Sujet Précédent Sujet Suivant

Ralenti et fenetre intempestives

sg7 Messages postés 96 Statut Membre -  
afideg Messages postés 10970 Statut Contributeur sécurité -
Bonjour,
suite a l'installation d'un logiciel (je pense que c'est ca) mon internet ralentit pour l'ouverture de pages et me demande sans cesse de continuer l'execution d'un script. De plus des fenetres ne cessent de s'ouvrir tel que des sites au départ d'adresses IP (ex : http://88.147.134....) puis maintenant des sites pornographiques ou autres... je voudrais savoir comment réparer ce probleme merci
A voir également:

68 réponses

Précédent
Réponse 21 / 68
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Salut Al' ;-)

La forme ?

J'ai remarqué qu'a chaque passage, une nouvelle " valeur " ( je ne sais pas le terme technique ) se crée avec deux CLSIDs dans cette 02
O2 - BHO: {67a08e3f-3d72-f4fb-c6e4-0d176e1d05a6} - {6a50d1e6-71d0-4e6c-bf4f-27d3f3e80a76} - C:\WINDOWS\system32\ynyrsvyc.dll

Je pense que ceci en est la cause
O4 - HKCU\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe /min

http://www.castlecops.com/s17031-pgs_exe.html <== voir ici, d'ou ma demande de SDFix...

Bien sur, je te fais confiance ;-))

Donc SG7, fais ce que demande Afideg stp, avant SDFix

@+
0
Réponse 22 / 68
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Salut Joe,

Oui, je l'avais repérée --> O4 - HKCU\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe /min

Je profite de l'occasion pour voir ce qu'en donnera SREng.
Je pencherais plutôt pour un foutu service nocif.
C'est uniquement ce qui justifie ma demande (en toute quiétude, sachant les helpers sur l'affaire) ;)
Merci

Al.
0
Réponse 23 / 68
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Ok...


Je profite de l'occasion pour voir ce qu'en donnera SREng.

J'en profiterais également ;-p

@+
0
Réponse 24 / 68
sg7 Messages postés 96 Statut Membre
 
j'ai déja posté le rapport SDfix ... je fais le SReng ensuite ???
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 68
jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
 
Mouais....

Trojan Files Found:

C:\WINDOWS\system32\vtUopNdd.dll - Deleted


Je crois que c'est trop tard pour SReng

On attends l'avis d'Afideg

0
Réponse 26 / 68
sg7 Messages postés 96 Statut Membre
 
ok merci j'attends ... (les fenêtres intempestives sont toujours la) ...
0
Réponse 27 / 68
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Zut alors lance toutefois SReng
On verra bien
Merci

0
Réponse 28 / 68
sg7 Messages postés 96 Statut Membre
 
voila le rapport SReng :

[CODE]

2008-06-22,14:46:33

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<VirusGarde><C:\Program Files\VirusGarde\pgs.exe /min> [N/A]
<TOSCDSPD><C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe> [TOSHIBA]
<MessengerPlus3><"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart> [(Verified)Patchou]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Tvs><C:\Program Files\TOSHIBA\Tvs\TvsTray.exe> [TOSHIBA Corporation]
<TPSMain><TPSMain.exe> [TOSHIBA Corporation]
<TomcatStartup 2.5><C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe> [Hewlett-Packard]
<THotkey><C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe> [TOSHIBA]
<TFncKy><TFncKy.exe> [N/A]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<StatusClient 2.6><C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<SmoothView><C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe> [TOSHIBA Corporation]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<OrderReminder><C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe> [Hewlett-Packard]
<NDSTray.exe><NDSTray.exe> [N/A]
<ehTray><C:\WINDOWS\ehome\ehtray.exe> [(Verified)Microsoft Windows Publisher]
<DLA><C:\WINDOWS\System32\DLA\DLACTRLW.EXE> [Sonic Solutions]
<AGRSMMSG><AGRSMMSG.exe> [Agere Systems]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"> [Sun Microsystems, Inc.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<84cba0a2><rundll32.exe "C:\WINDOWS\system32\qikdwayw.dll",b> []
<BM87f8933e><Rundll32.exe "C:\WINDOWS\system32\xrygjmyp.dll",s> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll> [Microsoft Corporation]
<{A6F5090F-D9EC-4263-9D7D-2968C5179291}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IntelWireless><; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless> [Intel Corporation]
<IntelZeroConfig><; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"> [Intel Corporation]

==================================
Startup Folders
[Microsoft Office]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[Windows Desktop Search]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk --> C:\PROGRA~1\WI459E~1\WINDOW~3.EXE [Microsoft Corporation]><N>
[Lancement rapide de Microsoft Office OneNote 2003]
<C:\Documents and Settings\SOLAL\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk --> C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [Microsoft Corporation]><N>

==================================
Services
[Ad-Aware 2007 Service / aawservice][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"><Lavasoft>
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[ConfigFree Service / CFSvcs][Stopped/Disabled]
<C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe><TOSHIBA CORPORATION>
[Intel(R) PROSet/Wireless Event Log / EvtEng][Stopped/Disabled]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Windows CardSpace / idsvc][Stopped/Manual Start]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Service de l'iPod / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
<C:\WINDOWS\system32\hpzipm12.exe><HP>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Stopped/Disabled]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Stopped/Disabled]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[TOSHIBA Application Service / TAPPSRV][Running/Auto Start]
<"C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe"><TOSHIBA Corp.>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>
[X10 Device Network Service / x10nets][Running/Auto Start]
<C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe><X10>

==================================
Drivers
[AEGIS Protocol (IEEE 802.1x) v3.5.3.0 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[TOSHIBA V92 Software Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Atheros Wireless Network Adapter Service / AR5211][Stopped/Manual Start]
<system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
[ASPI32 / ASPI32][Running/Auto Start]
<System32\drivers\aspi32.sys><Adaptec>
[aswFsBlk / aswFsBlk][Running/Auto Start]
<system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[catchme / catchme][Running/Manual Start]
<\??\C:\DOCUME~1\SOLAL\LOCALS~1\Temp\catchme.sys><N/A>
[DLABOIOM / DLABOIOM][Running/Auto Start]
<System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
<System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
<System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
<System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
<System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
<System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
<System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
<System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
<System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[DRVMCDB / DRVMCDB][Running/Boot Start]
<\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
<System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Stopped/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[IVI ASPI Shell / Iviaspi][Running/Manual Start]
<system32\drivers\iviaspi.sys><InterVideo, Inc.>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
<system32\DRIVERS\motmodem.sys><Motorola>
[TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Running/Auto Start]
<system32\DRIVERS\netdevio.sys><TOSHIBA Corporation.>
[Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits / NETw3x32][Running/Manual Start]
<system32\DRIVERS\NETw3x32.sys><Intel® Corporation>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[VSO Software pcouffin / pcouffin][Running/Manual Start]
<System32\Drivers\pcouffin.sys><VSO Software>
[Padus ASPI Shell / Pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[WLAN Transport / s24trans][Running/Auto Start]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sony Digital Imaging Video2 / sonypvs1][Stopped/Manual Start]
<system32\DRIVERS\sonypvs1.sys><Sony Corporation>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[Bluetooth ACPI from TOSHIBA / tosrfec][Stopped/Manual Start]
<system32\DRIVERS\tosrfec.sys><TOSHIBA Corporation>
[Toshiba Mobile PC Service / TVALD][Running/Manual Start]
<system32\DRIVERS\NBSMI.sys><Toshiba Corporation>
[TOSHIBA Virtual Sound with SRS technologies / Tvs][Running/Manual Start]
<system32\DRIVERS\Tvs.sys><TOSHIBA Corporation>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
<System32\Drivers\usbaapl.sys><Apple, Inc.>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[X10 Hid Device / X10Hid][Running/Manual Start]
<System32\Drivers\x10hid.sys><X10 Wireless Technology, Inc.>

