Autorite nt/system Fermé

Question

Bonjour à vous explorateurs de la toile,

J'ai un problème et sans doute l'un d'entre vous, meilleur en informatique que moi (pas difficile), pourrait peut etre m'aider.

Voici mon problème : j'ai téléghargé dernièrement un fichier poubelle qui a ouvert en série plusieurs fenêtre d'alerte virus avast. En tout une dizaine de virus dont nulprot-B et goldun-trj avec impossibilité de mettre en quarantaine ou de supprimer. J'ai tenté d'utiliser SDFIX mais le processus se bloque à 75% et là dessus, redémarrage du système, je crois qu'il a pas beaucoup aimé. Après plusieurs redémarrage successifs, j'ai réussi à planifier un scan avast au démarrage avec ordre de supprimer les fichiers infectés, beaucoup l'ont été.

Seulement maintenant lorsque j'ouvre une session, un message "service.exe a rencontré un problème et doit fermer" s'affiche ce qui me laisse à peine quelque minutes avant qu'un autre message s'affiche "Un arrêt du système à été initié par AUTORITE NT/SYSTEM, le système va maintenant redémarrer" et un compte à rebours de 60 secondes est lancé avant le redémarrage.

Si quelqu'un à déjà eu le problème et peut m'aider je lui en serais très reconnaissant,
Merci

Bryan

FillPCA · Answer

Salut,

Peux-tu éditer un rapport Hijackthis ?

FillPCA

Bryan · Answer

Voilà mon scan 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:57, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A3C9994-1A9C-42F4-9F19-511F4D133771} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\mljjhij.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202328526.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?db70d2f9a51146c283704ea06649265a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?db70d2f9a51146c283704ea06649265a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - Winlogon Notify: iewhgeuq - iewhgeuq.dll (file missing)
O20 - Winlogon Notify: mljjhij - C:\WINDOWS\SYSTEM32\mljjhij.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

FillPCA · Answer

Re,

Plusieurs infections sont visibles.

1/ # Télécharge Vundofix  (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
# Double-clique VundoFix.exe afin de le lancer.
# Clique sur le bouton Scan for Vundo.
# Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
# Une invite te demandera si tu veux supprimer les fichiers, clique YES.
# Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
# Copie/colle le contenu du rapport situé dans C:\vundofix.txt

2/     *  Télécharger smitfraudfix (de S!Ri) sur le bureau : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    * Clique sur smitfraudfix.exe
    * Choisis l'option 1 et colle dans ta réponse le rapport généré par smitfraudfix. Ce rapport se trouve dans la fenêtre du bloc-note qui s’ouvre.
    * Ferme l'application en tapant sur la touche Q.

3/ Edite les deux rapports précédents et un nouveau rapport Hijackthis.

FillPCA

Bryan · Answer

voilà mon scan Vundofix, il s'y est repris à deux fois avec C:\WINDOWS\SYSTEM32\mljjhij.dll


VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 17:41:25 18/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\ddccb.dll
C:\windows\system32\iewhgeuq.dllbox
C:\WINDOWS\system32\mljjhij.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\bccdd.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll Has been deleted!

 Attempting to delete C:\windows\system32\iewhgeuq.dllbox
C:\windows\system32\iewhgeuq.dllbox Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljjhij.dll
C:\WINDOWS\system32\mljjhij.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\mljjhij.dll
C:\WINDOWS\system32\mljjhij.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Voilà le scan smtifraudfix

SmitFraudFix v2.290

Rapport fait à 18:03:02,51, 18/02/2008
Executé à partir de C:\Documents and Settings\Bryan\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bryan


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bryan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bryan\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Helper\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11a/b/g WLAN - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A520496-E08A-42A4-BBDA-10E05465DAC2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A520496-E08A-42A4-BBDA-10E05465DAC2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6A520496-E08A-42A4-BBDA-10E05465DAC2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

et enfin, le nouveau scan hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:36, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?db70d2f9a51146c283704ea06649265a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?db70d2f9a51146c283704ea06649265a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

FillPCA · Answer

Re,

1/     *  Imprimer ceci.
    * Redémarrer l'ordinateur en mode sans échec en tapotant sur F5 (ou F8). L'accès à Internet devient alors impossible.
    * Double cliquer sur Smitfraudfix.exe.
    * Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
    * A la question Voulez-vous nettoyer le registre ?], répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection. Le fix déterminera si le fichier wininet.dll est infecté. 
    * A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
    * Quitter le programme en appuyant sur Q.
    * Redémarrer normalement et coller sur le forum le rapport généré.

2/     *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite les rapports précédents et un rapport Hijackthis.

