win32:BHO-KD que faire?Fermé

Question

Bonjour,
    

Je viens vous demander de l'aide parce-que je ne sais pas comment procéder pour ce cheval de troie détecté il y'a 2 jours par Avast, qui ne peut pas même le mettre en quarantaine. J'ai fais un scan en ligne avec Bitdefender. Et pour la suppression, c'est toujours l'echec
Pourriez-vous m'aider s'il vous plait? Merci bien.

FillPCA · Accepted Answer

Salut,

Math,
C'est un peu fort. Une personne demande de l'aide et tu l'envoies ailleurs !
C'est comme si tu voulais acheter une bagnole, et le vendeur te conseille une marque différente !

Moon,
Edite un rapport Hijackthis. Si personne n'a pris le sujet, je t'aide ce soir.

FillPCA

math · Answer

depose un post sur http://pc-solutions.xooit.fr il seront la pour taider

Moon · Answer

merci c'est très sympa

Logfile of HijackThis v1.99.1
Scan saved at 11:10:26, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 6 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46EB43FA-7E02-465C-80D6-02961A2E8B05} - C:\WINDOWS\system32\dmservera.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B24743B9-CD47-4BA9-958F-5E8C81293EB4} - c:\windows\system32\d3dimb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner	ca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner	cm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rimoqhbw - C:\WINDOWS\SYSTEM32\d3dimb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

math · Answer

Bah  FillPCA labas, il mon aider a resoudre un souci equivalent alros je lui propose dy aller, maintenant si sa gene jen suis dsl

FillPCA · Answer

Re,

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

2/     *  Télécharge Navilog1 de Il-Mafioso : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    * Installe-le en cliquant sur le fichier Navilog1.exe,
    * Une fois l'installation terminée, le fix s'exécutera automatiquement. Si ce n'est pas le cas, double-cliquer dans ce cas sur le raccourci  Navilog1 présent sur le bureau.
    * Laisse-toi guider par les indications qui apparaissent.
    * Au menu principal, choisis 1 et valide par Entrée. Ne fais pas le choix 2,3 ou 4 sans l'avis de la personne qui t'aide.
    * Patiente jusqu'au message : *** Analyse terminée le ..... ***
    * Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
    * Copie-colle l'intégralité dans ta prochaine réponse.
    * Referme le bloc-note.
    * Le rapport sera sauvegardé dans le dossier sous fixnavi.txt.

A ce soir.

FillPCA

moon · Answer

FillPCA, excuse-moi je passe en coup de vent, je travaille, ne m'abandonne pas! Je reviens dès que possible.
Merci pour ton aide. Moon

FillPCA · Answer

Salut,

Pas de problème. On va nettoyer ta machine. 
A plus.

FillPCA

Moon · Answer

Bonsoir FillPCA, désolé pour l'absence; les éducs bossent trop! Merci pour ta patience et ton aide.
A+



SDFix: Version 1.98

Run by HP_Administrateur on 16/02/2008 at 20:38

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\yves\Application Data\U3	emp\Launchpad Removal.exe
C:\Program Files\Picasa2\setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp
C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp
C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\3baf18ad8b1aef3a4fc43c15f7b3a2c9\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT1.tmp
C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp

                                 Finished

FillPCA · Answer

Salut,

Ta version de SDfix semble très ancienne. On en est à la version 1.142
Peux-tu recommencer la manip avec la toute dernière version ?

FillPCA

Moon · Answer

Ok, je veux bien, sans soucie, mais comment accéder à la dernière version? Merci




SDFix: Version 1.98

Run by HP_Administrateur on 16/02/2008 at 20:38

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\yves\Application Data\U3	emp\Launchpad Removal.exe
C:\Program Files\Picasa2\setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp
C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp
C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\3baf18ad8b1aef3a4fc43c15f7b3a2c9\BIT2.tmp
C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT1.tmp
C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp

                                 Finished

FillPCA · Answer

Re,

Tu dois la télécharger sur le lien que je t'ai déjà donné : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Tu as certainement utilisé une version qui était déjà sur ton pc n'est-ce pas ?

FillPCA

Moon · Answer

Oui oui exacte. J'espere que ça sera ok cette fois. Merci 

SDFix: Version 1.142

Run by HP_Administrateur on 16/02/2008 at 21:22

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found






Removing Temp Files...

ADS Check:
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 21:30:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 18 Mar 2007           211 A.SHR --- "C:\BOOT.BAK"
Thu 25 Oct 2007     5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 23 Mar 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 31 Mar 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITA.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT7.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT4.tmp"
Wed 31 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3baf18ad8b1aef3a4fc43c15f7b3a2c9\BIT2.tmp"
Wed 31 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT1.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT9.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT5.tmp"
Sun 10 Feb 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT8.tmp"
Mon 12 Feb 2007     3,096,576 A..H. --- "C:\Documents and Settings\yves\Application Data\U3	emp\Launchpad Removal.exe"

Finished!

FillPCA · Answer

Re,

C'est inutile de garder ce genre d'outils sur une machine. Ils sont régulièrement mis à jour par leurs auteurs et ne sont pas sans danger quand ils sont mal employés.

Peux-tu éditer un rapport Hijackthis ?

FillPCA

Moon · Answer

Ok je les supprime alors. Merci FillPCA.

Logfile of HijackThis v1.99.1
Scan saved at 21:57:20, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\dz1fzfc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 8 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46EB43FA-7E02-465C-80D6-02961A2E8B05} - C:\WINDOWS\system32\dmservera.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B24743B9-CD47-4BA9-958F-5E8C81293EB4} - c:\windows\system32\d3dimb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner	ca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner	cm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rimoqhbw - C:\WINDOWS\SYSTEM32\d3dimb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

FillPCA · Answer

Re,

L'infection est toujours là.

1/     *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

2/ Edite un rapport Hijackthis.

FillPCA

Moon · Answer

FillPCA, je n'obtien pas de compte rendi de combofix... Je sais pas trop comment l'obtenir autrement. Je l'ai tenté à deux reprises, tout fonctionne excepté le rapport...; Désolé.



Logfile of HijackThis v1.99.1
Scan saved at 22:30, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\dz1fzfc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46EB43FA-7E02-465C-80D6-02961A2E8B05} - C:\WINDOWS\system32\dmservera.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B24743B9-CD47-4BA9-958F-5E8C81293EB4} - c:\windows\system32\d3dimb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner	ca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner	cm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rimoqhbw - C:\WINDOWS\SYSTEM32\d3dimb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

FillPCA · Answer

Re,

Le rapport se trouve là : c:\Combofix.txt
A-t-il fonctionné jusqu'au bout ?

FillPCA

Moon · Answer

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-17 22:24:55.3 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.456 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
.

C'est tout ce que je trouve. Je retente? Je pensais qu'il avait fonctionné jusqu'au bout oui pourtant...
Merci

Moon

FillPCA · Answer

Bonjour,

    *  Télécharge DiagHelp.zip sur ton bureau(Merci Malekal)  : http://www.malekal.com/download/DiagHelp.zip
Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    * Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
    * Un nouveau dossier chercher va être créé.
    * Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    * Une fenêtre va s'ouvrir, choisis l'option 1
    * L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
    * Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
    * Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
    * Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
    * Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

