Remote\bin\OrbTray.exe] [Orb Networks, 2, 2007, 1022, 1730] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Winamp Remote\bin\LangRes.dll] [Orb Networks, 1, 2007, 1019, 1710] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\Program Files\Winamp Remote\bin\CabDirectory.dll] [Orb Networks, 1, 2007, 313, 1100] [C:\Program Files\Winamp Remote\bin\Cab.dll] [, 1, 2007, 702, 1400] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [C:\Program Files\Winamp Remote\bin\CabClient.dll] [Orb Networks, 2, 2007, 1015, 1630] [C:\Program Files\Winamp Remote\bin\LIBEAY32.dll] [The OpenSSL Project, https://www.openssl.org/ 0.9.8e] [C:\Program Files\Winamp Remote\bin\SSLEAY32.dll] [The OpenSSL Project, https://www.openssl.org/ 0.9.8e] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [C:\Program Files\Winamp Remote\bin\ZLIB1.dll] [, 1.2.3] [PID: 3800 / Jenny][C:\Program Files\Windows Media Player\WMPNSCFG.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\Program Files\Windows Media Player\wmpnssci.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll] [, 1, 9, 0, 0] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll] [N/A, ] [PID: 3868 / Jenny][C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] [Logitech Inc., 2.52.21.16] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\backWeb.dll] [BackWeb Technologies Inc., Version 8.1.1 (Build 50R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\bwsec.dll] [BackWeb Technologies Inc., Version 5.1.1 (Build 50R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll] [N/A, ] [C:\PROGRA~1\Logitech\DESKTO~1\8876480\811~1.50-\program\EN\ClientRC.dll] [BackWeb Technologies Inc., Version 8.1.1 (Build 50R)] [C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll] [N/A, ] [C:\Program Files\Visual Tooltip\VisualTooltip.dll] [Christian Salmon, 1, 0, 0, 1] [C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfil

kinvara · Answer

le second rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:58, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Visual Tooltip\VisualToolTip.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell sans fil\PRISMCFG.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Jenny\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32
sk17.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual Tooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire de carte WLAN sans fil USB 2.0.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\binesources\WebMenuImg.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

FillPCA · Answer

Re,

1/     *  Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Documents and Settings\All Users\Application Data\1Þ13.sys
C:\WINDOWS\system32
sk17.dll
C:\WINDOWS\system32\dcads_sidebar.dll

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32
sk17.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 

Clique sur fix/réparer.

3/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

4/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

5/ Edite les rapports suivants :
OTMoveIt, AVGantispyware et un nouveau rapport Hijackthis.

FillPCA

kinvara · Answer

File/Folder C:\Documents and Settings\All Users\Application Data\1&#1949;13.sys not found.
C:\WINDOWS\system32
sk17.dll unregistered successfully.
C:\WINDOWS\system32
sk17.dll moved successfully.
C:\WINDOWS\system32\dcads_sidebar.dll NOT unregistered.
C:\WINDOWS\system32\dcads_sidebar.dll moved successfully.
 
Created on 01/09/2008 19:08:18

kinvara · Answer

j'ai fait ce que tu m'as dit pour HiJackThis, mais 

O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32
sk17.dll 

n'existaient pas. J'ai quand même fait pour les deux autres...

kinvara · Answer

OTMoveIt

File/Folder C:\Documents and Settings\All Users\Application Data\1&#1949;13.sys not found.
C:\WINDOWS\system32
sk17.dll unregistered successfully.
C:\WINDOWS\system32
sk17.dll moved successfully.
C:\WINDOWS\system32\dcads_sidebar.dll NOT unregistered.
C:\WINDOWS\system32\dcads_sidebar.dll moved successfully.
 