FillPCA

Bryan · Answer

Okk voilà les nouveaux rapports SmitFraudFix v2.290 Rapport fait à 18:20:30,10, 18/02/2008 Executé à partir de C:\Documents and Settings\Bryan\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\Program Files\Helper\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A520496-E08A-42A4-BBDA-10E05465DAC2}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A520496-E08A-42A4-BBDA-10E05465DAC2}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6A520496-E08A-42A4-BBDA-10E05465DAC2}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin ComboFix 08-02-18.1 - Bryan 2008-02-18 18:32:16.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.566 [GMT 1:00] Endroit: C:\Documents and Settings\Bryan\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ssqrp.dll C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\mljjhij.dll C:\WINDOWS\system32\prqss.ini C:\WINDOWS\system32\prqss.ini2 C:\WINDOWS\system32\ssqrp.dll D:\Autorun.inf ----- BITS: Possible sites infect‚s ----- hxxp://58.65.234.25 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))))))) . 2008-02-18 18:03 . 2008-02-18 18:20 5,154 --a------ C:\WINDOWS\system32 mp.reg 2008-02-18 17:41 . 2008-02-18 17:56 d-------- C:\VundoFix Backups 2008-02-18 10:51 . 2008-02-18 18:09 d-------- C:\HiJackThis 2008-02-11 20:00 . 2008-02-11 20:00 d-------- C:\Documents and Settings\Bryan\Application Data\InstallShield 2008-02-10 21:20 . 2008-02-10 21:20 d-------- C:\SDFix 2008-02-06 21:27 . 2006-03-24 21:00 182,912 --a------ C:\WINDOWS\system32\drivers dis.sys 2008-02-06 21:27 . 2006-03-24 21:00 2,944 --a------ C:\WINDOWS\system32\drivers ull.sys 2008-02-06 21:12 . 2006-03-24 21:00 35,072 --a------ C:\WINDOWS\system32\drivers\fips.sys 2008-02-06 21:12 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys 2008-02-06 21:12 . 2004-08-03 22:59 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys 2008-02-06 21:11 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys 2008-02-06 21:11 . 2006-03-24 21:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys 2008-02-06 21:08 . 2008-02-06 21:08 2 --a------ C:\616906336 2008-02-06 21:06 . 2008-02-06 21:06 105,488 --a------ C:\qsdjpwpb.exe 2008-02-06 21:06 . 2008-02-06 21:06 58,368 --a------ C:\wpohl.exe 2008-02-06 21:06 . 2008-02-06 21:06 54,764 --a------ C:\WINDOWS\system32\jnhjkfrn 2008-01-31 21:10 . 2008-01-31 21:10 dr-h----- C:\Documents and Settings\Bryan\Application Data\SecuROM 2008-01-31 21:10 . 2008-01-31 21:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-01-31 21:10 . 2008-01-31 21:10 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-31 21:10 . 2008-01-31 21:10 22,328 --a------ C:\Documents and Settings\Bryan\Application Data\PnkBstrK.sys 2008-01-31 21:09 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-01-31 21:09 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-01-31 21:09 . 2008-01-31 21:09 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-01-31 21:09 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-01-31 21:09 . 2008-01-31 21:09 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-01-31 21:09 . 2008-01-31 21:09 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~ 2008-01-28 22:03 . 2008-01-28 22:03 24 --a------ C:\WINDOWS\cdplayer.ini 2008-01-27 21:58 . 2008-01-27 21:58 281 --a------ C:\WINDOWS\game.ini 2008-01-27 21:22 . 2008-01-27 21:22 d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-18 17:41 --------- d-----w C:\Documents and Settings\Bryan\Application Data\OpenOffice.org2 2008-02-18 17:17 359,821 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-12 01:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-06 20:27 --------- d-----w C:\Documents and Settings\Bryan\Application Data\Azureus 2008-01-30 20:41 --------- d-----w C:\Program Files\MSN Messenger 2008-01-02 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-01-02 16:45 --------- d-----w C:\Program Files\Alcohol Soft 2007-12-22 02:02 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-22 02:01 --------- d-----w C:\Program Files\Windows Live Favorites 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-04-11 08:03 256 ----a-w C:\Documents and Settings\Bryan\Application Data\wklnhst.dat 2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2007-03-24 23:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5426E1EC-93C6-4D24-B3F8-FFB85AFA555F}] C:\WINDOWS\system32\ddccb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 00:39 68856] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672] "DAEMON Tools"="C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03 36975] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 19:40 7569408] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22 794713] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 00:07 421888] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-10-29 20:53 185632] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 05:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS vsmu.sys [2006-03-06 15:49] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\Auto\command - AdobeR.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c7b0bf-da64-11db-a5c6-0016d317f44a}] \Shell\AutoRun\command - F:\Programs u2menu u2menu.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-13 09:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-18 16:48:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50, on 2008-02-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\system32\msdtc.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5426E1EC-93C6-4D24-B3F8-FFB85AFA555F} - C:\WINDOWS\system32\ddccb.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?db70d2f9a51146c283704ea06649265a O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?db70d2f9a51146c283704ea06649265a O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

FillPCA · Answer

Re,

Y en a encore. Si tu as une clé USB, insère-la dans ton pc.


1/     *  Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
    * Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
    * Clique sur l'onglet  "diagnostic du PC" puis "analyser".
    * Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
    * Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
    * Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau.
Redémarre ensuite le PC.

3/ # Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

Edite les rapports précédents et un rapport Hijackthis. Poste-les en plusieurs fois.

FillPCA

Bryan · Answer

Coriace dis donc,
Je dois m'arrêter là pour aujourd'hui, boulot
Merci pour ton aide, je continuerais demain si tu veux bien, je posterai les rapports dans la journée
Bonne soirée

Bryan · Answer

Bonjour FillPCA
me revoilà prêt à en découdre
voilà le rapport PCA, est ce qu'il faut que je fasse "réparer les éléments sélectionnés" ?