FillPCA

Moon · Answer

Bonjour, et merci pour ta disponibilité. DiagHelp version v1.4 - http://www.malekal.com excute le 2008-02-18 à 9:28:58.46 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-02-18 09:28:35 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-02-18 09:28:35 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2008-02-18 09:27:20 C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->2008-02-18 09:27:07 C:\WINDOWS\prefetch\CNMSM5Y.EXE-32B3F39A.pf -->2008-02-18 09:23:15 C:\WINDOWS\prefetch\WKGDCACH.EXE-09BEAA63.pf -->2008-02-18 09:16:31 C:\WINDOWS\prefetch\WKSWP.EXE-25E36596.pf -->2008-02-18 09:16:30 C:\WINDOWS\prefetch\WKDSTORE.EXE-397D96EA.pf -->2008-02-18 09:16:30 C:\WINDOWS\prefetch\MSN_SL.EXE-18A18BC5.pf -->2008-02-18 09:15:20 C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->2008-02-18 09:15:02 C:\WINDOWS\System32\drivers\Combo-Fix.sys -->2008-02-17 23:36:05 C:\WINDOWS\System32\drivers\yognurqq.dat -->2008-02-12 11:12:58 C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35 C:\WINDOWS\System32\drivers\aswmon.sys -->2007-12-04 15:56:02 C:\WINDOWS\System32\drivers\aswmon2.sys -->2007-12-04 15:55:46 C:\WINDOWS\System32\drivers\aswRdr.sys -->2007-12-04 15:53:39 C:\WINDOWS\System32\drivers\aswTdi.sys -->2007-12-04 15:51:52 C:\WINDOWS\System32\wpa.dbl -->2008-02-18 09:13:29 C:\WINDOWS\System32 vapps.xml -->2008-02-18 09:13:10 C:\WINDOWS\System32\d3dimb.dll -->2008-02-16 09:17:42 C:\WINDOWS\System32\kwnnfyxv.dat -->2008-02-16 09:17:41 C:\WINDOWS\System32\libssl32.dll -->2008-02-12 11:12:43 C:\WINDOWS\System32\libeay32.dll -->2008-02-12 11:12:43 C:\WINDOWS\System32\ihaqogka.dat -->2008-02-12 11:12:43 C:\WINDOWS\System32\fgdlidkm.dat -->2008-02-12 11:12:43 C:\WINDOWS\System32\abjzhikq.dat -->2008-02-12 11:12:43 C:\WINDOWS\System32\CONFIG.NT -->2008-02-11 08:57:53 C:\WINDOWS\System32\ihiyjnst.dat -->2008-02-11 08:27:37 C:\WINDOWS\System32\dz1fzfc.exe -->2008-02-11 08:21:35 C:\WINDOWS\System32\PerfStringBackup.INI -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfh00C.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfh009.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfc00C.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfc009.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\FNTCACHE.DAT -->2008-02-10 07:19:55 C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46 C:\WINDOWS\System32\TZLog.log -->2007-12-11 23:12:33 C:\WINDOWS\System32\wininet.dll -->2007-12-07 01:47:21 C:\WINDOWS\System32\urlmon.dll -->2007-12-07 01:47:21 C:\WINDOWS\System32\shlwapi.dll -->2007-12-07 01:47:20 C:\WINDOWS\System32\shdocvw.dll -->2007-12-07 01:47:20 C:\WINDOWS\System32\pngfilt.dll -->2007-12-07 01:47:19 C:\WINDOWS\WindowsUpdate.log -->2008-02-18 09:14:07 C:\WINDOWS\0.log -->2008-02-18 09:13:06 C:\WINDOWS\bootstat.dat -->2008-02-18 09:12:38 C:\WINDOWS\SchedLgU.Txt -->2008-02-17 23:40:14 C:\WINDOWS\PSEXESVC.EXE -->2008-02-17 23:35:41 C:\WINDOWS\system.ini -->2008-02-17 22:17:03 C:\WINDOWS tbtlog.txt -->2008-02-16 21:21:15 C:\WINDOWS\QTFont.qfn -->2008-02-14 08:51:15 C:\WINDOWS soc.log -->2008-02-12 20:24:07 C:\WINDOWS abletoc.log -->2008-02-12 20:24:07 C:\WINDOWS\plusoc.log -->2008-02-12 20:24:07 C:\WINDOWS\ocmsn.log -->2008-02-12 20:24:07 C:\WINDOWS\ocgen.log -->2008-02-12 20:24:07 C:\WINDOWS tdtcsetup.log -->2008-02-12 20:24:07 C:\WINDOWS etfxocm.log -->2008-02-12 20:24:07 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2540 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~1\wmpband.dll 0x10000000 0x21000 7.02.0000.0035 C:\Program Files\iTunes\iTunesMiniPlayer.dll 0x01210000 0xe000 7.02.0000.0028 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll 0x01240000 0x23000 7.02.0000.0035 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x00b10000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x00de0000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x031b0000 0x76000 1.00.0008.0046 C:\PROGRA~1\TROJAN~1\Trshlex.dll 0x02c40000 0x5d000 2.00.0000.0000 C:\Program Files\The Cleaner cshellex.dll 0x03430000 0x47000 3.04.0000.0000 C:\WINDOWS\system32\ShellExt\Cryptext.dll 0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll 0x03b10000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x03a60000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x03df0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 744 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x012e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\WINDOWS\system 1998-05-07 17:04 52,736 hpsysdrv.exe 1 fichier(s) 52,736 octets 0 Rép(s) 109,176,381,440 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\WINDOWS\system32 2004-08-10 12:00 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 109,176,381,440 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\WINDOWS\Downloaded Program Files 2007-08-16 15:12 . 2007-08-16 15:12 .. 2007-07-02 14:44 941,688 asquared.ocx 2004-12-07 16:07 32 bdcore.dll 2006-05-25 00:21 118,784 bdupd.dll 2007-09-17 17:50 CONFLICT.1 2005-10-10 12:32 65 desktop.ini 2002-07-26 00:13 24,576 dwusplay.dll 2002-07-26 00:13 196,608 dwusplay.exe 2006-05-25 00:21 53,248 ipsupd.dll 2004-07-27 22:48 323,584 isusweb.dll 2005-03-16 11:34 7,407 lang.ini 2004-12-07 16:07 32 libfn.dll 2005-03-14 13:38 126 live.ini 2006-06-20 14:44 379,704 MsnPUpld.dll 2006-06-19 13:40 393 MsnPUpld.inf 2006-06-01 01:57 1,331 oscan8.inf 2006-06-01 01:54 471,040 oscan8.ocx 2006-05-31 03:15 10 oscan81.ocx_x 2006-06-20 14:44 117,560 PURen-us.dll 2007-01-09 07:30 110,592 PURfr-fr.dll 2004-10-15 06:59 110,592 PURfr-xx.dll 2005-03-14 13:58 7,073 scanoptions.tsi 20 fichier(s) 2,864,445 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 2007-09-17 17:50 . 2007-09-17 17:50 .. 2007-08-02 10:31 360,320 MsnPUpld.dll 2007-08-02 14:47 569 MSNPUpld.inf 2007-08-02 10:31 67,456 PURen-us.dll 2007-08-06 11:10 68,992 PURfr-fr.dll 4 fichier(s) 497,337 octets Total des fichiers listés : 24 fichier(s) 3,361,782 octets 5 Rép(s) 109,176,377,344 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-18 09:31:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 288 - nvsvc32.exe 528 - svchost.exe 720 - csrss.exe 744 - winlogon.exe 788 - services.exe 800 - lsass.exe 908 - dllhost.exe 960 - svchost.exe 1016 - svchost.exe 1108 - svchost.exe 1144 - svchost.exe 1264 - svchost.exe 1284 - mcrdsvc.exe 1432 - ashMaiSv.exe 1452 - ashWebSv.exe 1556 - ashServ.exe 1740 - spoolsv.exe 1896 - arservice.exe 1956 - guard.exe 2036 - GoogleUpdaterSe 2164 - alg.exe 2540 - explorer.exe 2672 - ehtray.exe 2768 - ashDisp.exe 2868 - avgas.exe 2956 - tca.exe 2984 - tcm.exe 3288 - msnmsgr.exe 3380 - cmd.exe 3676 - GoogleUpdater.e Total number of processes = 31 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 tkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7A70000 - \WINDOWS\system32\KDCOM.DLL F7980000 - \WINDOWS\system32\BOOTVID.dll F7440000 - ACPI.sys F7A72000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F742F000 - pci.sys F7570000 - isapnp.sys F7580000 - ohci1394.sys F7590000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F77F0000 - yognurqq.dat F7B38000 - pciide.sys F77F8000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7A74000 - viaide.sys F7A76000 - intelide.sys F75A0000 - MountMgr.sys F7410000 - ftdisk.sys F7A78000 - dmload.sys F73EA000 - dmio.sys F7800000 - PartMgr.sys F75B0000 - VolSnap.sys F73D2000 - atapi.sys F738F000 - ftsata2.sys F7377000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F75C0000 - disk.sys F75D0000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7357000 - fltMgr.sys F7345000 - sr.sys F75E0000 - bb-run.sys F75F0000 - PxHelp20.sys F732E000 - KSecDD.sys F731B000 - WudfPf.sys F728E000 - Ntfs.sys F7261000 - NDIS.sys F7246000 - Mup.sys F6AF0000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F7918000 - \SystemRoot\system32\DRIVERS\aracpi.sys F6720000 - \SystemRoot\system32\DRIVERS v4_mini.sys F670C000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7920000 - \SystemRoot\system32\DRIVERS\usbohci.sys F66E9000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7928000 - \SystemRoot\system32\DRIVERS\usbehci.sys F6AE0000 - \SystemRoot\system32\DRIVERS\imapi.sys F6AD0000 - \SystemRoot\system32\DRIVERS\cdrom.sys F6AC0000 - \SystemRoot\system32\DRIVERS edbook.sys F66C6000 - \SystemRoot\system32\DRIVERS\ks.sys F7930000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F6AB0000 - \SystemRoot\system32\DRIVERS ic1394.sys F66A1000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7A58000 - \SystemRoot\system32\DRIVERS vnetbus.sys F6656000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS F661F000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS F6AA0000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7938000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7A98000 - \SystemRoot\system32\DRIVERS\armoucfltr.sys F7940000 - \SystemRoot\system32\DRIVERS\PS2.sys F7948000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7A9A000 - \SystemRoot\system32\DRIVERS\arkbcfltr.sys F7A5C000 - \SystemRoot\system32\DRIVERS\arpolicy.sys F7BD5000 - \SystemRoot\system32\DRIVERS\audstub.sys F6A90000 - \SystemRoot\system32\DRIVERS asl2tp.sys F7A60000 - \SystemRoot\system32\DRIVERS distapi.sys F6608000 - \SystemRoot\system32\DRIVERS diswan.sys F6A80000 - \SystemRoot\system32\DRIVERS aspppoe.sys F7620000 - \SystemRoot\system32\DRIVERS aspptp.sys F7950000 - \SystemRoot\system32\DRIVERS\TDI.SYS F65A9000 - \SystemRoot\system32\DRIVERS\psched.sys F7630000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7958000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7960000 - \SystemRoot\system32\DRIVERS aspti.sys F5C90000 - \SystemRoot\system32\DRIVERS dpdr.sys F7650000 - \SystemRoot\system32\DRIVERS ermdd.sys F7A9C000 - \SystemRoot\system32\DRIVERS\swenum.sys F5C5C000 - \SystemRoot\system32\DRIVERS\update.sys F7216000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F7660000 - \SystemRoot\System32\Drivers\NDProxy.SYS F7670000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7A9E000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7680000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys F3273000 - \SystemRoot\system32\drivers\RtkHDAud.sys F3251000 - \SystemRoot\system32\drivers\portcls.sys F7690000 - \SystemRoot\system32\drivers\drmk.sys F7AA2000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C07000 - \SystemRoot\System32\Drivers\Null.SYS F7AA4000 - \SystemRoot\System32\Drivers\Beep.SYS F7C0E000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7848000 - \SystemRoot\System32\drivers\vga.sys F7AA6000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7AA8000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7850000 - \SystemRoot\System32\Drivers\Msfs.SYS F7858000 - \SystemRoot\System32\Drivers\Npfs.SYS F7A40000 - \SystemRoot\system32\DRIVERS asacd.sys F31F6000 - \SystemRoot\system32\DRIVERS\ipsec.sys F319E000 - \SystemRoot\system32\DRIVERS cpip.sys F76A0000 - \SystemRoot\System32\Drivers\aswTdi.SYS F3176000 - \SystemRoot\system32\DRIVERS etbt.sys F3154000 - \SystemRoot\System32\drivers\afd.sys F76B0000 - \SystemRoot\system32\DRIVERS etbios.sys F3129000 - \SystemRoot\system32\DRIVERS dbss.sys F3092000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F76D0000 - \SystemRoot\System32\Drivers\Fips.SYS F3071000 - \SystemRoot\system32\DRIVERS\ipnat.sys F76E0000 - \SystemRoot\system32\DRIVERS\wanarp.sys F76F0000 - \SystemRoot\system32\DRIVERS\arp1394.sys F7860000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F7BA7000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F7870000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F2FAE000 - \SystemRoot\System32\Drivers\Fastfat.SYS F2F96000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7ACE000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F3115000 - \SystemRoot\System32\drivers\Dxapi.sys F78C0000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7B73000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32 v4_disp.dll BACB8000 - \SystemRoot\system32\DRIVERS disuio.sys BA36A000 - \SystemRoot\System32\Drivers\aswMon2.SYS BA1AE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys BA199000 - \SystemRoot\system32\drivers\wdmaud.sys F3041000 - \SystemRoot\system32\drivers\sysaudio.sys B9FA2000 - \SystemRoot\System32\Drivers\HTTP.sys B9F28000 - \SystemRoot\system32\DRIVERS\srv.sys F7888000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys B9D5E000 - \??