==================================
Browser Add-ons
[]
{3CD3737B-34B5-4B79-BE4A-104E250C5346} <C:\WINDOWS\system32\geBuTkhg.dll, N/A>
[]
{6a50d1e6-71d0-4e6c-bf4f-27d3f3e80a76} <C:\WINDOWS\system32\ynyrsvyc.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{8C153A0A-7198-462E-979C-D4B28F496220} <C:\WINDOWS\system32\byXPGVoP.dll, N/A>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Facebook Photo Uploader 5]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx, Facebook, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Facebook Photo Uploader 4 Control]
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, The Facebook>
[System Requirements Lab Class]
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} <C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll, Husdawg, LLC>
[NVIDIA Smart Scan]
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} <C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX, NVIDIA>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Facebook Photo Uploader 5]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx, Facebook, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[]
{3CD3737B-34B5-4B79-BE4A-104E250C5346} <C:\WINDOWS\system32\geBuTkhg.dll, N/A>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Windows Desktop Search Combo Control]
{4E430174-1673-4FF3-BF28-A3B37F6573E7} <C:\Program Files\Windows Desktop Search\wdsShell.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Facebook Photo Uploader 4 Control]
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, The Facebook>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[System Requirements Lab Class]
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} <C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll, Husdawg, LLC>
[]
{6A50D1E6-71D0-4E6C-BF4F-27D3F3E80A76} <C:\WINDOWS\system32\ynyrsvyc.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[VeohClientVersion3 Class]
{73E7989D-3114-40E4-98E5-7E428A9C97F3} <C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohVersion3.dll, Veoh Networks>
[NVIDIA Smart Scan]
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} <C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX, NVIDIA>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{8C153A0A-7198-462E-979C-D4B28F496220} <C:\WINDOWS\system32\byXPGVoP.dll, N/A>
[SopCore Control]
{8FEFF364-6A5F-4966-A917-A3AC28411659} <C:\PROGRA~1\SopCast\sopocx.ocx, www.sopcast.com>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[MozillaPluginNapCtrl Class]
{B390236C-6817-401E-B72B-A3AD32E46BCF} <C:\Program Files\Orange\CAP Nap Plugin ActiveX\CAPNapActiveX.51.dll, Unisys Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll, Adobe Systems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Veoh Browser Plug-in]
{D0943516-5076-4020-A3B5-AEFAF26AB263} <C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll, Veoh Networks Inc>
[Contrôle de l'Assistant de connexion Windows Live]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, Apple Computer, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 764 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4131]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\geBuTkhg.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 1132 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1368 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 1596 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1732 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 1996 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft, 7,0,2,6]
[C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft, 7,0,2,6]
[C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive85u.dll] [PKWARE, Inc., 8.4.1045.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [, 7, 0, 2, 6]
[PID: 152 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[PID: 516 / SOLAL][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 02.06.5000.5378 (winmain(wmbla).060313-1257)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\PROGRA~1\WINDOW~3\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\iTunes\iTunesMiniPlayer.dll] [Apple Inc., 7.6.2.9]
[C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll] [Apple Inc., 7.6.2.1]
[C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll] [Apple Inc., 7.6.2.9]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\WinSCP\DragExt.dll] [Martin Prikryl, 1.1.6.79]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\TPwrCfg.DLL] [TOSHIBA Corporation, 1, 0, 8, 0]
[C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0]
[C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\WINDOWS\system32\geBuTkhg.dll] [N/A, ]
[C:\WINDOWS\system32\ynyrsvyc.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes, 1, 0, 0, 0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\CmdLineExt.dll] [Sony DADC Austria AG., 1,1,222,0]
[PID: 560 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 8, 1201, 0]
[PID: 1812 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNYMLM01.DLL] [CANON INC., 1.0.0.1]
[C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, ]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL] [Hewlett-Packard Corporation, 60.05.72.21]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.6000.16438 (winmain(wmbla).070123-1305)]
[C:\WINDOWS\system32\hpbmmjno.dll] [Hewlett-Packard, 00.01.00]
[C:\WINDOWS\system32\hppadt40.dll] [HP, 10, 1, 0, 2]
[C:\WINDOWS\system32\HPZidr12.dll] [HP, 10, 1, 1, 2]
[PID: 1332 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0]
[PID: 1656 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 564 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 340 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6375]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
[PID: 632 / SYSTEM][C:\WINDOWS\system32\hpzipm12.exe] [HP, 10, 1, 1, 2]
[PID: 172 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpgwiamd.dll] [Hewlett-Packard, 3.2.2.807]
[PID: 1348 / SYSTEM][C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe] [TOSHIBA Corp., 1, 0, 0, 14M]
[PID: 1128 / SYSTEM][C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe] [X10, 1, 0, 0, 1]
[C:\PROGRA~1\COMMON~1\X10\Common\x10net.DLL] [X10 Wireless Technology, Inc., 3, 0, 0, 199]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 1960 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 2452 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 8, 1195, 0]
[PID: 2612 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 8, 1201, 0]
[PID: 2828 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2856 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3032 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3548 / SOLAL][C:\Program Files\TOSHIBA\Tvs\TvsTray.exe] [TOSHIBA Corporation, 1, 0, 0, 7]
[C:\Program Files\TOSHIBA\Tvs\TvsCtrl.dll] [TOSHIBA Corporation, 2, 0, 0, 3]
[C:\Program Files\TOSHIBA\Tvs\TvsRes.dll] [TOSHIBA Corporation, 2, 0, 0, 3]
[PID: 1308 / SOLAL][C:\WINDOWS\system32\TPSMain.exe] [TOSHIBA Corporation, 1, 0, 15, 0]
[C:\WINDOWS\system32\TPSMainCtl.dll] [TOSHIBA Corporation, 1, 0, 4, 0]
[C:\WINDOWS\system32\CpuPerf.dll] [TOSHIBA Corporation, 1, 0, 1, 0]
[C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0]
[C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0]
[C:\WINDOWS\system32\TPeculiarity.dll] [TOSHIBA Corporation, 1, 0, 2, 5]
[PID: 1540 / SOLAL][C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] [TOSHIBA, 1.00.0027]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
[C:\WINDOWS\system32\dllvga.dll] [ , 1, 0, 0, 7]
[C:\WINDOWS\system32\TCMSVR.dll] [TOSHIBA Corp., 1, 0, 0, 14M]
[C:\Program Files\Toshiba\Toshiba Applet\TouchPad_OnOff.dll] [, 1, 0, 0, 3]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.13.2 02Mar06]
[PID: 1808 / SOLAL][C:\WINDOWS\system32\TPSBattM.exe] [TOSHIBA Corporation, 1, 0, 2, 0]
[C:\WINDOWS\system32\TPwrCfg.DLL] [TOSHIBA Corporation, 1, 0, 8, 0]
[C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0]
[C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0]
[PID: 1716 / SOLAL][C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe] [TOSHIBA Corporation, 3.21.02]
[C:\WINDOWS\system32\TCtrlCommon.dll] [TOSHIBA Corporation, 3.21.01]
[C:\Program Files\TOSHIBA\Commandes TOSHIBA\TBtnCommon.dll] [TOSHIBA Corporation, 3.21.00]
[C:\WINDOWS\system32\TCtrlIO.DLL] [, 1, 0, 1, 9]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3828 / SOLAL][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.2.13.2 02Mar06]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.13.2 02Mar06]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.2.13.2 02Mar06]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3532 / SOLAL][C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll] [N/A, ]
[C:\WINDOWS\system32\jst.dll] [N/A, ]
[C:\WINDOWS\system32\d4channel.dll] [Hewlett-Packard, 02.07.90]
[C:\WINDOWS\system32\HPZidr12.dll] [HP, 10, 1, 1, 2]
[PID: 2080 / SOLAL][C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe] [Hewlett-Packard, 04 .00 .02]
[C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\hpptui0.dll] [Hewlett-Packard, 01.00.61]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2168 / SOLAL][C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe] [TOSHIBA Corporation, 2, 0, 0, 23]
[PID: 2248 / SOLAL][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.6.4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2280 / SOLAL][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe] [Hewlett-Packard, 1, 0, 0, 24]
[PID: 3040 / SOLAL][C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe] [TOSHIBA CORPORATION, 6, 0, 1, 2]
[C:\Program Files\TOSHIBA\ConfigFree\CFWAN.dll] [TOSHIBA CORPORATION, 1, 0, 0, 12]
[C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll] [TOSHIBA CORPORATION, 6, 0, 0, 9]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll] [TOSHIBA CORPORATION, 6, 0, 0, 4]
[C:\Program Files\TOSHIBA\ConfigFree\NDSNLS.dll] [TOSHIBA CORPORATION, 4, 0, 2, 1006]
[C:\Program Files\TOSHIBA\ConfigFree\CFUPNP.dll] [TOSHIBA CORPORATION, 1, 0, 0, 5]
[C:\Program Files\TOSHIBA\ConfigFree\CFP2API.dll] [TOSHIBA CORPORATION, 5, 0, 0, 1]
[C:\Program Files\TOSHIBA\ConfigFree\OpenProp.dll] [TOSHIBA CORPORATION, 5, 0, 0, 1]
[C:\Program Files\TOSHIBA\ConfigFree\NDSParts.dll] [TOSHIBA CORPORATION, 6, 0, 0, 18]
[C:\Program Files\TOSHIBA\ConfigFree\QCDPJ.dll] [Toshiba, 6, 0, 0, 6]
[C:\Program Files\TOSHIBA\ConfigFree\VENAPI.dll] [TOSHIBA, 6, 0, 0, 5]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2588 / SOLAL][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1692 / SOLAL][C:\WINDOWS\System32\DLA\DLACTRLW.EXE] [Sonic Solutions, 5.20.09a]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.09a]
[C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.09a]
[C:\WINDOWS\system32\VxBlock.dll] [Sonic Solutions, 1.00.74a]
[PID: 2768 / SOLAL][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.63 2.1.63 12/12/2005 14:50:01]
[PID: 2956 / SOLAL][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 2884 / SOLAL][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 3152 / SOLAL][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.11.6375]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
[C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.11.6375]
[PID: 3216 / SOLAL][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 712 / SOLAL][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.1.45]
[PID: 3136 / SOLAL][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.6.2.9]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.6.2.1]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.6.2.9]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.4.5]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 7, 6, 120, 1]
[PID: 3380 / SOLAL][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 3460 / SOLAL][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[PID: 3492 / SOLAL][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3576 / SOLAL][C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
[C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 3388 / SOLAL][C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] [TOSHIBA, 1, 0, 6, 0]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3784 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.6.2.9]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.6.2.1]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.6.2.9]
[PID: 128 / SOLAL][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\geBuTkhg.dll] [N/A, ]
[C:\WINDOWS\system32\ynyrsvyc.dll] [N/A, ]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.200.520.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[PID: 588 / SOLAL][C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.200.520.1]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1]
[PID: 1624 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[PID: 2892 / SOLAL][C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3328 / SOLAL][C:\Documents and Settings\SOLAL\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporatio
0
Réponse 29 / 68
sg7 Messages postés 96 Statut Membre
 