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :2008-02-19 13:05:13
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\pca\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO:  - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
02 - BHO:  - {5426E1EC-93C6-4D24-B3F8-FFB85AFA555F} - C:\WINDOWS\system32\ddccb.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [ehTray] - C:\WINDOWS\ehome\ehtray.exe
04 - HKLM\..\RUN: [hpWirelessAssistant] - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
04 - HKLM\..\RUN: [SunJavaUpdateSched] - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [MsmqIntCert] - regsvr32 /s mqrt.dll
04 - HKLM\..\RUN: [High Definition Audio Property Page Shortcut] - CHDAudPropShortcut.exe
04 - HKLM\..\RUN: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\RUN: [QPService] - "C:\Program Files\HP\QuickPlay\QPService.exe"
04 - HKLM\..\RUN: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\RUN: [QlbCtrl] - 
04 - HKLM\..\RUN: [Cpqset] - C:\Program Files\HPQ\Default Settings\cpqset.exe
04 - HKLM\..\RUN: [RecGuard] - C:\Windows\SMINST\RecGuard.exe
04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [TkBellExe] - "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
04 - HKLM\..\RUN: [UserFaultCheck] - 
04 - HKLM\..\RUN: [KernelFaultCheck] - 
04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RUN: [SuperCopier2.exe] - C:\Program Files\SuperCopier2\SuperCopier2.exe
04 - HKLU\..\RUN: [DAEMON Tools] - "C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" -lang 1033
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-1085688219-440466335-3979928359-1005\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-1085688219-440466335-3979928359-1005\..\RUN: [swg] - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
04 - HKUS\S-1-5-21-1085688219-440466335-3979928359-1005\..\RUN: [SuperCopier2.exe] - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
04 - HKUS\S-1-5-21-1085688219-440466335-3979928359-1005\..\RUN: [DAEMON Tools] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
04 - Global Startup: HP Pavilion Webcam Tray Icon.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Pavilion Webcam Tray Icon.lnk
04 - Global Startup: Lancement rapide d'Adobe Reader.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
04 - Startup: OpenOffice.org 2.1.lnk= C:\Documents and Settings\Bryan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
08 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
08 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
08 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
08 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
08 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
08 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?db70d2f9a51146c283704ea06649265a
08 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?db70d2f9a51146c283704ea06649265a
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
09 - Extra button:  - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra 'Tools' menuitem:  - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
//O12 - IE plugins
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :  BDSCANONLINE Control - {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - C:\WINDOWS\BDOSCAN8\oscan82.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [AddFiltr] - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Media Center Receiver Service] - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: [Service de planification Media Center] - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [hpqwmiex] - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: [InstallDriver Table Manager] - "c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [Sunbelt Kerio Personal Firewall 4] - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: [Media Center Extender Service] - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [Message Queuing] - C:\WINDOWS\system32\mqsvc.exe
O23 - Service: [Message Queuing Triggers] - C:\WINDOWS\system32\mqtgsvc.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32
vsvc32.exe
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32svp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [SSDP Discovery Service] - %SystemRoot%\system32\svchost.exe -k LocalService
O23 - Service: [StarWind iSCSI Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{689CC38D-A856-4981-B6C2-3DEC11C24832}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32	lntsvr.exe
O23 - Service: [Windows User Mode Driver Framework] - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Service Windows Media Connect] - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe

FillPCA · Answer

Re,

1/     *  Télécharge OTMoveIt2  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :

C:\616906336
C:\qsdjpwpb.exe
C:\wpohl.exe
C:\WINDOWS\system32\jnhjkfrn 

    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5426E1EC-93C6-4D24-B3F8-FFB85AFA555F}

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

3/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

4/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite ces rapports : OTMoveIt, AVGantispyware, Kaspersky et un nouveau rapport Hijackthis.

FillPCA

Bryan · Answer

Okk, et du coup je fais pas Flash disinfector SREng ?

FillPCA · Answer

Re,

Passe FlashDisinfector en y insérant ta clé USB, puis passe directement à la suite sans utiliser SREng.

FillPCA

Bryan · Answer

Okk
pas de rapport Flash Disinfection

Le rapport de OTMoveit

C:\616906336 moved successfully.
C:\qsdjpwpb.exe moved successfully.
C:\wpohl.exe moved successfully.
File move failed. C:\WINDOWS\system32\jnhjkfrn scheduled to be moved on reboot.
[Custom Input]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5426E1EC-93C6-4D24-B3F8-FFB85AFA555F}  >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5426E1EC-93C6-4D24-B3F8-FFB85AFA555F}\ deleted successfully.
 
OTMoveIt2 v1.0.20 log created on 02192008_134727

Bryan · Answer

Voilà le rapport de AVG

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	15:00 2008-02-19

 + Résultat de l'analyse:	



F:\Mon travail\Stage Camargue\Photos\images.zip/IMG34814.pif -> Dropper.Agent.chm : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Alain\Cookies\alain@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.15:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.16:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.17:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.20:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.14:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.13:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.18:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Alain\Cookies\alain@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.12:C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.


Fin du rapport

Bryan · Answer

Okk, j'ai enfin le rapport Kaspersky, ce fut long ... très long

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Tuesday, February 19, 2008 6:54:24 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 19/02/2008
 Kaspersky Anti-Virus database records: 573132
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\

Scan Statistics:
	Total number of scanned objects: 75914
	Number of viruses found: 5
	Number of infected objects: 15
	Number of suspicious objects: 0
	Duration of the scan process: 01:08:34

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\Bryan\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml	Object is locked	skipped
C:\Documents and Settings\Bryan\Bureau\clean.zip/clean/pskill.exe	Infected: not-a-virus:RiskTool.Win32.PsKill.k	skipped
C:\Documents and Settings\Bryan\Bureau\clean.zip	ZIP: infected - 1	skipped
C:\Documents and Settings\Bryan\Bureau\SmitfraudFix\Reboot.exe	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\Documents and Settings\Bryan\Bureau\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\Documents and Settings\Bryan\Bureau\SmitfraudFix.exe/data.rar	Infected: not-a-virus:RiskTool.Win32.Reboot.f	skipped
C:\Documents and Settings\Bryan\Bureau\SmitfraudFix.exe	RarSFX: infected - 2	skipped
C:\Documents and Settings\Bryan\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Bryan\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Bryan\Local Settings\Temp\~DF6A91.tmp	Object is locked	skipped
C:\Documents and Settings\Bryan\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Bryan
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Bryan\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Bryan\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-02-19.13-49-59.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs
etwork.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs
etwork.log.idx	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log	Object is locked	skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx	Object is locked	skipped
C:\QooBox\Quarantine\catchme2008-02-18_184041.81.zip/ssqrp.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\QooBox\Quarantine\catchme2008-02-18_184041.81.zip	ZIP: infected - 1	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP2\A0000005.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP2\A0000011.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP2\A0000050.exe	Infected: Trojan-Clicker.Win32.Costrat.dl	skipped
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP2\change.log	Object is locked	skipped
C:\VundoFix Backups\ddccb.dll.bad	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\VundoFix Backups\mljjhij.dll.bad	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt	Object is locked	skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4B7D5BED-0CCA-4CA7-9F78-A22A5A400B62}.crmlog	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F16963A2-4F26-4FA7-B4C3-7E639844E958}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Media Ce.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\jnhjkfrn	Object is locked	skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG	Object is locked	skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log	Object is locked	skipped
C:\WINDOWS\system32\msmq\storage\QMLog	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
C:\_OTMoveIt\MovedFiles\02192008_134727\qsdjpwpb.exe	Infected: Trojan-Downloader.Win32.Zlob.hhh	skipped
C:\_OTMoveIt\MovedFiles\02192008_134727\wpohl.exe	Infected: Trojan-Clicker.Win32.Costrat.dl	skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	skipped
D:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP2\change.log	Object is locked	skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	skipped
F:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP2\change.log	Object is locked	skipped

Scan process completed.