Created on 01/09/2008 19:08:18

AVGantispyware

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	20:06:52 09/01/2008

 + Résultat de l'analyse:	



C:\Documents and Settings\Jenny\Bureau\catchme.zip/ATHPRX.DLL -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).
C:\SDFix\backups\backups.zip/backups/ATHPRX.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9372C367-F237-4DC1-A4F2-73A691C7D8D8}\RP19\A0012576.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{9372C367-F237-4DC1-A4F2-73A691C7D8D8}\RP19\A0012587.dll -> Trojan.BHO.abo : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport



nouveau rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:06, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Visual Tooltip\VisualToolTip.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell sans fil\PRISMCFG.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Jenny\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual Tooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utilitaire de carte WLAN sans fil USB 2.0.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\binesources\WebMenuImg.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

kinvara · Answer

Reste-t-il quelque chose au final ou pas?

FillPCA · Answer

Re,

Oui.
Ouvre le dossier C:\Sdfix
Double-clique sur catchme.exe
Clique sur scan

Quand l'analyse est finie, poste le contenu du fichier catchme.log sur le bureau. Poste-le en plusieurs fois s'il est trop long.

FillPCA

kinvara · Answer

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 21:03:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000fc
"TracesSuccessful"=dword:00000037

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 27

FillPCA · Answer

Re,

1/ Ouvre C:\SDfix\Catchme.exe
Une fenêtre va s'ouvrir, va dans l'onglet Script.
Copie/colle ceci :

files to kill:
C:\Documents and Settings\All Users\Application Data\1Þ13.sys
Clique sur Run.

Un rapport doit s'ouvrir. Sinon, copie-colle le contenu de catchme.log sur le bureau.

2/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

Edite ce rapport.

FillPCA

kinvara · Answer

Run ne marche pas, il n'arrive pas à créer le rapport.

Dans internet explorer, aucune information n'apparait en haut, près de la barre d'état, aucune information d'installation d'active X.

que dois-je faire?

FillPCA · Answer

Re,

Vérifie si les réglages suivants sont corrects, puis retente un scan avec Kaspersky :
Démarrer-->Parametres-->Panneau de configuration-->Options Internet ou Sur la fenetre du navigateur Internet,Outils-->Options Internet

Dans la fenêtre qui s'ouvre, sélectionnez l'onglet Sécurité. Après cela,
cliquez sur le bouton Personnaliser le niveau...

Une nouvelle fenêtre s'ouvre, dans la partie qui se nomme Parametres de securité,
effectuez alors les réglages suivants :

A la ligne : Contrôles ActiveX reconnus sûrs pour l'écriture de scripts,
cochez la case Activer.

Puis, à la ligne : Contrôles d'initialisation et de scripts ActiveX non
marqués comme sécurisés, cochez la case Désactiver.

Maintenant, à la ligne : Exécuter les contrôles ActiveX et les plugins,
cochez la case Activer.

Après cela, à la ligne : Télécharger les contrôles ActiveX non signés,
cochez la case Désactiver.

Et pour finir, à la ligne : Télécharger les contrôles ActiveX signés,
cochez la case Demander.

cliquez sur le bouton OK, afin que les modifications soient
prises en compte.

FillPCA

moe · Answer

Bonsoir kinvara, FillPCA

Pour Catchme, la commande de script est files: si je me souviens bien :-)
ou via Exécuter :
"C:\SDfix\Catchme.exe" -k "C:\Documents and Settings\All Users\Application Data\1Þ13.sys"


Bonne continuation.

@++

FillPCA · Answer

Bonsoir moe,

Merci pour l'info.

FillPCA

kinvara · Answer

je suis en cours de scan avec Kaspersky... j'envoie juste après le rapport

FillPCA · Answer

Re,

Ca peut durer longtemps, selon la taille de ton disque dur.

FillPCA

kinvara · Answer

aïe.... bon, et bien j'attendrais...

FillPCA · Answer

Re Moe,

Apparemment, la commande "files to kill" existe bien. Elle zippe et supprime le fichier. La commande "files" se contente de zipper.

Bonne soirée.