je n'ai pas vraiment compris ce que je dois faire

mais je n'ai pas de Virus Garde ni dans Program Files ni dans l'Ajout/Suppr des Programmes
0
Réponse 30 / 68
sg7 Messages postés 96 Statut Membre
 
nouveau rapport Hijack This :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:56, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3CD3737B-34B5-4B79-BE4A-104E250C5346} - C:\WINDOWS\system32\geBuTkhg.dll
O2 - BHO: {67a08e3f-3d72-f4fb-c6e4-0d176e1d05a6} - {6a50d1e6-71d0-4e6c-bf4f-27d3f3e80a76} - C:\WINDOWS\system32\ynyrsvyc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8C153A0A-7198-462E-979C-D4B28F496220} - C:\WINDOWS\system32\byXPGVoP.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [84cba0a2] rundll32.exe "C:\WINDOWS\system32\qikdwayw.dll",b
O4 - HKLM\..\Run: [BM87f8933e] Rundll32.exe "C:\WINDOWS\system32\xrygjmyp.dll",s
O4 - HKLM\..\Run: [IntelWireless] ; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelZeroConfig] ; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 31 / 68
sg7 Messages postés 96 Statut Membre
 
alors qu'est ce que je peux faire ? j'ai cherché virus garde ... j'ai pas trouvé ...
0
Réponse 32 / 68
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Re,

A)- Les 2 BHO à fixer et auxquelles je faisais allusion sont ces deux-là:
O2 - BHO: (no name) - {3CD3737B-34B5-4B79-BE4A-104E250C5346} - C:\WINDOWS\system32\geBuTkhg.dll
O2 - BHO: {67a08e3f-3d72-f4fb-c6e4-0d176e1d05a6} - {6a50d1e6-71d0-4e6c-bf4f-27d3f3e80a76} - C:\WINDOWS\system32\ynyrsvyc.dll

B)- B)- Il faudra faire analyser ces fichiers ( en gras ) chez VirusTotal, comme ceci:

C:\Program Files\WI1F86~1\MESSEN~1\MSGSC8~1.DLL
C:\WINDOWS\system32\HPBHealr.dll
C:\WINDOWS\system32\sbe.dll

1°- Assure toi d'avoir accès aux dossiers/fichiers cachés :
Soit en faisant : Ouvrir un dossier, n'importe lequel. Aller dans "Outils" >"Options des dossiers" > "Affichage"
Soit en faisant « Démarrer »/ »PanneauConfiguration/OptionsDossiers /onglet « Affichage »
et là :
cocher la case devant les lignes:
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher la case devant les lignes:
- masquer les extensions des fichiers dont le type est connu
- masquer les fichiers protégés du système d'exploitation
Tu vas recevoir un message qui te dit que cela peut endommager le système,
n'en tiens pas compte.
Puis cliquer APPLIQUER à TOUS les Dossiers > [OK]
Si tu n'es pas à l'aise dans la navigation des dossiers, je t'invite à suivre ce tutorial : < http://www.malekal.com/rechercher_fichiers.php >

2°- Ensuite vas là :< https://www.virustotal.com/gui/ >
< http://www.virustotal.com/en/indexf.html >
•- sur la page qui s'affiche tu cliques sur "parcourir"
•- ensuite sur la nouvelle page qui s'affiche, tu suis le chemin des fichiers en gras ci-après dans la liste ( que Virustotal va analyser un par un, à ta demande; puisque tu devras recommencer la procédure "parcourir", fichier par fichier ) )
•- c'est-à-dire :

C:\Program Files\WI1F86~1\MESSEN~1\MSGSC8~1.DLL
C:\WINDOWS\system32\HPBHealr.dll
C:\WINDOWS\system32\sbe.dll

•- quand tu as trouvé le premier fichier MSGSC8~1.DLL</gras, tu fais "ouvrir" ( sur cette dernière page affichée)
•- le fichier <gras>MSGSC8~1.DLLse retrouve alors ainsi dans la fenêtre de Virustotal, pour l'analyse
•- là, tu cliques sur "send file" = « Envoyer » ( de la page de Virustotal )
•- et tu attends le résultat (il faut parfois patienter)
· vous aurez dans l'encadré: Situation actuelle: terminé, cliquer sur Formaté
· Une nouvelle fenêtre de votre navigateur apparaîtra...
· Dans la nouvelle fenêtre, cliquer sur cette image : < http://img215.imageshack.us/img215/6039/virustotalpourcopierip3.jpg >
· Faire un clic droit sur la page, choisir => Sélectionner tout, puis encore clic droit => Copier... Enfin , clic droit => Coller le(s) résultat(s) dans le WordPad ou Bloc-Notes.
DONC, tu refais la manipulation fichier par fichier dont tu colles le rapport à chaque fois, à la suite dans WordPad.
·
· Pour ta prochaine réponse sur le forum, tu reprends WordPad ou Bloc-Notes (qui contient le résultat d’analyse des fichiers litigieux analysés), tu appuies sur (CTRL+A), puis (CTRL+C) et en réponse sur CCM tu termines par (CTRL+V) pour coller les analyses sur le forum.
Tutoriel ici http://bibou0007.com/tutos-f45/tutorial-sur-virustotal-t190.htm

Merci pour ta collaboration

0
Réponse 33 / 68
sg7 Messages postés 96 Statut Membre
 
Merci c'est gentil de m'aider :

1er fichier :