Bryan · Answer

Et un nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39, on 2008-02-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?db70d2f9a51146c283704ea06649265a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?db70d2f9a51146c283704ea06649265a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

FillPCA · Answer

Re,

1/ Comment le pc se porte-t-il ?

2/ 
    *  Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

3/     * Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    * Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
    * Ton Bureau va disparaître. Ceci est normal.
    * S'il ne réapparait pas, fais ceci :  CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
      Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

4/ Ce dossier existe-t-il toujours ? C:\WINDOWS\system32\jnhjkfrn
Que contient-il ? Le connais-tu ?

FillPCA

Bryan · Answer

Le pc apprécie moyen, ca rame surtout internet

C:\WINDOWS\system32\jnhjkfrn n'a pas été trouvé à la recherche, c'était un fichier qui avait déclenché une alerte virus avast parmi les autres

FillPCA · Answer

Re,

1/ # Double clique combofix.exe et suis les invites.
# Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

2/ # Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

FillPCA

Bryan · Answer

Le rapport combofix ComboFix 08-02-18.1 - Bryan 2008-02-19 21:39:33.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.512 [GMT 1:00] Endroit: C:\Documents and Settings\Bryan\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))))))) . 2008-02-19 15:33 . 2008-02-19 15:33 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-19 15:33 . 2008-02-19 15:33 d-------- C:\WINDOWS\LastGood.Tmp 2008-02-19 15:33 . 2008-02-19 15:33 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-19 15:14 . 2008-02-19 15:14 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-19 14:23 . 2008-02-19 14:23 d-------- C:\Documents and Settings\Bryan\Application Data\Grisoft 2008-02-19 14:22 . 2008-02-19 14:22 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-19 14:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-19 14:05 . 2008-02-19 14:05 d-------- C:\Program Files\Yahoo! 2008-02-19 14:05 . 2008-02-19 14:06 d-------- C:\CCleaner 2008-02-19 13:04 . 2008-02-19 13:04 d-------- C:\pca 2008-02-19 00:51 . 2008-02-19 00:51 d---s---- C:\Documents and Settings\Administrateur\UserData 2008-02-18 10:51 . 2008-02-19 19:39 d-------- C:\HiJackThis 2008-02-11 20:00 . 2008-02-11 20:00 d-------- C:\Documents and Settings\Bryan\Application Data\InstallShield 2008-02-06 21:27 . 2006-03-24 21:00 182,912 --a------ C:\WINDOWS\system32\drivers dis.sys 2008-02-06 21:27 . 2006-03-24 21:00 2,944 --a------ C:\WINDOWS\system32\drivers ull.sys 2008-02-06 21:12 . 2006-03-24 21:00 35,072 --a------ C:\WINDOWS\system32\drivers\fips.sys 2008-02-06 21:12 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys 2008-02-06 21:12 . 2004-08-03 22:59 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys 2008-02-06 21:11 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys 2008-02-06 21:11 . 2006-03-24 21:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys 2008-02-06 21:06 . 2008-02-06 21:06 54,764 --a------ C:\WINDOWS\system32\jnhjkfrn 2008-01-31 21:10 . 2008-01-31 21:10 dr-h----- C:\Documents and Settings\Bryan\Application Data\SecuROM 2008-01-31 21:10 . 2008-01-31 21:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-01-31 21:10 . 2008-01-31 21:10 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-31 21:10 . 2008-01-31 21:10 22,328 --a------ C:\Documents and Settings\Bryan\Application Data\PnkBstrK.sys 2008-01-31 21:09 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-01-31 21:09 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-01-31 21:09 . 2008-01-31 21:09 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-01-31 21:09 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-01-31 21:09 . 2008-01-31 21:09 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-01-31 21:09 . 2008-01-31 21:09 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~ 2008-01-28 22:03 . 2008-01-28 22:03 24 --a------ C:\WINDOWS\cdplayer.ini 2008-01-27 21:58 . 2008-01-27 21:58 281 --a------ C:\WINDOWS\game.ini 2008-01-27 21:22 . 2008-01-27 21:22 d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 20:39 368,933 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-19 20:28 --------- d-----w C:\Documents and Settings\Bryan\Application Data\OpenOffice.org2 2008-02-19 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-12 01:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-06 20:27 --------- d-----w C:\Documents and Settings\Bryan\Application Data\Azureus 2008-01-31 20:27 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-01-31 20:27 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-01-31 20:27 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-01-30 20:41 --------- d-----w C:\Program Files\MSN Messenger 2008-01-02 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-01-02 16:45 --------- d-----w C:\Program Files\Alcohol Soft 2007-12-22 02:02 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-22 02:01 --------- d-----w C:\Program Files\Windows Live Favorites 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-11 08:03 256 ----a-w C:\Documents and Settings\Bryan\Application Data\wklnhst.dat 2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2007-03-24 23:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 00:39 68856] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672] "DAEMON Tools"="C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03 36975] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 19:40 7569408] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22 794713] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 00:07 421888] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-10-29 20:53 185632] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 05:00 15360] C:\Documents and Settings\Bryan\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30 73728] HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-03-25 05:34:55 102400] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS vsmu.sys [2006-03-06 15:49] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\Auto\command - AdobeR.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c7b0bf-da64-11db-a5c6-0016d317f44a}] \Shell\AutoRun\command - F:\Programs u2menu u2menu.exe *Newly Created Service* - AVGASCLN . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-13 09:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-19 19:48:10 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-19 21:43:45 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????W????????@???????@ Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-19 21:45:35 . 2008-02-16 18:54:14 --- E O F ---