FillPCA

kinvara · Answer

attendez, je viens de finir le scan...

kinvara · Answer

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Wednesday, January 09, 2008 11:20:46 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  9/01/2008
 Kaspersky Anti-Virus database records: 505265
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\

Scan Statistics:
	Total number of scanned objects: 74198
	Number of viruses found: 5
	Number of infected objects: 10
	Number of suspicious objects: 0
	Duration of the scan process: 00:50:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp	Object is locked	skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds	Object is locked	skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\GoogleToolbarData\googlesafebrowsing.db	Object is locked	skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\search.sqlite	Object is locked	skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\Jenny\Bureau\VDownloader.exe	Infected: not-a-virus:Downloader.Win32.VDown.a	skipped
C:\Documents and Settings\Jenny\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\e86tpdi0.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\Perflib_Perfdata_788.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\Perflib_Perfdata_798.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\yomscxwn.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Jenny\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Jenny
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\chandir.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\chandir.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\chn.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\chn.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\D0000000.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\inuse.txt	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\L0000001.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\main.log	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_die.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_die.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_dnd.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_dnd.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_ext.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_ext.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_rcv.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\prs_rcv.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\storydb.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jenny\Data\storydb.idx	Object is locked	skipped
C:\Program Files\Mozilla Firefox\components
sBrowserOpt.dll	Infected: not-a-virus:AdWare.Win32.BHO.pm	skipped
C:\Program Files\Visicom Media\GifMovieGear 4\vmntoolbar\vmntoolbarsetup1.7_en.exe/data0159	Infected: not-a-virus:AdWare.Win32.MegaSearch.n	skipped
C:\Program Files\Visicom Media\GifMovieGear 4\vmntoolbar\vmntoolbarsetup1.7_en.exe	NSIS: infected - 1	skipped
C:\Program Files\vmntoolbar\vmntoolbar.dll	Infected: not-a-virus:AdWare.Win32.MegaSearch.n	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{9372C367-F237-4DC1-A4F2-73A691C7D8D8}\RP19\A0012591.exe/stream/data0002	Infected: not-a-virus:AdWare.Win32.Agent.zm	skipped
C:\System Volume Information\_restore{9372C367-F237-4DC1-A4F2-73A691C7D8D8}\RP19\A0012591.exe/stream	Infected: not-a-virus:AdWare.Win32.Agent.zm	skipped
C:\System Volume Information\_restore{9372C367-F237-4DC1-A4F2-73A691C7D8D8}\RP19\A0012591.exe	NSIS: infected - 2	skipped
C:\System Volume Information\_restore{9372C367-F237-4DC1-A4F2-73A691C7D8D8}\RP19\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat	Object is locked	skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\dcads_sidebar.dll	Infected: not-a-virus:AdWare.Win32.Agent.zm	skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32
sk17.dll	Infected: not-a-virus:AdWare.Win32.Agent.yr	skipped

Scan process completed.

kinvara · Answer

le diagnostic m'a donné le plaisir de découvrir 5 virus et 10 objets infectés... quel magnificence l'informatique!
Surtout quand on a un projet numérique à déballer à des professionnels le lendemain et qu'on ne peut rien continuer sur son PC... je suis déprimée... et encore merci FillPCA de me filer ce coup de main.

kinvara · Answer

J'ai posté le rapport pour info!

FillPCA · Answer

Bonjour,

1/ Connais-tu ces applications ? VMNToolbar et Visicom Media ? Si tu ne les connais pas, désinstalle-les et redémarre le pc.

2/     * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Documents and Settings\Jenny\Bureau\VDownloader.exe
C:\Program Files\Mozilla Firefox\components
sBrowserOpt.dll

Ajoute aussi les deux fichiers suivants si tu as désinstallé les appli précédentes:
C:\Program Files\Visicom Media\GifMovieGear 4\vmntoolbar\vmntoolbarsetup1.7_en.exe
C:\Program Files\vmntoolbar\vmntoolbar.dll

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Je pense que c'est propre, mais peux-tu lancer SDfix en mode sans échec pour que je vérifie si le fichier 1Þ13.sys a été supprimé ? Edite ce rapport.
Ensuite, il nous restera la fin du nettoyage à réaliser (Nettoyage de la restauration système entre autres).