\C:\WINDOWS\system32\drivers mcomm.sys B9D12000 - \SystemRoot\System32\Drivers\aswRdr.SYS B91B6000 - \SystemRoot\System32\Drivers\Cdfs.SYS BFFA0000 - \SystemRoot\System32\ATMFD.DLL B744D000 - \SystemRoot\system32\DRIVERS\usbprint.sys B711A000 - \SystemRoot\system32\drivers\kmixer.sys F7B85000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 131 Liste des programmes installes Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.1 - Français Amélioration de nos services Amélioration de nos services AutoUpdate avast! Antivirus AVG Anti-Spyware 7.5 Barre d'outils Outlook de Windows Live (Windows Live Toolbar) Bloqueur de fenêtres pop-up (Windows Live Toolbar) BufferChm Canon PhotoRecord Canon PIXMA iP1500 Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox Connexion Facile à Internet Connexion Facile à Internet Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 10 (KB910393) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB888795) Correctif pour Windows XP (KB891593) Correctif pour Windows XP (KB893357) Correctif pour Windows XP (KB899337) Correctif pour Windows XP (KB899510) Correctif pour Windows XP (KB902841) Correctif pour Windows XP (KB906569) Correctif pour Windows XP (KB912024) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB892050 Correctif Windows XP - KB893066 Correctif Windows XP - KB895961 CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig Cryptext (Remove Only) CueTour Destinations DeviceManagementQFolder DivX Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) Easy-WebPrint eMule Enhanced Multimedia Keyboard Solution Extension de Windows Live Toolbar (Windows Live Toolbar) EZface ActiveX 208 FullDPAppQFolder GemMaster Mystic Google Earth Google Talk (remove only) Google Toolbar for Internet Explorer High Definition Audio - KB888111 HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB926239) HP Boot Optimizer HP DigitalMedia Archive HP DVD Play 2.1 HP Imaging Device Functions 7.0 HP Photosmart for Media Center PC HP Photosmart Premier Software 6.5 HP Software Update HPPhotoSmartExpress HpSdpAppCoreApp InstantShareDevices iTunes J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 La Toolbar MEDIADICO Lecteur Windows Media 11 LightScribe 1.4.105.1 Menus intelligents (Windows Live Toolbar) Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Away Mode Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word Viewer 2003 Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB939653) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB942615) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944533) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Lecteur Windows Media 10 (KB926251) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB942840) Mise à jour pour Windows XP (KB946627) Mozilla Firefox (2.0.0.12) MSN MSXML 4.0 SP2 (KB936181) muvee autoProducer 5.0 muvee autoProducer unPlugged 2.0 Navigation par onglets (Windows Live Toolbar) Navilog1 3.4.5 Navilog1 Version 2.0.7 NVIDIA Drivers OneCare Advisor (Windows Live Toolbar) OpenMG Limited Patch 4.4-06-13-19-01 OpenMG Secure Module 4.4.00 OpenMG Secure Module 4.4.00 OptionalContentQFolder Otto Outil de mise à jour Google PC-Doctor 5 pour Windows PhotoGallery Picasa 2 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QuickTime RandMap RealPlayer Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Services Internet Services Internet SkinsHP1 SlideShow SlideShowMusic Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK SonicStage 3.4 Spybot - Search & Destroy 1.4 The Cleaner Trojan Remover 6.6.1 Unload Update for Outlook 2007 Junk Email Filter (kb944965) USB Storage Driver WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Live Favorites pour Windows Live Toolbar Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Media Center Edition 2005 KB925766 XnView 1.91.1 Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\Program Files 2008-02-09 16:55 . 2008-02-09 16:55 .. 2007-09-19 17:26 Adobe 2007-03-18 17:00 Alwil Software 2008-01-23 20:21 Canon 2005-11-12 01:09 ComPlus Applications 2006-08-14 15:08 DivX 2006-08-14 15:23 EasyBits 2008-02-08 19:01 eMule 2007-08-06 10:24 EZFace 2008-02-09 16:55 Fichiers communs 2006-08-14 14:33 FrenchOtto 2006-08-14 14:33 GemMasterFrench 2007-08-27 19:01 Google 2007-08-16 10:08 Grisoft 2006-08-14 15:22 Hewlett-Packard 2006-08-14 15:05 HP 2006-08-14 15:02 HP DigitalMedia Archive 2008-02-12 20:23 Internet Explorer 2007-06-11 21:32 iPod 2007-06-11 21:32 iTunes 2007-10-08 09:41 Java 2007-03-20 13:42 LAventure 2006-08-14 14:43 Messenger 2007-05-09 11:49 Microsoft CAPICOM 2.1.0.2 2005-11-15 03:24 microsoft frontpage 2008-02-09 16:55 Microsoft Office 2008-02-09 16:55 Microsoft Visual Studio 2008-02-09 16:55 Microsoft Works 2008-02-09 16:53 Microsoft.NET 2007-07-08 09:00 Miniapic 2005-11-15 03:24 Movie Maker 2008-02-17 23:26 Mozilla Firefox 2008-02-09 16:55 MSBuild 2007-03-18 12:12 MSN 2005-11-15 03:25 MSN Gaming Zone 2007-10-29 20:03 MSN Messenger 2007-03-19 08:16 MSXML 4.0 2006-08-14 15:08 muvee Technologies 2008-02-16 21:06 Navilog1 2005-11-15 03:25 NetMeeting 2005-11-15 03:25 Online Services 2007-06-12 21:02 Outlook Express 2006-08-14 15:19 PC-Doctor 5 for Windows 2007-10-25 20:22 Picasa2 2007-06-11 21:31 QuickTime 2006-08-14 15:02 Real 2006-08-14 15:24 Services en ligne 2006-08-14 15:03 Sonic 2007-10-22 17:50 Sony 2007-10-22 17:50 Sony Corporation 2007-08-19 16:34 Spybot - Search & Destroy 2008-02-18 09:13 The Cleaner 2007-08-16 12:12 Trojan Remover 2007-12-02 22:29 Windows Live Favorites 2007-12-03 07:19 Windows Live Toolbar 2007-03-31 10:23 Windows Media Connect 2 2007-03-31 10:26 Windows Media Player 2005-11-15 03:25 Windows NT 2005-11-15 03:25 Windows Plus 2005-11-15 03:26 xerox 2007-07-19 19:34 XnView 0 fichier(s) 0 octets 62 Rép(s) 109,165,117,440 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\Program Files\fichiers communs 2008-02-09 16:55 . 2008-02-09 16:55 .. 2007-09-19 17:27 Adobe 2008-02-09 16:55 DESIGNER 2006-08-14 14:58 HP 2006-08-14 15:21 InstallShield 2006-08-14 14:39 Java 2006-08-14 15:04 LightScribe 2006-08-14 15:04 LS Getting Started 2008-02-09 16:55 Microsoft Shared 2005-11-15 03:24 MSSoap 2006-08-14 15:07 muvee Technologies 2005-11-15 03:24 ODBC 2007-09-17 15:22 Real 2005-11-15 03:24 Services 2006-08-14 15:03 Sonic Shared 2007-10-22 17:50 Sony Shared 2005-11-15 03:24 SpeechEngines 2006-08-14 15:03 SureThing Shared 2007-08-16 21:44 Symantec Shared 2008-02-09 16:50 System 2006-08-14 15:03 TiVo Shared 2007-09-17 15:22 xing shared 0 fichier(s) 0 octets 23 Rép(s) 109,165,113,344 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2008-02-09 16:54 . 2008-02-09 16:54 .. 2008-02-09 16:51 1036 2006-10-26 19:49 970,528 MSONSEXT.DLL 2006-10-26 20:12 40,256 MSOSV.DLL 1999-06-03 10:09 122,937 MSOWS409.DLL 2001-03-07 05:00 127,033 MSOWS40c.DLL 4 fichier(s) 1,260,754 octets 3 Rép(s) 109,165,113,344 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.2.0.35\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiA.Exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiW.Exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe c:\Documents and Settings\HP_Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\HP_Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\HP_Administrateur\.housecall6.6 sc.exe c:\Documents and Settings\HP_Administrateur\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\HP_Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\muc60.exe c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\ybl61.exe c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\yul8.exe c:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\eMule0.48a-Installer.exe c:\Documents and Settings\HP_Administrateur\Bureau\ewido-setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Navilog1.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\clean\clean\pskill.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp ar.exe c:\Documents and Settings\HP_Administrateur\Bureau\Navilog1\Navilog1.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\catchme.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\dummy.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\download.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\dummy.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\ERUNT.EXE c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\FixPath.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\grep.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\isadmin.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\moveex.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Process.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\procs.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\psservice.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps egedit.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\sed.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\shutdown.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\vfind.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\WINMSG.EXE c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\find.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups egedit.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix estart.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Picasa2\update\LifescapeUpdater\setup.exe c:\Documents and Settings\HP_Administrateur\Mes documents\iTunesSetup.exe c:\Documents and Settings\HP_Administrateur\Mes documents\Norton_Removal_Tool_9x.exe c:\Documents and Settings\HP_Administrateur\Mes documents\setupfre avast.exe c:\Documents and Settings\HP_Administrateur\Mes documents\anpe\hijack\HijackThis.exe c:\Documents and Settings\HP_Administrateur\Mes documents\iview\iview385.exe c:\Documents and Settings\yves\Application Data\U3 emp\cleanup.exe c:\Documents and Settings\yves\Application Data\U3 emp\Launchpad Removal.exe c:\Documents and Settings\yves\Bureau\Install3373.exe c:\Documents and Settings\yves\Mes documents\eMule0.47c-Installer.exe c:\Documents and Settings\yves\Mes documents\Install_Messenger.exe c:\Documents and Settings\yves\Mes documents\Scrabble\SCRABBLE_2005_demo_fr.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_NOM-FB9B15D2723.tar.gz a l'adresse http://upload.malekal.com