Fichier MSGSC8_1.DLL reçu le 2008.06.22 17:47:23 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.22.0 2008.06.22 -
AntiVir 7.8.0.59 2008.06.21 -
Authentium 5.1.0.4 2008.06.21 -
Avast 4.8.1195.0 2008.06.21 -
AVG 7.5.0.516 2008.06.22 -
BitDefender 7.2 2008.06.22 -
CAT-QuickHeal 9.50 2008.06.20 -
ClamAV 0.93.1 2008.06.22 -
DrWeb 4.44.0.09170 2008.06.22 -
eSafe 7.0.15.0 2008.06.22 -
eTrust-Vet 31.6.5892 2008.06.21 -
Ewido 4.0 2008.06.22 -
F-Prot 4.4.4.56 2008.06.21 -
F-Secure 7.60.13501.0 2008.06.20 -
Fortinet 3.14.0.0 2008.06.22 -
GData 2.0.7306.1023 2008.06.22 -
Ikarus T3.1.1.26.0 2008.06.22 -
Kaspersky 7.0.0.125 2008.06.22 -
McAfee 5322 2008.06.20 -
Microsoft 1.3604 2008.06.22 -
NOD32v2 3207 2008.06.22 -
Norman 5.80.02 2008.06.20 -
Panda 9.0.0.4 2008.06.22 -
Prevx1 V2 2008.06.22 -
Rising 20.49.62.00 2008.06.22 -
Sophos 4.30.0 2008.06.22 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.22 -
TheHacker 6.2.92.358 2008.06.21 -
TrendMicro 8.700.0.1004 2008.06.20 -
VBA32 3.12.6.7 2008.06.21 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.22 -

Information additionnelle
File size: 241176 bytes
MD5...: 3e3c1114dec2a402922ec9c64c25a4ab
SHA1..: b3388fd0c0a612ca8e7e6d327351fb38785cac62
SHA256: 57cddd41ecac760ea8206287391af38b392aeda8d6cc540c84c8a35fe98dbc9d
SHA512: e59be25e4d4465a3e9c84a69fe26b894c9154796accde981d3886d150baa4e95<BR>88ad9aee565240fe29182bcc17373178f8b2313ad811dba7d04464a1161a70bc
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x59027939<BR>timedatestamp.....: 0x4717a332 (Thu Oct 18 18:17:22 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2bc4a 0x2be00 5.88 4b63da56308924e8ef513655f6e167e3<BR>.orpc 0x2d000 0xeda 0x1000 5.19 c7ae01380808d603f49d27f82dec26d4<BR>.data 0x2e000 0x5e88 0x5800 4.36 d70e6576d2dc493cb646ee23c0a256dc<BR>.rsrc 0x34000 0x540 0x600 3.77 3d8099ac44fe433193c59cee518fa1b6<BR>.reloc 0x35000 0x5964 0x5a00 6.02 50185ad122c3478507e5d0c67550c6ef<BR><BR>( 8 imports ) <BR>> MSVCR80.dll: __type_info_dtor_internal_method@type_info@@QAEXXZ, __clean_type_info_names_internal, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, _terminate@@YAXXZ, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, _encoded_null, _malloc_crt, _encode_pointer, _callnewh, __3@YAXPAX@Z, _wcsnicoll, calloc, wcschr, _wcsicmp, memmove_s, memset, _recalloc, _purecall, __CxxFrameHandler3, wcsncpy_s, memcpy_s, free, malloc, _CxxThrowException, ___V@YAXPAX@Z, memcpy, _wcsnicmp, _crt_debugger_hook<BR>> KERNEL32.dll: Sleep, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, CreateEventA, GetModuleFileNameA, CloseHandle, lstrlenW, GetLastError, InterlockedIncrement, InterlockedDecrement, GetModuleFileNameW, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, FreeLibrary, MultiByteToWideChar, LoadLibraryExW, GetModuleHandleW, WideCharToMultiByte, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, InterlockedCompareExchange, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, lstrlenA, lstrcmpiW<BR>> USER32.dll: CharNextA, CharLowerA, SetForegroundWindow, SendMessageW, FindWindowW, AllowSetForegroundWindow, CharNextW, UnregisterClassA<BR>> ADVAPI32.dll: RegDeleteKeyW, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegDeleteValueW, RegCloseKey, CryptReleaseContext, CryptDestroyHash, CryptCreateHash, CryptAcquireContextW, CryptHashData, CryptGetHashParam, RegCreateKeyExW, RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyExW<BR>> ole32.dll: CoTaskMemRealloc, CoTaskMemAlloc, HWND_UserMarshal, HWND_UserUnmarshal, HWND_UserFree, CoCreateInstance, CoTaskMemFree, CLSIDFromString, HWND_UserSize<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> SHLWAPI.dll: UrlGetPartW<BR>> RPCRT4.dll: IUnknown_AddRef_Proxy, NdrStubForwardingFunction, NdrStubCall2, NdrClientCall2, NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, CStdStubBuffer_Disconnect, IUnknown_Release_Proxy, CStdStubBuffer_QueryInterface, CStdStubBuffer_AddRef, CStdStubBuffer_Connect, NdrDllGetClassObject, NdrDllCanUnloadNow, NdrCStdStubBuffer_Release, NdrCStdStubBuffer2_Release, CStdStubBuffer_DebugServerRelease, CStdStubBuffer_DebugServerQueryInterface, CStdStubBuffer_CountRefs, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_Invoke<BR><BR>( 2 exports ) <BR>DllCanUnloadNow, DllGetClassObject<BR>

2e fichier :

Fichier HPBHEALR.DLL reçu le 2008.06.18 19:45:15 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.19.0 2008.06.18 -
AntiVir 7.8.0.55 2008.06.18 -
Authentium 5.1.0.4 2008.06.18 -
Avast 4.8.1195.0 2008.06.17 -
AVG 7.5.0.516 2008.06.18 -
BitDefender 7.2 2008.06.18 -
CAT-QuickHeal 9.50 2008.06.18 -
ClamAV 0.93.1 2008.06.18 -
DrWeb 4.44.0.09170 2008.06.18 -
eSafe 7.0.15.0 2008.06.18 -
eTrust-Vet 31.6.5884 2008.06.18 -
Ewido 4.0 2008.06.18 -
F-Prot 4.4.4.56 2008.06.18 -
F-Secure 6.70.13260.0 2008.06.18 -
Fortinet 3.14.0.0 2008.06.18 -
GData 2.0.7306.1023 2008.06.18 -
Ikarus T3.1.1.26.0 2008.06.18 -
Kaspersky 7.0.0.125 2008.06.18 -
McAfee 5320 2008.06.18 -
Microsoft 1.3604 2008.06.18 -
NOD32v2 3198 2008.06.18 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.18 -
Prevx1 V2 2008.06.18 -
Rising 20.49.22.00 2008.06.18 -
Sophos 4.30.0 2008.06.18 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.18 -
TheHacker 6.2.92.354 2008.06.18 -
TrendMicro 8.700.0.1004 2008.06.18 -
VBA32 3.12.6.7 2008.06.18 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.18 -

Information additionnelle
Tamano archivo: 94274 bytes
MD5...: c51a3d62b0f81897eb0cef4e47392cb8
SHA1..: e8ac7cf2a7bab604a7dc931ba232c235bea8fa62
SHA256: 5e8e171db675416bcd6612fcdb895351a50819cfa612f3c2e79321ccf16899ab
SHA512: bc99ab603bcb442aff1601b6f2665b41ab68a54ac851931009ef69a80695f97c<BR>432a7d149d1ea0b16681e5f6e6df8207e51ac50caa47d03f399cad21575b825f
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x67201a87<BR>timedatestamp.....: 0x3b66da07 (Tue Jul 31 16:17:11 2001)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x11c30 0x12000 0.71 8d809493ca7e307d6284666c14aa71ff<BR>.rdata 0x13000 0x3ec 0x1000 0.62 62077eaeed15c0c1679bec63eb396c39<BR>.data 0x14000 0x4a0 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<BR>.idata 0x15000 0x552 0x1000 1.39 45f7f79e901d0fa421a8bb2b5f36dbc5<BR>.reloc 0x16000 0x222 0x1000 0.56 18ec79ac7ea85f939b81f39502f789b0<BR><BR>( 3 imports ) <BR>> ADVAPI32.dll: RegSetValueExA, RegNotifyChangeKeyValue, RegQueryValueExA, RegQueryValueExW, RegCloseKey, RegSetValueExW, RegOpenKeyExA, RegOpenKeyExW<BR>> MSVCRT.dll: _mbsdup, _onexit, __dllonexit, _initterm, wcslen, malloc, free, _adjust_fdiv<BR>> KERNEL32.dll: SetEvent, ExitThread, MultiByteToWideChar, GetVersionExA, WideCharToMultiByte, CreateMutexA, CloseHandle, GetLastError, CreateEventA, WaitForMultipleObjects, CreateThread<BR><BR>( 3 exports ) <BR>InitializeMonitor, InitializeMonitorEx, InitializePrintMonitor<BR>