Je ne pourrai continuer que ce soir.

FillPCA

kinvara · Answer

File/Folder C:\Documents and Settings\Jenny\Bureau\VDownloader.exe not found.
File/Folder C:\Program Files\Mozilla Firefox\components
sBrowserOpt.dll not found.
File/Folder C:\Program Files\Visicom Media\GifMovieGear 4\vmntoolbar\vmntoolbarsetup1.7_en.exe not found.
File/Folder C:\Program Files\vmntoolbar\vmntoolbar.dll not found.
 
Created on 01/11/2008 17:58:32


Désolée de l'absence, boulot...

Merci d'être aussi patient!

FillPCA · Answer

Salut,

    *  Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

Comment le pc se porte-t-il ?

FillPCA

kinvara · Answer

Au niveau du PC, c'est déjà beaucoup plus pratique. Les ralentis ont diminué, et je n'ai pas encore eu de blocage d'écrans depuis que je l'ai allumé.

kinvara · Answer

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 18:09:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 27

FillPCA · Answer

Re,

Juste pour vérifier quelquechose.

# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt

FillPCA

kinvara · Answer

SDFix: Version 1.125

Run by Jenny on 11/01/2008 at 18:26

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 18:31:56
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000002c
"TracesSuccessful"=dword:00000006

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 27


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------


Files with Hidden Attributes:

Tue  6 Nov 2007     5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed  3 May 2006       163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007        31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Thu  8 Nov 2007            13 ...H. --- "C:\Documents and Settings\All Users\Application Data\1Þ13.sys"
Tue  6 Nov 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005       616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005        45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Thu  8 Nov 2007        72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006        15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 31 Aug 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue  4 Jun 2002        84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue  4 Jun 2002        44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002        73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002        65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun  9 Jun 2002        36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue  4 Jun 2002        20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002       102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002       176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002       208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002       217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun  9 Jun 2002        40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat  3 Nov 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004       232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderaac.dll"
Sun  9 Jun 2002       525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernco3260.dll"
Tue 10 Dec 2002       245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernlt3260.dll"
Tue 10 Dec 2002        45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv103260.dll"
Tue 10 Dec 2002        98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv203260.dll"
Tue 10 Dec 2002        94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv303260.dll"
Tue 10 Dec 2002        90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv403260.dll"
Tue 10 Dec 2002       102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun  9 Jun 2002        49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder	okr3260.dll"
Mon 26 Nov 2007           444 ...HR --- "C:\Documents and Settings\Jenny\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

FillPCA · Answer

Re,

1. Télécharger The Avenger par Swandog46 sur votre Bureau.
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
·	Click sur Avenger.zip pour ouvrir le fichier
·	Extraire avenger.exe sur votre bureau

2. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

C:\Documents and Settings\All Users\Application Data\1Þ13.sys


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.
·	Sous "Script file to execute" choisir "Input Script Manually".
·	Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
·	Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
·	Cliquer Done
·	ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
·	Répondre "Yes" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
·	Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
·	Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
·	Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
·	The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.
5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse

kinvara · Answer

non ça ne marche pas, après avoir cliqué sur le feu vert j'ai

Error: selected file does not appear to be a valid script

FillPCA · Answer

Re,

    *  Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici) : http://www2.gmer.net/gmer.zip
    * Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
    * Clique sur l'onglet "rootkit", puis clique sur scan.
    * A la fin du scan, clique sur le bouton copy.
    * Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
    * Edite ce rapport dans ta prochaine réponse.

FillPCA

PAR PITIE Solution pour supprimer dll infecté

46 réponses

Votre réponse

Discussions similaires

Newsletters