FillPCA · Answer

Bonjour,

OK. J'examine ceci.

FillPCA · Answer

Re,

    *  Sélectionne le texte suivant :

killall::

Driver::
rimoqhbw

Registry::
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46EB43FA-7E02-465C-80D6-02961A2E8B05}]
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B24743B9-CD47-4BA9-958F-5E8C81293EB4}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rimoqhbw]
[HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-
[HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-

File::
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\kwnnfyxv.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\System32\drivers\yognurqq.dat

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite aussi un rapport Hijackthis.

FillPCA

Moon · Answer

Ok, voila le rapport. 




ComboFix 08-02-17.2 - HP_Administrateur 2008-02-18 10:06:54.5 - NTFSx86

Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
 * Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
.

Moon · Answer

Et un rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10:15, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46EB43FA-7E02-465C-80D6-02961A2E8B05} - C:\WINDOWS\system32\dmservera.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B24743B9-CD47-4BA9-958F-5E8C81293EB4} - c:\windows\system32\d3dimb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner	ca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner	cm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rimoqhbw - C:\WINDOWS\SYSTEM32\d3dimb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

FillPCA · Answer

Re,

Peux-tu recommencer la manip précédente en mode sans échec ?
Edite ensuite le rapport CFscript et un nouveau rapport Hijackthis après avoir redémarré.