Fichier 3 :

Fichier sbe.dll reçu le 2008.06.22 17:55:47 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.22.0 2008.06.22 -
AntiVir 7.8.0.59 2008.06.21 -
Authentium 5.1.0.4 2008.06.21 -
Avast 4.8.1195.0 2008.06.21 -
AVG 7.5.0.516 2008.06.22 -
BitDefender 7.2 2008.06.22 -
CAT-QuickHeal 9.50 2008.06.20 -
ClamAV 0.93.1 2008.06.22 -
DrWeb 4.44.0.09170 2008.06.22 -
eSafe 7.0.15.0 2008.06.22 -
eTrust-Vet 31.6.5892 2008.06.21 -
Ewido 4.0 2008.06.22 -
F-Prot 4.4.4.56 2008.06.21 -
F-Secure 7.60.13501.0 2008.06.20 -
Fortinet 3.14.0.0 2008.06.22 -
GData 2.0.7306.1023 2008.06.22 -
Ikarus T3.1.1.26.0 2008.06.22 -
Kaspersky 7.0.0.125 2008.06.22 -
McAfee 5322 2008.06.20 -
Microsoft 1.3604 2008.06.22 -
NOD32v2 3207 2008.06.22 -
Norman 5.80.02 2008.06.20 -
Panda 9.0.0.4 2008.06.22 -
Prevx1 V2 2008.06.22 -
Rising 20.49.62.00 2008.06.22 -
Sophos 4.30.0 2008.06.22 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.22 -
TheHacker 6.2.92.358 2008.06.21 -
TrendMicro 8.700.0.1004 2008.06.20 -
VBA32 3.12.6.7 2008.06.21 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.22 -

Information additionnelle
File size: 291840 bytes
MD5...: d786ded851b6d0ec24245b753cf2bda2
SHA1..: 726724dec621172a5518ee549a27d5d9f9f3717c
SHA256: f30e6e2467378e395e75b990cebc196348f1c3355a8f8c350a3590b91d119668
SHA512: d956f1bc8c8531df2ae36fd6417c03af4049a31e8663f3e2275c90ca89879c29<BR>0a8ed0ae6129944592480d3f3f1397e978489991e3dd74727d35b3eb7214e51d
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1ff114fe<BR>timedatestamp.....: 0x452ad74e (Mon Oct 09 23:12:14 2006)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x40c3a 0x40e00 6.49 a89596186c00bfc2aebaa3dd81ec53c1<BR>.orpc 0x42000 0xe3 0x200 3.21 2dad70f160275e9dc6ee31ce993224a3<BR>.data 0x43000 0x2150 0x1e00 5.40 7a21f7b004fe913d9a9136aaffe6052d<BR>.rsrc 0x46000 0x438 0x600 2.61 d6d6ac923a36e1d492c7264039c22e46<BR>.reloc 0x47000 0x3a58 0x3c00 5.92 5e42b593c86ecc05c0b3fa32fee2593d<BR><BR>( 7 imports ) <BR>> msvcrt.dll: _wcsicmp, wcslen, _vsnwprintf, wcsrchr, _except_handler3, wcsncpy, _initterm, malloc, _adjust_fdiv, __3@YAXPAX@Z, wcscpy, wcscat, __2@YAPAXI@Z, free, _ftol, memmove, _snwprintf<BR>> KERNEL32.dll: GetLastError, GetModuleFileNameA, GetVersionExW, DisableThreadLibraryCalls, GetModuleFileNameW, GetModuleHandleW, GetProcAddress, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, lstrcmpW, lstrcpynW, CloseHandle, CreateEventW, SetEvent, ResetEvent, WaitForSingleObject, ReleaseSemaphore, GetSystemInfo, VirtualFree, DuplicateHandle, CreateSemaphoreW, VirtualAlloc, lstrcpyW, lstrcmpiW, InterlockedExchange, SetThreadPriority, CreateThread, GetFileAttributesW, DeleteFileW, lstrlenA, QueryPerformanceFrequency, LocalFree, CreateDirectoryW, GetTempPathW, SetFileAttributesW, LocalAlloc, SetLastError, lstrcmpiA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, GetProcessHeap, HeapFree, HeapReAlloc, HeapAlloc, IsBadReadPtr, TryEnterCriticalSection, Sleep, GetFullPathNameW, CreateHardLinkW, FindClose, FindFirstFileW, OpenEventW, GetFileInformationByHandle, ReleaseMutex, RemoveDirectoryW, CreateMutexW, IsBadWritePtr, RaiseException, FlushViewOfFile, GetTempFileNameW, OpenMutexW, UnregisterWaitEx, RegisterWaitForSingleObject, CreateIoCompletionPort, GetQueuedCompletionStatus, MultiByteToWideChar, lstrlenW, LoadLibraryW, InterlockedDecrement, FreeLibrary, InterlockedIncrement, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, QueueUserWorkItem, OpenFileMappingW<BR>> USER32.dll: wsprintfW<BR>> ADVAPI32.dll: CopySid, RegCreateKeyW, AllocateAndInitializeSid, FreeSid, AddAccessAllowedAceEx, EqualSid, GetAclInformation, InitializeAcl, GetAce, AddAce, RegSetValueW, RegSetValueExW, RegOpenKeyExW, RegEnumKeyExW, RegCloseKey, RegDeleteKeyW, GetLengthSid, IsValidSid, SetNamedSecurityInfoW, GetNamedSecurityInfoW, RegCreateKeyExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetEntriesInAclW, RegQueryValueExW<BR>> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoCreateInstance, CoInitialize, CoTaskMemAlloc, CoTaskMemFree, StringFromGUID2<BR>> RPCRT4.dll: NdrDllCanUnloadNow, NdrDllGetClassObject, NdrCStdStubBuffer_Release, NdrCStdStubBuffer2_Release, NdrDllRegisterProxy, NdrDllUnregisterProxy, UuidCreate, NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy, CStdStubBuffer_QueryInterface, CStdStubBuffer_AddRef, CStdStubBuffer_Connect, CStdStubBuffer_Disconnect, CStdStubBuffer_Invoke, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_CountRefs, CStdStubBuffer_DebugServerQueryInterface, CStdStubBuffer_DebugServerRelease, NdrStubForwardingFunction, NdrStubCall2<BR>> WINMM.dll: timeBeginPeriod, timeGetTime, timeGetDevCaps<BR><BR>( 5 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, GetProxyDllInfo<BR>

Voila !
0
Réponse 34 / 68
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
OK,
Merci.

Lance ce fichier encore chez VirusTotal C:\WINDOWS\system32\byXPGVoP.dll Merci

A)- Faire une sauvegarde du registre
Cliquer sur "Démarrer" > "Exécuter" > copier/coller : regedit /e Sav.reg , puis clic sur [Ok]
Le fichier de sauvegarde se trouve ici C:\Documents and Settings\Le nom de ta session\Sav.reg
Avant d'avancer, vérifie si la sauvegarde se trouve bien comme indiqué ci-avant.
Si NON, stoppe et rapporte-le nous.
Merci

B)- Télécharge IceSword sur ton Bureau (durée ± 5 minutes), du lien suivant :
http://202.38.64.10/%7Ejfpan/download/IceSword120_en.zip

1) Double-clique sur le fichier du bureau IceSword120_en.zip pour obtenir cette page http://img503.imageshack.us/img503/7100/screenshot322an1.png ; puis, comme sur l'image, au menu "Fichier" choisir "Extraire tout". On obtient une nouvelle page IceSword120_en http://img260.imageshack.us/img260/7798/screenshot323yv2.png ; là, comme sur l'image, clic-droit sur le dossier dézippé IceSword120_en , puis "Explorer" pour obtenir le contenu sur une nouvelle page .

2) Clic-droit sur l'icône épée > Créer un raccourci IceSword.exe et le déplacer sur le bureau > puis double-clic dessus pour lancer l'outil. Clic ensuite sur [Exécuter]

3) Agrandir la fenêtre de l'outil en plein écran.