Bryan · Answer

Et le rapport de SREng [CODE] 2008-02-19,21:38:17 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Google Inc] [SFX TEAM] <"C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [Hewlett-Packard Development Company, L.P.] [Sun Microsystems, Inc.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [N/A] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\HP\QuickPlay\QPService.exe"> [CyberLink Corp.] [Hewlett-Packard Co.] <%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start> [ Hewlett-Packard Development Company, L.P.] [] [] [Google Inc.] [(Verified)ALWIL Software] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] <%systemroot%\system32\dumprep 0 -u> [N/A] <%systemroot%\system32\dumprep 0 -k> [N/A] <"C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] <%SystemRoot%\System32 undll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== Startup Folders [Démarrage rapide de HP Photosmart Premier] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Development Company, L.P.]> [HP Pavilion Webcam Tray Icon] C:\PROGRA~1\HEWLET~1\HPPAVI~1\HPWebcam.exe []> [Lancement rapide d'Adobe Reader] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]> [OpenOffice.org 2.1] C:\PROGRA~1\OPENOF~1.1\program\QUICKS~1.EXE [N/A]> ================================== Services [AddFiltr / AddFiltr][Stopped/Manual Start] <"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"> [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Stopped/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [hpqwmiex / hpqwmiex][Running/Auto Start]

[InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"> [Sunbelt Kerio Personal Firewall 4 / KPF4][Running/Auto Start] <"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"> [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start] <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [PnkBstrA / PnkBstrA][Stopped/Auto Start] [StarWind iSCSI Service / StarWindService][Running/Auto Start] [Service Windows Media Connect / WMConnectCDS][Stopped/Manual Start] ================================== Drivers [abp480n5 / abp480n5][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ABP480N5.SYS> [adpu160m / adpu160m][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\adpu160m.sys> [Aha154x / Aha154x][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\aha154x.sys> [aic78u2 / aic78u2][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\aic78u2.sys> [aic78xx / aic78xx][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\aic78xx.sys> [AliIde / AliIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aliide.sys> [Pilote de filtre du bus AMD AGP / amdagp][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\amdagp.sys> [Pilote de processeur AMD / AmdK8][Running/System Start] [asc / asc][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\asc.sys> [asc3350p / asc3350p][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\asc3350p.sys> [asc3550 / asc3550][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\asc3550.sys> [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [Pilote pour carte réseau Broadcom 802.11 / BCM43XX][Running/Manual Start] [cd20xrnt / cd20xrnt][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\cd20xrnt.sys> [CmdIde / CmdIde][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\cmdide.sys> [dac2w2k / dac2w2k][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\dac2w2k.sys> [dpti2o / dpti2o][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\dpti2o.sys> [eabfiltr / eabfiltr][Running/System Start]

[eabusb / eabusb][Stopped/Manual Start]

[Firewall Driver / fwdrv][Running/System Start] <\SystemRoot\system32\drivers\fwdrv.sys> [HBtnKey / HBtnKey][Running/Manual Start]