FillPCA

Moon · Answer

Voila en mode sans echec... Merci ComboFix 08-02-17.2 - HP_Administrateur 2008-02-18 10:49:09.6 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.772 [GMT 1:00] Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt FILE :: C:\WINDOWS\System32\abjzhikq.dat C:\WINDOWS\SYSTEM32\d3dimb.dll C:\WINDOWS\system32\dmservera.dll C:\WINDOWS\System32\drivers\yognurqq.dat C:\WINDOWS\system32\dz1fzfc.exe C:\WINDOWS\System32\fgdlidkm.dat C:\WINDOWS\System32\ihaqogka.dat C:\WINDOWS\System32\kwnnfyxv.dat . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\d3dimb.dll C:\WINDOWS\system32\dmservera.dll C:\WINDOWS\System32\drivers\yognurqq.dat C:\WINDOWS\System32\abjzhikq.dat C:\WINDOWS\system32\d3dimb.dll C:\WINDOWS\system32\dmservera.dll C:\WINDOWS\System32\drivers\yognurqq.dat C:\WINDOWS\system32\dz1fzfc.exe C:\WINDOWS\System32\fgdlidkm.dat C:\WINDOWS\System32\ihaqogka.dat C:\WINDOWS\System32\kwnnfyxv.dat . ---- Previous Run ------- . C:\WINDOWS\System32\abjzhikq.dat C:\WINDOWS\system32\d3dimb.dll . . . . Echec de suppression C:\WINDOWS\system32\dz1fzfc.exe C:\WINDOWS\System32\fgdlidkm.dat C:\WINDOWS\System32\ihaqogka.dat C:\WINDOWS\System32\kwnnfyxv.dat C:\WINDOWS\system32\d3dimb.dll . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))))))) . 2008-02-18 09:31 . 2008-02-18 09:31 10,925,154 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz 2008-02-16 21:20 . 2008-02-16 21:37 d-------- C:\SDFix 2008-02-12 11:12 . 2008-02-12 11:12 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll 2008-02-12 11:12 . 2008-02-12 11:12 246,545 --a------ C:\WINDOWS\system32\libssl32.dll 2008-02-11 08:27 . 2008-02-11 08:27 120,576 --a------ C:\WINDOWS\system32\ihiyjnst.dat 2008-02-11 08:21 . 2004-08-10 05:00 87,552 --a------ C:\WINDOWS\system32\d3dimb.dll.bak 2008-02-09 16:55 . 2008-02-09 16:55 d-------- C:\Program Files\MSBuild 2008-02-09 16:53 . 2008-02-09 16:53 d-------- C:\Program Files\Microsoft.NET 2008-02-09 16:50 . 2008-02-09 16:54 d-------- C:\WINDOWS\SHELLNEW 2008-02-09 16:50 . 2008-02-13 22:20 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-06 20:44 . 2008-02-06 21:22 d-------- C:\Documents and Settings\yves\Application Data\U3 2008-02-05 18:17 . 2002-03-05 15:24 36,864 -ra------ C:\WINDOWS\system32\deluidrv.exe 2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\usbmonit.exe 2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\delentry.exe 2008-02-05 18:17 . 2002-03-05 15:24 21,064 -ra------ C:\WINDOWS\system32\drivers\geneuide.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-18 09:55 --------- d-----w C:\Program Files\The Cleaner 2008-02-17 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-16 20:06 --------- d-----w C:\Program Files\Navilog1 2008-02-16 19:29 968 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat 2008-02-11 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-09 15:55 --------- d-----w C:\Program Files\Microsoft Works 2008-02-08 18:01 --------- d-----w C:\Program Files\eMule 2008-01-26 14:53 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\XnView 2008-01-23 19:21 --------- d-----w C:\Program Files\Canon 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 08:01 68856] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352] "dz1fzfc"="C:\WINDOWS\system32\dz1fzfc.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512] "ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360] "nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32 wiz.exe] "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568] "PCDrProfiler"="" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "tcactive"="C:\Program Files\The Cleaner ca.exe" [2004-04-09 08:26 631808] "tcmonitor"="C:\Program Files\The Cleaner cm.exe" [2004-03-13 12:48 388096] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-09-17 15:22 185632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920] "dz1fzfc"="C:\WINDOWS\system32\dz1fzfc.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00] S0 rzluwezz;rzluwezz;C:\WINDOWS\system32\drivers\yognurqq.dat [] S2 wbblpcae;PCI Bus vbf08 Monitor;C:\WINDOWS\System32\svchost.exe [2004-08-10 12:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wbblpcae . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-18 09:15:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Moon · Answer

Logfile of HijackThis v1.99.1
Scan saved at 11:05, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner	ca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner	cm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

FillPCA · Answer

Re,

C'est beaucoup mieux.
    *  Sélectionne le texte suivant :

Driver::
rzluwezz

Registry::
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46EB43FA-7E02-465C-80D6-02961A2E8B05}]
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B24743B9-CD47-4BA9-958F-5E8C81293EB4}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rimoqhbw]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-
[HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-

File::
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\kwnnfyxv.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\System32\drivers\yognurqq.dat

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/     *  Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
    * Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
    * Clique sur l'onglet  "diagnostic du PC" puis "analyser".
    * Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
    * Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
    * Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

3/ Edite les deux rapports précédents.

FillPCA

Moon · Answer

Pas plus... 


ComboFix 08-02-17.2 - HP_Administrateur 2008-02-18 11:26:32.7 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.561 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
 * Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
.

Moon · Answer

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :2008-02-18 11:33:40
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\pca\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = about:blank
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.fr/?gws_rd=ssl
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO:  - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [ehTray] - C:\WINDOWS\ehome\ehtray.exe
04 - HKLM\..\RUN: [ftutil2] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKLM\..\RUN: [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\..\RUN: [AlwaysReady Power Message APP] - ARPWRMSG.EXE
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [DMAScheduler] - "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
04 - HKLM\..\RUN: [Recguard] - C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\RUN: [PCDrProfiler] - 
04 - HKLM\..\RUN: [HP Software Update] - 
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
04 - HKLM\..\RUN: [!AVG Anti-Spyware] - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
04 - HKLM\..\RUN: [tcactive] - C:\Program Files\The Cleaner	ca.exe
04 - HKLM\..\RUN: [tcmonitor] - C:\Program Files\The Cleaner	cm.exe
04 - HKLM\..\RUN: [TkBellExe] - "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [SsAAD.exe] - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
04 - HKLM\..\RUN: [combofix] - C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RUN: [msnmsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [dz1fzfc] - C:\WINDOWS\system32\dz1fzfc.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [swg] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [msnmsgr] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [dz1fzfc] - RTHDCPL.EXE
04 - Global Startup: Outil de mise à jour Google.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
08 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
08 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
08 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
08 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
08 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
08 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
08 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button:  - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra 'Tools' menuitem:  - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - 
09 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - 
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
//O12 - IE plugins
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :  MSN Photo Upload Tool - {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
O16 - DPF :  BDSCANONLINE Control - {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - C:\WINDOWS\BDOSCAN8\oscan82.ocx
O16 - DPF :  Windows Live Photo Upload Control - {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
O16 - DPF :  a-squared Scanner - {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - C:\WINDOWS\DOWNLO~1\asquared.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [ARSVC] - C:\WINDOWS\arservice.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [AVG Anti-Spyware Guard] - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Media Center Receiver Service] - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: [Service de planification Media Center] - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [Service de l'iPod] - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: [Media Center Extender Service] - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [MSCSPTISRV] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32
vsvc32.exe
O23 - Service: [Microsoft Office Diagnostics Service] - "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [PACSPTISVR] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"
O23 - Service: [Planificateur LiveUpdate automatique] - 
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32svp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [Sony SPTI Service] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"
O23 - Service: [SSDP Discovery Service] - %SystemRoot%\system32\svchost.exe -k LocalService
O23 - Service: [SonicStage SCSI Service] - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{E240A44A-EE25-4AA3-A4EB-0106CD6D8248}
O23 - Service: [Symantec Core LC] - 
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32	lntsvr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

FillPCA · Answer

Re,

OK. Recommence cette manip, mais en mode sans échec, et publie les deux rapports demandés.

FillPCA

Moon · Answer

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-19 20:37:20.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
C:\WINDOWS\system32\d3dimb.dll.bak
C:\WINDOWS\system32\ihiyjnst.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WBBLPCAE
-------\poof
-------\wbblpcae

((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
.