4) Regarde bien cette capture écran http://img223.imageshack.us/img223/4756/screenshot324nb2.png .
Dans le menu de gauche, vers le haut, appuie sur la touche [Functions] pour les développer; tu peux t'aider du curseur vertical pour faciliter la lecture de son total contenu.
- Note: Tu peux agrandir le volet de gauche (en déplaçant la ligne de séparation verticale), afin de mieux visualiser son contenu (juste le nécessaire; sinon ce sera au détriment de la lecture de la plage de droite).

5) Au bas de ce menu gauche, cliquer sur le bouton radio [File]
- Il faut naviguer (clic sur les + devant les répertoires ad hoc) dans l'arborescence (volet de gauche) jusqu'à atteindre le dossier contenant les fichiers infectés à supprimer.
(même principe que VirusTotal)

C:\WINDOWS\system32\geBuTkhg.dll
C:\WINDOWS\system32\qikdwayw.dll
C:\WINDOWS\system32\xrygjmyp.dll
C:\WINDOWS\system32\ynyrsvyc.dll

6) Pour supprimer ces sous-clés (en gras)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{6a50d1e6-71d0-4e6c-bf4f-27d3f3e80a76}
{8C153A0A-7198-462E-979C-D4B28F496220}
{3CD3737B-34B5-4B79-BE4A-104E250C5346}
dans le menu de gauche, appuie sur la touche [BHO] (sers-toi éventuellement du curseur); laisse afficher toutes les BHO dans la plage de droite; ensuite retrouve les trois sous-clés que tu supprimes (Fais un clic-droit sur les lignes et choisis Delete.)

7) Termine par celles-ci (en gras)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<VirusGarde><C:\Program Files\VirusGarde\pgs.exe /min> ==> à droite, supprimer VirusGarde
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<84cba0a2><rundll32.exe "C:\WINDOWS\system32\qikdwayw.dll",b> ==> à droite, supprimer 84cba0a2
<BM87f8933e><Rundll32.exe "C:\WINDOWS\system32\xrygjmyp.dll",s> ==> à droite, supprimer BM87f8933e
, comme ceci: au bas du menu des fonctions, appuie sur la touche [Registry]; tu vois s'afficher l'arborescence de la base de registres dans laquelle il faut naviguer

Relance SREng suivi de HijackThis, SVP
Merci
Al.

EDIT
Cit. « ... suite à l'installation d'un logiciel (je pense que c'est ca) mon internet ralentit »
Quel logiciel ??
0
Réponse 35 / 68
sg7 Messages postés 96 Statut Membre
 
Virus total :

0 bytes size received / Se ha recibido un archivo vacio

rapport SReng :

[CODE]

2008-06-22,18:58:23

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<TOSCDSPD><C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe> [TOSHIBA]
<MessengerPlus3><"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart> [(Verified)Patchou]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Tvs><C:\Program Files\TOSHIBA\Tvs\TvsTray.exe> [TOSHIBA Corporation]
<TPSMain><TPSMain.exe> [TOSHIBA Corporation]
<TomcatStartup 2.5><C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe> [Hewlett-Packard]
<THotkey><C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe> [TOSHIBA]
<TFncKy><TFncKy.exe> [N/A]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<StatusClient 2.6><C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<SmoothView><C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe> [TOSHIBA Corporation]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<OrderReminder><C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe> [Hewlett-Packard]
<NDSTray.exe><NDSTray.exe> [N/A]
<ehTray><C:\WINDOWS\ehome\ehtray.exe> [(Verified)Microsoft Windows Publisher]
<DLA><C:\WINDOWS\System32\DLA\DLACTRLW.EXE> [Sonic Solutions]
<AGRSMMSG><AGRSMMSG.exe> [Agere Systems]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"> [Sun Microsystems, Inc.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<IntelWireless><; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless> [Intel Corporation]
<IntelZeroConfig><; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"> [Intel Corporation]
<BM87f8933e><Rundll32.exe "C:\WINDOWS\system32\xrygjmyp.dll",s> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll> [Microsoft Corporation]
<{A6F5090F-D9EC-4263-9D7D-2968C5179291}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Microsoft Office]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[Windows Desktop Search]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk --> C:\PROGRA~1\WI459E~1\WINDOW~3.EXE [Microsoft Corporation]><N>
[Lancement rapide de Microsoft Office OneNote 2003]
<C:\Documents and Settings\SOLAL\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk --> C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [Microsoft Corporation]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[ConfigFree Service / CFSvcs][Stopped/Disabled]
<C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe><TOSHIBA CORPORATION>
[Intel(R) PROSet/Wireless Event Log / EvtEng][Stopped/Disabled]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Windows CardSpace / idsvc][Stopped/Manual Start]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Service de l'iPod / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
<C:\WINDOWS\system32\hpzipm12.exe><HP>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Stopped/Disabled]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Stopped/Disabled]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[TOSHIBA Application Service / TAPPSRV][Running/Auto Start]
<"C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe"><TOSHIBA Corp.>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>
[X10 Device Network Service / x10nets][Running/Auto Start]
<C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe><X10>

==================================
Drivers
[AEGIS Protocol (IEEE 802.1x) v3.5.3.0 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[TOSHIBA V92 Software Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Atheros Wireless Network Adapter Service / AR5211][Stopped/Manual Start]
<system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
[ASPI32 / ASPI32][Running/Auto Start]
<System32\drivers\aspi32.sys><Adaptec>
[aswFsBlk / aswFsBlk][Running/Auto Start]
<system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[catchme / catchme][Running/Manual Start]
<\??\C:\DOCUME~1\SOLAL\LOCALS~1\Temp\catchme.sys><N/A>
[DLABOIOM / DLABOIOM][Running/Auto Start]
<System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
<System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
<System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
<System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
<System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
<System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
<System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
<System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
<System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[DRVMCDB / DRVMCDB][Running/Boot Start]
<\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
<System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Stopped/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[IVI ASPI Shell / Iviaspi][Running/Manual Start]
<system32\drivers\iviaspi.sys><InterVideo, Inc.>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
<system32\DRIVERS\motmodem.sys><Motorola>
[TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Running/Auto Start]
<system32\DRIVERS\netdevio.sys><TOSHIBA Corporation.>
[Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits / NETw3x32][Running/Manual Start]
<system32\DRIVERS\NETw3x32.sys><Intel® Corporation>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[VSO Software pcouffin / pcouffin][Stopped/Manual Start]
<System32\Drivers\pcouffin.sys><VSO Software>
[Padus ASPI Shell / Pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[WLAN Transport / s24trans][Running/Auto Start]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sony Digital Imaging Video2 / sonypvs1][Stopped/Manual Start]
<system32\DRIVERS\sonypvs1.sys><Sony Corporation>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[Bluetooth ACPI from TOSHIBA / tosrfec][Stopped/Manual Start]
<system32\DRIVERS\tosrfec.sys><TOSHIBA Corporation>
[Toshiba Mobile PC Service / TVALD][Running/Manual Start]
<system32\DRIVERS\NBSMI.sys><Toshiba Corporation>
[TOSHIBA Virtual Sound with SRS technologies / Tvs][Running/Manual Start]
<system32\DRIVERS\Tvs.sys><TOSHIBA Corporation>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
<System32\Drivers\usbaapl.sys><Apple, Inc.>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[X10 Hid Device / X10Hid][Running/Manual Start]
<System32\Drivers\x10hid.sys><X10 Wireless Technology, Inc.>