[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start] [Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start] [HSFHWAZL / HSFHWAZL][Running/Manual Start] [HSF_DPV / HSF_DPV][Running/Manual Start] [Intel AHCI Controller / iaStor][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\iaStor.sys> [ini910u / ini910u][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ini910u.sys> [Kerio HIPS Driver / khips][Running/System Start] <\SystemRoot\system32\drivers\khips.sys> [mdmxsdk / mdmxsdk][Running/Auto Start] [mraid35x / mraid35x][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\mraid35x.sys> [nv / nv][Running/Manual Start] [nvata / nvata][Running/Boot Start] <\SystemRoot\system32\DRIVERS vata.sys> [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] [nvsmu / nvsmu][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [ql1080 / ql1080][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ql1080.sys> [Ql10wnt / Ql10wnt][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ql10wnt.sys> [ql12160 / ql12160][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ql12160.sys> [ql1280 / ql1280][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ql1280.sys> [rimmptsk / rimmptsk][Running/Manual Start] [rimsptsk / rimsptsk][Running/Manual Start] [Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start] [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start] <\SystemRoot\System32\drivers\sfdrv01.sys> [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp02.sys> [StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start] <\SystemRoot\System32\drivers\sfsync02.sys> [Filtre de bus AGP SIS / sisagp][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sisagp.sys> [USB2.0 PC Camera (SNP2UVC) / SNP2UVC][Running/Manual Start] <> [Sparrow / Sparrow][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sparrow.sys> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [symc810 / symc810][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\symc810.sys> [symc8xx / symc8xx][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\symc8xx.sys> [sym_hi / sym_hi][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sym_hi.sys> [sym_u3 / sym_u3][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sym_u3.sys> [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [TosIde / TosIde][Stopped/Disabled] <\SystemRoot\system32\DRIVERS oside.sys> [ultra / ultra][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ultra.sys> [Vax347b / Vax347b][Running/Boot Start] <\SystemRoot\system32\DRIVERS\Vax347b.sys><> [Vax347s / Vax347s][Running/Boot Start] <\SystemRoot\System32\Drivers\Vax347s.sys><> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> [winachsf / winachsf][Running/Manual Start] [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] ================================== Browser Add-ons [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Java Plug-in] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A> [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Easy-WebPrint] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [YInstStarter Class] {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Java Plug-in] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [Easy-WebPrint] {327C2873-E90D-4C37-AA9D-10AC9BABA46C} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [] {53707962-6F74-2D53-2644-206D7942484F} [] {5426E1EC-93C6-4D24-B3F8-FFB85AFA555F} [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [CKAVReportCtrl Object] {6117669B-8C2D-41FA-A6D9-9E484B999CF0} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Navigateur Web Microsoft] {8856F961-340A-11D0-A96B-00C04FD705A2} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [&Windows Live Search] [Add to Windows &Live Favorites] [E&xporter vers Microsoft Excel] [Easy-WebPrint Ajouter à la liste d'impressions] [Easy-WebPrint Impression rapide] [Easy-WebPrint Imprimer] [Easy-WebPrint Prévisualiser] [Ouvrir dans un nouvel onglet d'arrière-plan] [Ouvrir dans un nouvel onglet de premier plan] ================================== Running Processes [PID: 1032 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1084 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1112 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1156 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1168 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1340 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1388 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1448 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1648 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1720 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1916 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1996 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\CNMLM7K.DLL] [CANON INC., 1.90.2.90] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD7K.DLL] [CANON INC., 1.90.2.90] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 620 / Bryan][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 10.00.00.3646] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll] [Sun Microsystems, Inc., 8.0.0.9090] [C:\Program Files\OpenOffice.org 2.1\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\OpenOffice.org 2.1\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120] [C:\Program Files\OpenOffice.org 2.1\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\WinRAR arext.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 740 / Bryan][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 772 / Bryan][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 7, 2] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 784 / Bryan][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.60.5] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 824 / Bryan][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.3.8 16Jun06] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.3.8 16Jun06] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.3.8 16Jun06] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 848 / Bryan][C:\Program Files\HP\QuickPlay\QPService.exe] [CyberLink Corp., 4.5.0.0000] [C:\Program Files\HP\QuickPlay\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\HP\QuickPlay\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\HP\QuickPlay\helper.dll] [CyberLink Corp., 3.00.4021 ] [C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll] [, 1, 0, 0, 1] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 892 / Bryan][C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 872 / Bryan][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe] [ Hewlett-Packard Development Company, L.P., 6, 1, 1, 2] [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll] [Hewlett-Packard Development Company, L.P., 6, 1, 1, 2] [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll] [Hewlett-Packard Company, 6, 1, 1, 2] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [PID: 936 / Bryan][C:\Program Files\Picasa2\PicasaMediaDetector.exe] [Google Inc., 2.1.0] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 976 / Bryan][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 1024 / Bryan][C:\Program Files\QuickTime\qttask.exe] [Apple Inc., 7.1.6] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 1080 / Bryan][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.4043] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 1552 / Bryan][C:\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 1568 / Bryan][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 1584 / Bryan][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164 es_fr.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [PID: 1600 / Bryan][C:\Program Files\SuperCopier2\SuperCopier2.exe] [SFX TEAM, 2.0.0.579] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 1624 / Bryan][C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.10.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.10.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.3.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\bwtmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\ccdmount.dll] [DT Soft Ltd., 1.10.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.02.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\iszmount.dll] [DT Soft Ltd., 1.03.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.24.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images rgmount.dll] [DT Soft Ltd., 1.12.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\pdimount.dll] [DT Soft Ltd., 1.01.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\Plugins\Images\pfcmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\pfctoc.dll] [Padus(R), Inc., 1, 0, 0, 12] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 1284 / Bryan][C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe] [, 1, 1, 3, 3] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 308 / Bryan][C:\Program Files\OpenOffice.org 2.1\program\soffice.exe] [OpenOffice.org, 1.09.9090] [C:\Program Files\OpenOffice.org 2.1\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\OpenOffice.org 2.1\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 356 / Bryan][C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN] [OpenOffice.org, 1.09.9090] [C:\Program Files\OpenOffice.org 2.1\program\vcl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9093] [C:\Program Files\OpenOffice.org 2.1\program\sot680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program l680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\cppu3.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\OpenOffice.org 2.1\program\sal3.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120] [C:\Program Files\OpenOffice.org 2.1\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\OpenOffice.org 2.1\program\vos3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\basegfx680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\i18nisolang1MSC.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\utl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\salhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\comphelp4MSC.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\cppuhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\ucbhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\icuuc26.dll] [IBM Corporation and others, 2, 6, 0, 0] [C:\Program Files\OpenOffice.org 2.1\program\icudt26l.dll] [IBM Corporation and others, 2, 6, 0, 0] [C:\Program Files\OpenOffice.org 2.1\program\svl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\svt680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program k680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\jvmfwk3.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\libxml2.dll] [N/A, ] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\Program Files\OpenOffice.org 2.1\program\servicemgr.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\shlibloader.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\simplereg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program estedreg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program ypemgr.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\implreg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\security.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program eg3.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\store3.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program egtypeprov.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\configmgr2.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program ypeconverter.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\sysmgr1.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\sax.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\localebe1.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\behelper.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\uriproc.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\ucb1.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\fwl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\fwi680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\ucpfile1.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\sfx680mi.dll] [Sun Microsystems, Inc., 8.0.0.9095] [C:\Program Files\OpenOffice.org 2.1\program\fwe680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\sb680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\xcr680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\j680mi_g.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\jvmaccess3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\fwk680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\msci_uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\spl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\oleautobridge.uno.dll] [Sun Microsystems, Inc., 8.0.0.9084] [C:\Program Files\OpenOffice.org 2.1\program\emser680mi.dll] [Sun Microsystems, Inc., 8.0.0.9084] [PID: 592 / Bryan][C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2407] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly ativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fba414e5\mscorlib.dll] [N/A, ] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\assembly ativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7afd0669\system.windows.forms.dll] [N/A, ] [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\assembly ativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8a7422df\system.drawing.dll] [N/A, ] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly ativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f8d08076\system.dll] [N/A, ] [c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\program files\hp\digital imaging\bin\fr\hpqimzone.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.000] [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\assembly ativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_bdf4880c\system.xml.dll] [N/A, ] [c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll] [LEAD Technologies, Inc., 13.0.0.113] [C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll] [LEAD Technologies, Inc., 13.0.0.098] [c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqtray.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqfmrsc.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll] [ , 4.0.0.0] [c:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\program files\hp\digital imaging\bin\hpqmirsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\program files\hp\digital imaging\bin\fr\hpqmirsc.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqedit.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcc2.resources.dll] [ , 60.0.83.0] [c:\program files\hp\digital imaging\bin\fr\hpqvideo.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll] [ , 4.0.0.0] [c:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqprrsc.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\system.resources\1.0.5000.0_fr_b77a5c561934e089\system.resources.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll] [ , 3.0.0.0] [c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcprsc.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000] [c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqisrtb.resources.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.0] [c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000] [c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqbakup.resources.dll] [ , 60.0.83.0] [c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll] [LEAD Technologies, Inc., 13.0.0.113] [C:\Program Files\HP\Digital Imaging\bin\ltfil13n.dll] [LEAD Technologies, Inc., 13.0.0.113] [PID: 360 / SERVICE RÉSEAU][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4414.258] [PID: 760 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.2812 (xpsp(wmbla).051215-1116)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\sbe.dll] [, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 852 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 1012 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe] [Sunbelt Software, 4.3.635.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\kfe.dll] [Sunbelt Software, 4.3.174.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\curllib.dll] [The cURL library, https://curl.se/ 7.15.1] [C:\Program Files\Sunbelt Software\Personal Firewall\kwsapi.dll] [Sunbelt Software, 4.3.174.0] [PID: 1560 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.97.1] [C:\Program Files\Fichiers communs\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.97.1] [C:\Program Files\Fichiers communs\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.97.1] [PID: 2060 / Bryan][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.12: 2008020121] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox spr4.dll] [Netscape Communications Corporation, 4.6.8] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.12: 2008020121] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.8] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.8] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox ss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.12: 2008020121] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.12: 2008020121] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.12: 2008020121] [C:\Program Files\Mozilla Firefox\extensions alkback@mozilla.org\components\qfaservices.dll] [Mozilla Foundation, 1.8.1.12: 2008020121] [C:\Program Files\Mozilla Firefox\extensions alkback@mozilla.org\components\FULLSOFT.DLL] [Full Circle Software, Inc., 2.2.unofficial] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox ssckbi.dll] [Mozilla Foundation, 1.64] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.12: 2008020121] [C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.1.1r16] [PID: 2112 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.10.8622] [PID: 2208 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2224 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe] [Rocket Division Software, 2.6.1 Build 0x20050401] [PID: 2380 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2452 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 2644 / SYSTEM][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9] [PID: 3092 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3340 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.3.635.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 3428 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3440 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 4012 / Bryan][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.3.635.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 3716 / Bryan][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [PID: 4084 / Bryan][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 3388 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2480 / Bryan][C:\Documents and Settings\Bryan\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Program Files\SuperCopier2\SC2Hook.dll] [SFX TEAM, 2.0.0.16] [C:\Documents and Settings\Bryan\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["