2008-02-19 07:59 . 2008-02-19 20:40 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-18 19:32 . 2008-02-18 19:32 14,043,930 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-16 21:20 . 2008-02-16 21:37 <REP> d-------- C:\SDFix
2008-02-12 11:12 . 2008-02-12 11:12 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-12 11:12 . 2008-02-12 11:12 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-02-09 16:55 . 2008-02-09 16:55 <REP> d-------- C:\Program Files\MSBuild
2008-02-09 16:53 . 2008-02-09 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-09 16:50 . 2008-02-09 16:54 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-09 16:50 . 2008-02-13 22:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-06 20:44 . 2008-02-06 21:22 <REP> d-------- C:\Documents and Settings\yves\Application Data\U3
2008-02-05 18:17 . 2002-03-05 15:24 36,864 -ra------ C:\WINDOWS\system32\deluidrv.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\usbmonit.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\delentry.exe
2008-02-05 18:17 . 2002-03-05 15:24 21,064 -ra------ C:\WINDOWS\system32\drivers\geneuide.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 19:34 --------- d-----w C:\Program Files\The Cleaner
2008-02-19 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-16 20:06 --------- d-----w C:\Program Files\Navilog1
2008-02-11 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 15:55 --------- d-----w C:\Program Files\Microsoft Works
2008-02-08 18:01 --------- d-----w C:\Program Files\eMule
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\XnView
2008-01-23 19:21 --------- d-----w C:\Program Files\Canon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 08:01 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"tcactive"="C:\Program Files\The Cleaner\tca.exe" [2004-04-09 08:26 631808]
"tcmonitor"="C:\Program Files\The Cleaner\tcm.exe" [2004-03-13 12:48 388096]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-17 15:22 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\yves\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-23 20:32:03 124912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wbblpcae

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-19 18:15:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 20:41:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-19 20:41:31
ComboFix-quarantined-files.txt 2008-02-19 19:41:22
ComboFix2.txt 2008-02-18 10:57:28
ComboFix3.txt 2007-08-15 17:28:24
.
2008-02-13 21:20:42 --- E O F ---

FillPCA · Answer

Re,

OK. Il fait de la résistance, mais ne t'en fais pas, on va y parvenir. Ca prendra simplement un peu plus de temps.

# Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

Edite aussi un rapport PCA comme demandé au-dessus. Je te réponds un peu plus tard.

FillPCA

Moon · Answer

Voici le rapport PCA. Merci...


# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :2008-02-18 12:07:37
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour pca.zip\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = about:blank
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.fr/?gws_rd=ssl
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO:  - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [ehTray] - C:\WINDOWS\ehome\ehtray.exe
04 - HKLM\..\RUN: [ftutil2] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKLM\..\RUN: [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\..\RUN: [AlwaysReady Power Message APP] - ARPWRMSG.EXE
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [DMAScheduler] - "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
04 - HKLM\..\RUN: [Recguard] - C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\RUN: [PCDrProfiler] - 
04 - HKLM\..\RUN: [HP Software Update] - 
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
04 - HKLM\..\RUN: [!AVG Anti-Spyware] - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
04 - HKLM\..\RUN: [tcactive] - C:\Program Files\The Cleaner	ca.exe
04 - HKLM\..\RUN: [tcmonitor] - C:\Program Files\The Cleaner	cm.exe
04 - HKLM\..\RUN: [TkBellExe] - "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [SsAAD.exe] - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
04 - HKLM\..\RUN: [combofix] - C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RUN: [msnmsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [dz1fzfc] - C:\WINDOWS\system32\dz1fzfc.exe
04 - HKLM\..\RunOnce: [Warranty Reminder 11 month] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [swg] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [msnmsgr] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [dz1fzfc] - RTHDCPL.EXE
04 - Global Startup: Outil de mise à jour Google.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
08 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
08 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
08 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
08 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
08 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
08 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
08 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button:  - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra 'Tools' menuitem:  - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - 
09 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - 
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
//O12 - IE plugins
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :  MSN Photo Upload Tool - {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
O16 - DPF :  BDSCANONLINE Control - {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - C:\WINDOWS\BDOSCAN8\oscan82.ocx
O16 - DPF :  Windows Live Photo Upload Control - {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
O16 - DPF :  a-squared Scanner - {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - C:\WINDOWS\DOWNLO~1\asquared.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [ARSVC] - C:\WINDOWS\arservice.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [AVG Anti-Spyware Guard] - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Media Center Receiver Service] - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: [Service de planification Media Center] - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [Service de l'iPod] - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: [Media Center Extender Service] - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [MSCSPTISRV] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32
vsvc32.exe
O23 - Service: [Microsoft Office Diagnostics Service] - "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [PACSPTISVR] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"
O23 - Service: [Planificateur LiveUpdate automatique] - 
O23 - Service: [PsExec] - %SystemRoot%\PSEXESVC.EXE
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32svp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [Sony SPTI Service] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"
O23 - Service: [SSDP Discovery Service] - %SystemRoot%\system32\svchost.exe -k LocalService
O23 - Service: [SonicStage SCSI Service] - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{E240A44A-EE25-4AA3-A4EB-0106CD6D8248}
O23 - Service: [Symantec Core LC] - 
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32	lntsvr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

FillPCA · Answer

Re,

Nos réponses se sont croisées.

Edite simplement le rapport SREng.

FillPCA

FillPCA · Answer

Re,

Peux-tu aussi éditer un nouveau rapport Diaghelp ?

FillPCA

Moon · Answer

Je dois partir, mais je serais là ce soir, si toi tu es disponible. 
Merci pour tout, c'est vraiment chouette, sinon je serais un brin désespéré!
A+

FillPCA · Answer

Re,

Je serai là ce soir. Quand tu reviens, édite un rapport SREng et un rapport Diaghelp.

FillPCA

Moon · Answer

Voilà je suis de retour. C'est pas trop désesperant ce cheval de Troie? Merci [CODE] 2008-02-18,19:21:49 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Google Inc] <"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [] <"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"> [Sonic Solutions] [] <> [N/A] [Hewlett-Packard Co.] [(Verified)ALWIL Software] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [CANON INC.] <"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] [MooSoft Development] [MooSoft Development] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] <%SystemRoot%\System32 undll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] ================================== Startup Folders [Outil de mise à jour Google] C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [Google]> ================================== Services [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] [Google Updater Service / gusvc][Running/Auto Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"> [Service de l'iPod / iPod Service][Stopped/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start] <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"> [MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [PACSPTISVR / PACSPTISVR][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"> [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start] <> [PsExec / PSEXESVC][Stopped/Manual Start] [Sony SPTI Service / SPTISRV][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"> [SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start] [Symantec Core LC / Symantec Core LC][Stopped/Auto Start] <> [PCI Bus vbf08 Monitor / wbblpcae][Stopped/Auto Start] C:\WINDOWS\system32\d3dimb.dll> ================================== Drivers [Pilote de processeur AMD / AmdK8][Running/System Start] [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [Promise driver accelerator / bb-run][Running/Boot Start] <\SystemRoot\system32\DRIVERS\bb-run.sys> [catchme / catchme][Stopped/Manual Start] <\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys> [ftsata2 / ftsata2][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ftsata2.sys> [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] [Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [nv / nv][Running/Manual Start] [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] [Ps2 / Ps2][Running/Manual Start]