==================================
Browser Add-ons
[]
{3CD3737B-34B5-4B79-BE4A-104E250C5346} <C:\WINDOWS\system32\geBuTkhg.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Facebook Photo Uploader 5]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx, Facebook, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Facebook Photo Uploader 4 Control]
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, The Facebook>
[System Requirements Lab Class]
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} <C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll, Husdawg, LLC>
[NVIDIA Smart Scan]
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} <C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX, NVIDIA>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Facebook Photo Uploader 5]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx, Facebook, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[]
{3CD3737B-34B5-4B79-BE4A-104E250C5346} <C:\WINDOWS\system32\geBuTkhg.dll, N/A>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Windows Desktop Search Combo Control]
{4E430174-1673-4FF3-BF28-A3B37F6573E7} <C:\Program Files\Windows Desktop Search\wdsShell.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Facebook Photo Uploader 4 Control]
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, The Facebook>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[System Requirements Lab Class]
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} <C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll, Husdawg, LLC>
[]
{6A50D1E6-71D0-4E6C-BF4F-27D3F3E80A76} <C:\WINDOWS\system32\ynyrsvyc.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[VeohClientVersion3 Class]
{73E7989D-3114-40E4-98E5-7E428A9C97F3} <C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohVersion3.dll, Veoh Networks>
[NVIDIA Smart Scan]
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} <C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX, NVIDIA>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{8C153A0A-7198-462E-979C-D4B28F496220} <C:\WINDOWS\system32\byXPGVoP.dll, N/A>
[SopCore Control]
{8FEFF364-6A5F-4966-A917-A3AC28411659} <C:\PROGRA~1\SopCast\sopocx.ocx, www.sopcast.com>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[MozillaPluginNapCtrl Class]
{B390236C-6817-401E-B72B-A3AD32E46BCF} <C:\Program Files\Orange\CAP Nap Plugin ActiveX\CAPNapActiveX.51.dll, Unisys Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll, Adobe Systems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Veoh Browser Plug-in]
{D0943516-5076-4020-A3B5-AEFAF26AB263} <C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll, Veoh Networks Inc>
[Contrôle de l'Assistant de connexion Windows Live]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, Apple Computer, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 764 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4131]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\geBuTkhg.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 1132 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1368 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 1596 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1732 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 152 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[PID: 560 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 8, 1201, 0]
[PID: 1812 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNYMLM01.DLL] [CANON INC., 1.0.0.1]
[C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, ]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL] [Hewlett-Packard Corporation, 60.05.72.21]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.6000.16438 (winmain(wmbla).070123-1305)]
[C:\WINDOWS\system32\hpbmmjno.dll] [Hewlett-Packard, 00.01.00]
[C:\WINDOWS\system32\hppadt40.dll] [HP, 10, 1, 0, 2]
[C:\WINDOWS\system32\HPZidr12.dll] [HP, 10, 1, 1, 2]
[PID: 1332 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0]
[PID: 1656 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 564 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 340 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6375]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
[PID: 632 / SYSTEM][C:\WINDOWS\system32\hpzipm12.exe] [HP, 10, 1, 1, 2]
[PID: 172 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpgwiamd.dll] [Hewlett-Packard, 3.2.2.807]
[PID: 1348 / SYSTEM][C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe] [TOSHIBA Corp., 1, 0, 0, 14M]
[PID: 1128 / SYSTEM][C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe] [X10, 1, 0, 0, 1]
[C:\PROGRA~1\COMMON~1\X10\Common\x10net.DLL] [X10 Wireless Technology, Inc., 3, 0, 0, 199]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 1960 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 2452 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 8, 1195, 0]
[PID: 2612 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 8, 1201, 0]
[PID: 2828 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2856 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3032 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3548 / SOLAL][C:\Program Files\TOSHIBA\Tvs\TvsTray.exe] [TOSHIBA Corporation, 1, 0, 0, 7]
[C:\Program Files\TOSHIBA\Tvs\TvsCtrl.dll] [TOSHIBA Corporation, 2, 0, 0, 3]
[C:\Program Files\TOSHIBA\Tvs\TvsRes.dll] [TOSHIBA Corporation, 2, 0, 0, 3]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 1308 / SOLAL][C:\WINDOWS\system32\TPSMain.exe] [TOSHIBA Corporation, 1, 0, 15, 0]
[C:\WINDOWS\system32\TPSMainCtl.dll] [TOSHIBA Corporation, 1, 0, 4, 0]
[C:\WINDOWS\system32\CpuPerf.dll] [TOSHIBA Corporation, 1, 0, 1, 0]
[C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0]
[C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0]
[C:\WINDOWS\system32\TPeculiarity.dll] [TOSHIBA Corporation, 1, 0, 2, 5]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 1540 / SOLAL][C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] [TOSHIBA, 1.00.0027]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
[C:\WINDOWS\system32\dllvga.dll] [ , 1, 0, 0, 7]
[C:\WINDOWS\system32\TCMSVR.dll] [TOSHIBA Corp., 1, 0, 0, 14M]
[C:\Program Files\Toshiba\Toshiba Applet\TouchPad_OnOff.dll] [, 1, 0, 0, 3]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.13.2 02Mar06]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 1808 / SOLAL][C:\WINDOWS\system32\TPSBattM.exe] [TOSHIBA Corporation, 1, 0, 2, 0]
[C:\WINDOWS\system32\TPwrCfg.DLL] [TOSHIBA Corporation, 1, 0, 8, 0]
[C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 4, 0]
[C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 3, 0]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 1716 / SOLAL][C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe] [TOSHIBA Corporation, 3.21.02]
[C:\WINDOWS\system32\TCtrlCommon.dll] [TOSHIBA Corporation, 3.21.01]
[C:\Program Files\TOSHIBA\Commandes TOSHIBA\TBtnCommon.dll] [TOSHIBA Corporation, 3.21.00]
[C:\WINDOWS\system32\TCtrlIO.DLL] [, 1, 0, 1, 9]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3828 / SOLAL][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.2.13.2 02Mar06]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.13.2 02Mar06]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.2.13.2 02Mar06]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3532 / SOLAL][C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll] [N/A, ]
[C:\WINDOWS\system32\jst.dll] [N/A, ]
[C:\WINDOWS\system32\d4channel.dll] [Hewlett-Packard, 02.07.90]
[C:\WINDOWS\system32\HPZidr12.dll] [HP, 10, 1, 1, 2]
[PID: 2080 / SOLAL][C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe] [Hewlett-Packard, 04 .00 .02]
[C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\hpptui0.dll] [Hewlett-Packard, 01.00.61]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2168 / SOLAL][C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe] [TOSHIBA Corporation, 2, 0, 0, 23]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2248 / SOLAL][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.6.4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2280 / SOLAL][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe] [Hewlett-Packard, 1, 0, 0, 24]
[PID: 3040 / SOLAL][C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe] [TOSHIBA CORPORATION, 6, 0, 1, 2]
[C:\Program Files\TOSHIBA\ConfigFree\CFWAN.dll] [TOSHIBA CORPORATION, 1, 0, 0, 12]
[C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll] [TOSHIBA CORPORATION, 6, 0, 0, 9]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll] [TOSHIBA CORPORATION, 6, 0, 0, 4]
[C:\Program Files\TOSHIBA\ConfigFree\NDSNLS.dll] [TOSHIBA CORPORATION, 4, 0, 2, 1006]
[C:\Program Files\TOSHIBA\ConfigFree\CFUPNP.dll] [TOSHIBA CORPORATION, 1, 0, 0, 5]
[C:\Program Files\TOSHIBA\ConfigFree\CFP2API.dll] [TOSHIBA CORPORATION, 5, 0, 0, 1]
[C:\Program Files\TOSHIBA\ConfigFree\OpenProp.dll] [TOSHIBA CORPORATION, 5, 0, 0, 1]
[C:\Program Files\TOSHIBA\ConfigFree\NDSParts.dll] [TOSHIBA CORPORATION, 6, 0, 0, 18]
[C:\Program Files\TOSHIBA\ConfigFree\QCDPJ.dll] [Toshiba, 6, 0, 0, 6]
[C:\Program Files\TOSHIBA\ConfigFree\VENAPI.dll] [TOSHIBA, 6, 0, 0, 5]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2588 / SOLAL][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1692 / SOLAL][C:\WINDOWS\System32\DLA\DLACTRLW.EXE] [Sonic Solutions, 5.20.09a]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.09a]
[C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.09a]
[C:\WINDOWS\system32\VxBlock.dll] [Sonic Solutions, 1.00.74a]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2768 / SOLAL][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.63 2.1.63 12/12/2005 14:50:01]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 2956 / SOLAL][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 2884 / SOLAL][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 3152 / SOLAL][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.11.6375]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6375]
[C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.11.6375]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3216 / SOLAL][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1195, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 8, 1201, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 712 / SOLAL][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.1.45]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3136 / SOLAL][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.6.2.9]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.6.2.1]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.6.2.9]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.4.5]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 7, 6, 120, 1]
[PID: 3380 / SOLAL][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3460 / SOLAL][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[PID: 3492 / SOLAL][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3576 / SOLAL][C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
[C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 3388 / SOLAL][C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] [TOSHIBA, 1, 0, 6, 0]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3784 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.6.2.9]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.6.2.1]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.6.2.9]
[PID: 588 / SOLAL][C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.200.520.1]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1]
[PID: 1624 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[PID: 2892 / SOLAL][C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[PID: 3484 / SOLAL][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\geBuTkhg.dll] [N/A, ]
[C:\WINDOWS\system32\ynyrsvyc.dll] [N/A, ]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.200.520.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1080 / SOLAL][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C:\WINDOWS\system32\qikdwayw.dll] [N/A, ]
[C:\WINDOWS\system32\xrygjmyp.dll] [N/A, ]
[C:\PROGRA~1\WINDOW~3\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\iTunes\iTunesMiniPlayer.dll] [Apple Inc., 7.6.2.9]
[C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll] [Apple Inc., 7.6.2.1]
[C:\Program Files\iTunes\i
0
Réponse 36 / 68
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Re,