FillPCA · Answer

Re, 1/ # Télécharge RavAntivirus d'Evosla : http://ww25.evosla.com/compteur.php?soft=rav_antivirus # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau # Doucle-clique sur >> RAV.exe << afin de lancer l'outil. # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles) # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain . # Retire tes disques amovibles et redémarrez votre ordinateur. # Poste le rapport, si infection! 2/ * Sélectionne le texte suivant : * Copie le texte sélectionné (CTRL+C). * Ouvre le bloc-note (programme>Accessoire>bloc-note). * Colle le texte copié dans ce bloc-note (CTRL+V). * Sauvegarde ce fichier sous le nom de CFScript.txt * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe Folder:: C:\WINDOWS\system32\jnhjkfrn * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal! Ne touche à rien tant que le scan n'est pas terminé. * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu. * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 3/ Désactive ton antivurs. 4/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/... * Choisis Panda. * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance. * Réalise un scan complet du système. * Sauvegarde le rapport en mode texte à l'issue du scan. 5/ * Télécharge GenProc (de Lazzzy et Narco4) sur ton bureau : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip * Dézippe-le sur ton bureau (Clic droit>Extraire ici). * Double-clique sur GenProc.bat et édite le rapport généré par le programme. * Tu trouveras une aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html 6/ Ré-active ton antivurs. 7/ Edite tous les rapports générés par les outils précédents. FillPCA

Bryan · Answer

RAV à fait un log, puis m'a mis "votre ordinateur est sain"
[19/02/2008 22:16:15] -  virus trouvé : d:\Folder.htt
[19/02/2008 22:16:15] -  virus Supprimé avec succès ==>d:\Folder.htt
[19/02/2008 22:16:16] -  virus Supprimé avec succès
[19/02/2008 22:16:17] -  virus trouvé : i:\autorun.inf
[19/02/2008 22:16:17] -  virus Supprimé avec succès ==>i:\autorun.inf
[19/02/2008 22:16:20] -  virus Supprimé avec succès ==>i:\bootcd\wintools\autorun.exe
[19/02/2008 22:16:20] -  virus Supprimé avec succès