[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [symlcbrd / symlcbrd][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys> [tmcomm / tmcomm][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers mcomm.sys> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A> [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Aide à la connexion] {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [MEDIADICO Familial] {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Easy-WebPrint] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Windows Live Photo Upload Control] {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Java Plug-in 1.5.0_11] {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Microsoft HTML Document 6.0] {25336921-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [Easy-WebPrint] {327C2873-E90D-4C37-AA9D-10AC9BABA46C} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [] {53707962-6F74-2D53-2644-206D7942484F} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Photo Upload Control] {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [Navigateur Web Microsoft] {8856F961-340A-11D0-A96B-00C04FD705A2} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Helper Class] {BF0118D4-63FF-4138-9327-F3028FB1A578} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [MEDIADICO Familial] {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D4A8680F-4272-4161-80FF-851A62AEA027} [Google Updater Class] {D6A5A215-FBF3-45E5-ABF8-22FF50916184} [EZFaceWL.EZFaceControlXWL] {E55194C4-4B04-4285-85DA-CA0AE64D3B39} [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [Runclose Control] {F31D1897-7EFD-4647-8687-E05894E382AB} [&Windows Live Search] [Add to Windows &Live Favorites] [E&xporter vers Microsoft Excel] [Easy-WebPrint Ajouter à la liste d'impressions] [Easy-WebPrint Impression rapide] [Easy-WebPrint Imprimer] [Easy-WebPrint Prévisualiser] [Ouvrir dans un nouvel onglet d'arrière-plan] [Ouvrir dans un nouvel onglet de premier plan] ================================== Running Processes [PID: 656 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 956 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1016 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1116 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1148 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [PID: 1268 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1364 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1508 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1556 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1740 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\CNMLM5y.DLL] [CANON INC., 1.80.2.50] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD5y.DLL] [CANON INC., 1.80.2.50] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI5y.DLL] [CANON INC., 1.80.2.50] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR5y.DLL] [CANON INC., 1.80.2.50] [PID: 1904 / SYSTEM][C:\WINDOWS\arservice.exe] [Microsoft, 6.0.0160.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1964 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [PID: 1996 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\sbe.dll] [, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 2020 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 168 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta] [PID: 236 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.105.1] [C:\Program Files\Fichiers communs\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.105.1] [C:\Program Files\Fichiers communs\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.105.1] [PID: 284 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.10.8208] [PID: 840 / yves][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1096 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1480 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 1884 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2088 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2156 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2464 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2940 / yves][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2968 / yves][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.7.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2976 / yves][C:\WINDOWS\ARPWRMSG.EXE] [Microsoft, 6.0.0160.0] [PID: 3040 / yves][C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe] [Sonic Solutions, 1.0.0.1] [C:\Program Files\HP DigitalMedia Archive\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\PxWrap.dll] [Sonic Solutions, 2.06.30a] [C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 3.2.46.500] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PXDRV.DLL] [Sonic Solutions, 1.01.95a] [C:\WINDOWS\system32\PXMAS.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\PXSFS.DLL] [Sonic Solutions, 3.0.65.500] [C:\WINDOWS\system32\PXWAVE.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\VXBLOCK.DLL] [Sonic Solutions, 1.00.72a] [c:\Program Files\HP DigitalMedia Archive\EAFunctions.dll] [Sonic Solutions, 1.1.0.0] [PID: 3092 / yves][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000] [PID: 3100 / yves][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 3116 / yves][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [PID: 3124 / yves][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\armcex.dll] [, 6.0.0160.0] [c:\windows\system32\fpalsu.dll] [Hewlett-Packard Company, 1, 0, 2, 3] [PID: 3148 / yves][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [PID: 3172 / yves][C:\Program Files\The Cleaner ca.exe] [MooSoft Development, 3.1.0.3073] [PID: 3180 / yves][C:\Program Files\The Cleaner cm.exe] [MooSoft Development, 2.1.0.2043] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3200 / yves][C:\Program Files\QuickTime\qttask.exe] [Apple Inc., 7.1.6] [PID: 3236 / yves][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] [, 3.4.01.13062] [C:\PROGRA~1\Sony\SONICS~1\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\Sony\SONICS~1\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\Sony\SONICS~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 3348 / yves][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00] [PID: 3488 / yves][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.940.34809.beta] [C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll] [Google, 2.2.940.34809.beta] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [PID: 4068 / yves][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Canon\Easy-WebPrint\Toolband.dll] [, 2, 5, 1, 6] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Canon\Easy-WebPrint\Resource.dll] [, 2, 5, 0, 19] [C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\fr-fr\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\fr-fr\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\fr-fr\wlscres.dll.mui] [Microsoft Corporation, 1.0.0001.1] [C:\Program Files\Windows Live Toolbar\fr-fr\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032] [C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\fr-fr\obarres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\obarres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Favorites\wlfext.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\fr-fr\RssFinderRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\RssFinderRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\fr-fr\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\msntabres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\fr-fr\pgres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\pgres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\fr-fr\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\fr-fr\SmaMenRes.dll.mui] [Microsoft Corporation., 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\fr-fr\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0032] [C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components ssFinder.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0] [C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5] [C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\wlsctb.dll] [Microsoft Corporation, 03.01.0000.0072] [C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\msntab.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\msntbfltr.dll] [Microsoft Corporation, 4.0.6620.0] [C:\Program Files\Windows Live Favorites\WLFExtRes.dll] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Favorites\TBIDCRL.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.2407] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2407] [C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.FRA] [Adobe Systems, Inc., 8.0.0.0] [PID: 628 / yves][C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [PID: 1836 / yves][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1464 / yves][C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll] [Adobe Systems Incorporated, 8.1.1.2007101000] [C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll] [Adobe Systems Incorporated, 4.16.80] [C:\Program Files\Adobe\Reader 8.0\Reader\CoolType.dll] [Adobe Systems Incorporated, 5.03.74] [C:\Program Files\Adobe\Reader 8.0\Reader\BIB.dll] [Adobe Systems Incorporated, 1.2.01] [C:\Program Files\Adobe\Reader 8.0\Reader\ACE.dll] [Adobe Systems Incorporated, 2.10.68] [c:\program files\adobe eader 8.0 eader dlang32.fra] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.api] [Adobe Systems Incorporated, 8.1.1.2007101000] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.api] [Adobe Systems Incorporated, 8.1.1.2007101000] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DVA.api] [Adobe Systems Incorporated, 8.0.0.2006102300] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.api] [Adobe Systems Incorporated, 8.0.0.2006102300] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\IA32.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer.API] [Adobe Systems Inc., 8.0.0.2006102300] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.api] [Adobe Systems Incorporated, 8.0.0.2006102300] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.api] [Adobe Systems Incorporated, 8.1.0.0] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins eflow.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.api] [Adobe Systems Incorporated, 8.1.0.2007051100] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.api] [Adobe Systems Incorporated, 8.1.1.2007101000] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins eflow.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.FRA] [, ] [C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll] [N/A, ] [C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll] [N/A, ] [C:\Program Files\Adobe\Reader 8.0\Reader\AdobeLinguistic.dll] [Adobe Systems Incorporated, 3.0RC5] [C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdater.dll] [Adobe Systems Incorporated, 5, 1, 0, 1082] [PID: 1332 / yves][C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe] [Adobe Systems Incorporated, 5, 1, 0, 1082] [C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.fr_FR] [Adobe Systems Incorporated, 5, 1, 0, 1082] [PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2496 / HP_Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\iTunes\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35] [C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll] [Apple Inc., 7.2.0.28] [C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\PROGRA~1\TROJAN~1\Trshlex.dll] [Simply Super Software, 1.0.8.46] [C:\Program Files\The Cleaner cshellex.dll] [MooSoft Development, 2.0.0.0] [C:\WINDOWS\system32\ShellExt\Cryptext.dll] [, 3.4] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 1932 / HP_Administrateur][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 3208 / HP_Administrateur][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 532 / HP_Administrateur][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\armcex.dll] [, 6.0.0160.0] [c:\windows\system32\fpalsu.dll] [Hewlett-Packard Company, 1, 0, 2, 3] [PID: 2868 / HP_Administrateur][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.7.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3604 / HP_Administrateur][C:\WINDOWS\ARPWRMSG.EXE] [Microsoft, 6.0.0160.0] [PID: 1112 / HP_Administrateur][C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe] [Sonic Solutions, 1.0.0.1] [C:\Program Files\HP DigitalMedia Archive\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\PxWrap.dll] [Sonic Solutions, 2.06.30a] [C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 3.2.46.500] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PXDRV.DLL] [Sonic Solutions, 1.01.95a] [C:\WINDOWS\system32\PXMAS.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\PXSFS.DLL] [Sonic Solutions, 3.0.65.500] [C:\WINDOWS\system32\PXWAVE.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\VXBLOCK.DLL] [Sonic Solutions, 1.00.72a] [c:\Program Files\HP DigitalMedia Archive\EAFunctions.dll] [Sonic Solutions, 1.1.0.0] [PID: 1568 / HP_Administrateur][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000] [PID: 3424 / HP_Administrateur][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 3728 / HP_Administrateur][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [PID: 1680 / HP_Administrateur][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5,