Réponse laconique !
As-tu trouvé tous les éléments que je demandais ?
Après actions dans IceSword, as-tu redémarrer le PC ?
Quel est ce logiciel que tu soupçonnes ?
As-tu fixer les deux lignes O2 dans HJT ?
Nouveau log HJT ?

Faire supprimer les crackes téléchargés par l’internaute

4°- Supprime éventuellement toute ancienne version de ComboFix de ton PC.
Télécharge ComboFix.exe (par sUBs) sur ton Bureau:
Clic-droit sur ce lien < http://download.bleepingcomputer.com/sUBs/ComboFix.exe >
Puis choisis "Enregistrer sous .." ==> vers le 'bureau"
 Attention : renomme-le sous le nom « TRISTAN.EXE » (très important).
 < http://img212.imageshack.us/img212/3087/screenshot327qh5.png >
Tu le nommes à ce moment-là, et non pas après l'avoir enregistré ; ce serait trop tard.
Puis clic sur [Enregistrer]
==> Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours.
==> Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de ton Antispywares, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil).

- Double clique sur l'icône de ComboFix.exe (TRISTAN.EXE) du bureau, [Exécuter] et suis les invites.
- Réponds oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
Laisse se dérouler le scan.
/!\ Pendant la durée de cette étape, ne te sers pas du pc et n'ouvre aucun programme.
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse)./i\

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisse-le faire.
- Un rapport s'ouvrira ensuite dans le bloc-notes sur le bureau.
Attention : Il est très probable que l'outil bloque à la fenêtre Find3M ; si c'est le cas, appuie simultanément sur les touches CTRL + ALT + DEL (Sup.), clique sur l'un des deux CF#####.exe (où ##### sont des chiffres aléatoires) et le rapport sera généré !

•- ==> Réactive la protection en temps réel de ton Antivirus et de ton Antispywares, avant de te reconnecter à Internet.

Note: ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
Tu copies et colles ce rapport sur le forum

Merci
Al.
0
sg7 Messages postés 96 Statut Membre
 
désolé je comprends pas ce qui c'est passé ... j'ai pourtant posté le rapport HJT.
Par ailleurs je ne sais pas ce que ca veut dire "fixer les deux lignes O2 dans HJT".
Finalement je ne soupconne aucun logiciel visiblement ce n'est pas ca. Il y a une autre possibilité c'est un fichier txt. que j'ai trouvé sur internet puis ouvert. J'ai bien peur que ce soit ca ... en tout cas je l'ai supprimé il y a longtemps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:50, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3CD3737B-34B5-4B79-BE4A-104E250C5346} - C:\WINDOWS\system32\geBuTkhg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] ; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelZeroConfig] ; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [BM87f8933e] Rundll32.exe "C:\WINDOWS\system32\xrygjmyp.dll",s
O4 - HKLM\..\Run: [84cba0a2] rundll32.exe "C:\WINDOWS\system32\qikdwayw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 37 / 68
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
(suite)

Pourrais-tu également localiser ces fichiers avec OAD, s'il te plaît:

C:\WINDOWS\system32\qikdwayw.dll
C:\WINDOWS\system32\xrygjmyp.dll
C:\WINDOWS\system32\geBuTkhg.dll
C:\WINDOWS\system32\ynyrsvyc.dll
C:\WINDOWS\system32\byXPGVoP.dll

Comme ceci:

Télécharger OAD (Outil d'Aide au Diagnostic)
< http://sosvirus.changelog.fr/OAD.exe >
•- Enregistre-le sur ton bureau
•- Lancer « OAD.exe » en faisant un double-clic sur le fichier < http://sosvirus.changelog.fr/OAD/1.bmp > , puis « Exécuter »
 une page bleue s’affiche.
•- Saisir la valeur recherchée ( = nom de fichier à rechercher ) : taper (ou faire un copier/coller de) : valeur à rechercher avec l’extension du fichier , soit qikdwayw.dll puis [Enter]
 une nouvelle page bleue s’affiche.
- Type de recherche : taper 6 (sélectionner l'option 6) puis valide [entrée]
< http://sosvirus.changelog.fr/OAD/4.bmp >
•- OAD va maintenant rechercher le fichier qikdwayw.dll.
Laisse-le travailler jusqu'à ce qu'il en ait terminé.
Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.
Patienter.
•- Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
•- Faire un copier/coller de ce rapport dans ton prochain post.

Recommence avec les 4 autres fichiers demandés là-haut. Merci

•-Note: Certains Antivirus (comme Panda) peuvent émettre une alerte lors de "téléchargement / utilisation".

Manuel d’aide ici https://forum.pcastuces.com/default.asp

Patience, ça diminue.
Quel est ce logiciel que tu soupçonnes ?
Bonne nuit
Al.
0
Réponse 38 / 68
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonjour,

Peux-tu avancer avec ceci, S'il te plaît.

A)- Fixer ces trois lignes avec HJT
O2 - BHO: (no name) - {3CD3737B-34B5-4B79-BE4A-104E250C5346} - C:\WINDOWS\system32\geBuTkhg.dll
O4 - HKLM\..\Run: [BM87f8933e] Rundll32.exe "C:\WINDOWS\system32\xrygjmyp.dll",s
O4 - HKLM\..\Run: [84cba0a2] rundll32.exe "C:\WINDOWS\system32\qikdwayw.dll",b
Aide en images pour fixer ligne avec HJT
http://dcangeldark.blogspot.com/2008/02/hijackthis-202-corriger-des-lignes.html

B)- Exécuter ComboFix (post # 45)

C)- Exécuter recherche sur fichiers avec OAD (post # 46)

D)- Faire analyser ces deux fichiers chez VirusTotal:
C:\WINDOWS\system32\jst.dll
C:\WINDOWS\system32\msdmo.dll
Tu connais maintenant la procédure (# 41). ;)

E) Quel est ton pare-feu ?
Utilises-tu des Disques amovibles (USB) ?

Merci
Al
0
Réponse 39 / 68
sg7 Messages postés 96 Statut Membre
 
ok je vais faire tout ca, seul probleme combofix n'a pas l"air de fonctionner. Je l'ai ouvert il y a déjà 10 minutes : la fenetre est bleue avec seulement le tiret qui clignote ( _ ) et un seul point dans la barre de titre. Je ne sais pas si c'est normal ou si il y a un problème... ? sinon je fais le reste de suite
merci beaucoup de ton aide !
0
Réponse 40 / 68
sg7 Messages postés 96 Statut Membre
 
ok bon j'ai fixé les lignes voila le rapport HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:22, on 23/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {14c9b100-91a9-513b-1094-e75a5ff2b9ee} - {ee9b2ff5-a57e-4901-b315-9a19001b9c41} - C:\WINDOWS\system32\ibwkmphr.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] ; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelZeroConfig] ; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [84cba0a2] rundll32.exe "C:\WINDOWS\system32\qikdwayw.dll",b
O4 - HKLM\..\Run: [BM87f8933e] Rundll32.exe "C:\WINDOWS\system32\wbxxoifk.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0

Discussions similaires

Caler une adresse au niveau de la fenêtre d'une enveloppe
®omain -
kent -

15 réponses
Conhost.exe
ThaBestGamer -
bazfile -

3 réponses