Bryan · Answer

le rapport combofix ComboFix 08-02-18.1 - Bryan 2008-02-19 22:26:15.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.531 [GMT 1:00] Endroit: C:\Documents and Settings\Bryan\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Bryan\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\jnhjkfrn\ . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))))))) . 2008-02-19 15:33 . 2008-02-19 15:33 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-19 15:33 . 2008-02-19 15:33 d-------- C:\WINDOWS\LastGood.Tmp 2008-02-19 15:33 . 2008-02-19 15:33 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-19 15:14 . 2008-02-19 15:14 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-19 14:23 . 2008-02-19 14:23 d-------- C:\Documents and Settings\Bryan\Application Data\Grisoft 2008-02-19 14:22 . 2008-02-19 14:22 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-19 14:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-19 14:05 . 2008-02-19 14:05 d-------- C:\Program Files\Yahoo! 2008-02-19 14:05 . 2008-02-19 14:06 d-------- C:\CCleaner 2008-02-19 13:04 . 2008-02-19 13:04 d-------- C:\pca 2008-02-19 00:51 . 2008-02-19 00:51 d---s---- C:\Documents and Settings\Administrateur\UserData 2008-02-18 10:51 . 2008-02-19 19:39 d-------- C:\HiJackThis 2008-02-11 20:00 . 2008-02-11 20:00 d-------- C:\Documents and Settings\Bryan\Application Data\InstallShield 2008-02-06 21:27 . 2006-03-24 21:00 182,912 --a------ C:\WINDOWS\system32\drivers dis.sys 2008-02-06 21:27 . 2006-03-24 21:00 2,944 --a------ C:\WINDOWS\system32\drivers ull.sys 2008-02-06 21:12 . 2006-03-24 21:00 35,072 --a------ C:\WINDOWS\system32\drivers\fips.sys 2008-02-06 21:12 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys 2008-02-06 21:12 . 2004-08-03 22:59 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys 2008-02-06 21:11 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys 2008-02-06 21:11 . 2006-03-24 21:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys 2008-02-06 21:06 . 2008-02-06 21:06 54,764 --a------ C:\WINDOWS\system32\jnhjkfrn 2008-01-31 21:10 . 2008-01-31 21:10 dr-h----- C:\Documents and Settings\Bryan\Application Data\SecuROM 2008-01-31 21:10 . 2008-01-31 21:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-01-31 21:10 . 2008-01-31 21:10 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-31 21:10 . 2008-01-31 21:10 22,328 --a------ C:\Documents and Settings\Bryan\Application Data\PnkBstrK.sys 2008-01-31 21:09 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-01-31 21:09 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-01-31 21:09 . 2008-01-31 21:09 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-01-31 21:09 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-01-31 21:09 . 2008-01-31 21:09 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-01-31 21:09 . 2008-01-31 21:09 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~ 2008-01-28 22:03 . 2008-01-28 22:03 24 --a------ C:\WINDOWS\cdplayer.ini 2008-01-27 21:58 . 2008-01-27 21:58 281 --a------ C:\WINDOWS\game.ini 2008-01-27 21:22 . 2008-01-27 21:22 d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 21:30 373,650 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-19 20:28 --------- d-----w C:\Documents and Settings\Bryan\Application Data\OpenOffice.org2 2008-02-19 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-12 01:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-06 20:27 --------- d-----w C:\Documents and Settings\Bryan\Application Data\Azureus 2008-01-31 20:27 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-01-31 20:27 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-01-31 20:27 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-01-30 20:41 --------- d-----w C:\Program Files\MSN Messenger 2008-01-02 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-01-02 16:45 --------- d-----w C:\Program Files\Alcohol Soft 2007-12-22 02:02 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-22 02:01 --------- d-----w C:\Program Files\Windows Live Favorites 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-11 08:03 256 ----a-w C:\Documents and Settings\Bryan\Application Data\wklnhst.dat 2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2007-03-24 23:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 00:39 68856] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672] "DAEMON Tools"="C:\Documents and Settings\Bryan\Mes documents\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03 36975] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 19:40 7569408] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22 794713] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 00:07 421888] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-10-29 20:53 185632] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 05:00 15360] C:\Documents and Settings\Bryan\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30 73728] HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-03-25 05:34:55 102400] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS vsmu.sys [2006-03-06 15:49] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\Auto\command - AdobeR.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c7b0bf-da64-11db-a5c6-0016d317f44a}] \Shell\AutoRun\command - F:\Programs u2menu u2menu.exe *Newly Created Service* - AVGASCLN . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-13 09:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-19 20:48:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-19 22:30:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????W????????@???????@ Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-19 22:32:05 ComboFix2.txt 2008-02-19 20:45:37 . 2008-02-16 18:54:14 --- E O F ---

Bryan · Answer

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Virus:Trj/Agent.HEH                                                             Disinfected                   C:\Documents and Settings\Alain\Local Settings\Application Data\Mozilla\Firefox\Profiles\5r0lxoge.default\Cache\27FB1AB7d01[MSNFix/incl/msnchk.exe]                                                                                                             
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Alain\Local Settings\Application Data\Mozilla\Firefox\Profiles\5r0lxoge.default\Cache\27FB1AB7d01[MSNFix/incl/Process.exe]                                                                                                            
Spyware:Cookie/Xiti                                                             Not disinfected               C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt[.xiti.com/]                                                                                                                                              
Spyware:Cookie/Bluestreak                                                       Not disinfected               C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt[.bluestreak.com/]                                                                                                                                        
Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt[.advertising.com/]                                                                                                                                       
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt[.atdmt.com/]                                                                                                                                             
Spyware:Cookie/Smartadserver                                                    Not disinfected               C:\Documents and Settings\Bryan\Application Data\Mozilla\Firefox\Profiles\qvk9lgt5.default\cookies.txt[.smartadserver.com/]                                                                                                                                     
Potentially unwanted tool:Application/Pskill.K                                  Not disinfected               C:\Documents and Settings\Bryan\Bureau\clean.zip[clean/pskill.exe]                                                                                                                                                                                              
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Bryan\Bureau\ComboFix.exe[327882R2FWJFW
ircmd.com]                                                                                                                                                                                   
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Bryan\Bureau\ComboFix.exe[327882R2FWJFW
ircmd.cfexe]                                                                                                                                                                                 
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Bryan\Bureau\Flash_Disinfector.exe[nircmd.exe]                                                                                                                                                                                        
Virus:Trj/Agent.HEH                                                             Disinfected                   C:\Documents and Settings\Bryan\Bureau\MSNFix\incl\msnchk.exe                                                                                                                                                                                                   
Virus:Trj/Agent.HEH                                                             Disinfected                   C:\Documents and Settings\Bryan\Bureau\MSNFix.zip[MSNFix/incl/msnchk.exe]                                                                                                                                                                                       
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Bryan\Bureau\MSNFix.zip[MSNFix/incl/Process.exe]                                                                                                                                                                                      
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Bryan\Bureau\SDFix.exe[SDFix\apps\Process.exe]                                                                                                                                                                                        
Virus:Trj/Rebooter.J                                                            Disinfected                   C:\Documents and Settings\Bryan\Bureau\SmitfraudFix\Reboot.exe                                                                                                                                                                                                  
Potentially unwanted tool:Application/SuperFast                                 Not disinfected               C:\Documents and Settings\Bryan\Bureau\SmitfraudFixestart.exe                                                                                                                                                                                                 
Virus:Trj/Agent.HEH                                                             Disinfected                   C:\MSNFix\incl\msnchk.exe                                                                                                                                                                                                                                       
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\WINDOWS\Nircmd.exe

Bryan · Answer

Celui du dessus c'est le rapport de Panda
GenProc n'a trouvé aucune infection caractéristique

Bryan · Answer

Mais j'ai toujours ce message de services.exe et de AUTORITE/NT

FillPCA · Answer

Salut,

Peux-tu éditer un rapport Hijackthis ?

FillPCA

Autorite nt/system

28 réponses

Discussions similaires