Moon · Answer

DiagHelp version v1.4 - http://www.malekal.com excute le 2008-02-18 à 19:30:35.34 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-02-18 19:30:32 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-02-18 19:28:53 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2008-02-18 19:28:43 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2008-02-18 19:28:16 C:\WINDOWS\prefetch\MSN_SL.EXE-18A18BC5.pf -->2008-02-18 19:28:08 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->2008-02-18 19:28:07 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->2008-02-18 19:27:57 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2008-02-18 19:26:21 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->2008-02-18 19:22:47 C:\WINDOWS\prefetch\SRENGPS.EXE-2C9235B0.pf -->2008-02-18 19:20:36 C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35 C:\WINDOWS\System32\drivers\aswmon.sys -->2007-12-04 15:56:02 C:\WINDOWS\System32\drivers\aswmon2.sys -->2007-12-04 15:55:46 C:\WINDOWS\System32\drivers\aswRdr.sys -->2007-12-04 15:53:39 C:\WINDOWS\System32\drivers\aswTdi.sys -->2007-12-04 15:51:52 C:\WINDOWS\System32\drivers\aavmker4.sys -->2007-12-04 15:49:02 C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 11:25:54 C:\WINDOWS\System32 vapps.xml -->2008-02-18 19:14:24 C:\WINDOWS\System32\wpa.dbl -->2008-02-18 19:14:14 C:\WINDOWS\System32\libssl32.dll -->2008-02-12 11:12:43 C:\WINDOWS\System32\libeay32.dll -->2008-02-12 11:12:43 C:\WINDOWS\System32\CONFIG.NT -->2008-02-11 08:57:53 C:\WINDOWS\System32\ihiyjnst.dat -->2008-02-11 08:27:37 C:\WINDOWS\System32\PerfStringBackup.INI -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfh00C.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfh009.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfc00C.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\perfc009.dat -->2008-02-10 09:53:35 C:\WINDOWS\System32\FNTCACHE.DAT -->2008-02-10 07:19:55 C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46 C:\WINDOWS\System32\TZLog.log -->2007-12-11 23:12:33 C:\WINDOWS\System32\wininet.dll -->2007-12-07 01:47:21 C:\WINDOWS\System32\urlmon.dll -->2007-12-07 01:47:21 C:\WINDOWS\System32\shlwapi.dll -->2007-12-07 01:47:20 C:\WINDOWS\System32\shdocvw.dll -->2007-12-07 01:47:20 C:\WINDOWS\System32\pngfilt.dll -->2007-12-07 01:47:19 C:\WINDOWS\System32\mstime.dll -->2007-12-07 01:47:19 C:\WINDOWS\System32\msrating.dll -->2007-12-07 01:47:18 C:\WINDOWS\System32\mshtmled.dll -->2007-12-07 01:47:18 C:\WINDOWS\System32\mshtml.dll -->2007-12-07 01:47:18 C:\WINDOWS\System32\jsproxy.dll -->2007-12-07 01:47:15 C:\WINDOWS\System32\inseng.dll -->2007-12-07 01:47:15 C:\WINDOWS\WindowsUpdate.log -->2008-02-18 19:29:15 C:\WINDOWS\0.log -->2008-02-18 15:22:09 C:\WINDOWS\bootstat.dat -->2008-02-18 15:21:49 C:\WINDOWS\SchedLgU.Txt -->2008-02-18 13:05:33 C:\WINDOWS tbtlog.txt -->2008-02-18 11:57:41 C:\WINDOWS\system.ini -->2008-02-18 11:56:51 C:\WINDOWS\QTFont.qfn -->2008-02-14 08:51:15 C:\WINDOWS soc.log -->2008-02-12 20:24:07 C:\WINDOWS abletoc.log -->2008-02-12 20:24:07 C:\WINDOWS\plusoc.log -->2008-02-12 20:24:07 C:\WINDOWS\ocmsn.log -->2008-02-12 20:24:07 C:\WINDOWS\ocgen.log -->2008-02-12 20:24:07 C:\WINDOWS tdtcsetup.log -->2008-02-12 20:24:07 C:\WINDOWS etfxocm.log -->2008-02-12 20:24:07 C:\WINDOWS\msgsocm.log -->2008-02-12 20:24:07 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 840 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~1\wmpband.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll ------------------------------------------------------------------------------ explorer.exe pid: 2496 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~1\wmpband.dll 0x10000000 0x21000 7.02.0000.0035 C:\Program Files\iTunes\iTunesMiniPlayer.dll 0x01210000 0xe000 7.02.0000.0028 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll 0x01240000 0x23000 7.02.0000.0035 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x01770000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x00c60000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x00dd0000 0x76000 1.00.0008.0046 C:\PROGRA~1\TROJAN~1\Trshlex.dll 0x02740000 0x5d000 2.00.0000.0000 C:\Program Files\The Cleaner cshellex.dll 0x028a0000 0x47000 3.04.0000.0000 C:\WINDOWS\system32\ShellExt\Cryptext.dll 0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x02e50000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02eb0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x506a0000 0x88000 7.00.6000.0381 C:\WINDOWS\system32\wuapi.dll 0x01100000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x031c0000 0xd5000 1.04.0000.0000 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 744 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01220000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x012b0000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll ------------------------------------------------------------------------------ winlogon.exe pid: 3576 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x00ce0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\WINDOWS\system 1998-05-07 17:04 52,736 hpsysdrv.exe 1 fichier(s) 52,736 octets 0 Rép(s) 109,064,654,848 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\WINDOWS\system32 2004-08-10 12:00 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 109,064,654,848 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\WINDOWS\Downloaded Program Files 2007-08-16 15:12 . 2007-08-16 15:12 .. 2007-07-02 14:44 941,688 asquared.ocx 2004-12-07 16:07 32 bdcore.dll 2006-05-25 00:21 118,784 bdupd.dll 2007-09-17 17:50 CONFLICT.1 2005-10-10 12:32 65 desktop.ini 2002-07-26 00:13 24,576 dwusplay.dll 2002-07-26 00:13 196,608 dwusplay.exe 2006-05-25 00:21 53,248 ipsupd.dll 2004-07-27 22:48 323,584 isusweb.dll 2005-03-16 11:34 7,407 lang.ini 2004-12-07 16:07 32 libfn.dll 2005-03-14 13:38 126 live.ini 2006-06-20 14:44 379,704 MsnPUpld.dll 2006-06-19 13:40 393 MsnPUpld.inf 2006-06-01 01:57 1,331 oscan8.inf 2006-06-01 01:54 471,040 oscan8.ocx 2006-05-31 03:15 10 oscan81.ocx_x 2006-06-20 14:44 117,560 PURen-us.dll 2007-01-09 07:30 110,592 PURfr-fr.dll 2004-10-15 06:59 110,592 PURfr-xx.dll 2005-03-14 13:58 7,073 scanoptions.tsi 20 fichier(s) 2,864,445 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 2007-09-17 17:50 . 2007-09-17 17:50 .. 2007-08-02 10:31 360,320 MsnPUpld.dll 2007-08-02 14:47 569 MSNPUpld.inf 2007-08-02 10:31 67,456 PURen-us.dll 2007-08-06 11:10 68,992 PURfr-fr.dll 4 fichier(s) 497,337 octets Total des fichiers listés : 24 fichier(s) 3,361,782 octets 5 Rép(s) 109,064,654,848 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-18 19:31:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 168 - GoogleUpdaterSe 284 - nvsvc32.exe 324 - tca.exe 636 - csrss.exe 720 - csrss.exe 744 - winlogon.exe 788 - services.exe 800 - lsass.exe 840 - explorer.exe 956 - svchost.exe 1016 - svchost.exe 1096 - svchost.exe 1116 - svchost.exe 1148 - svchost.exe 1188 - wuauclt.exe 1268 - svchost.exe 1332 - AdobeUpdater.ex 1464 - AcroRd32.exe 1480 - mcrdsvc.exe 1556 - ashServ.exe 1680 - avgas.exe 1740 - spoolsv.exe 1884 - ashMaiSv.exe 1904 - arservice.exe 1928 - googletalk.exe 2088 - ashWebSv.exe 2156 - dllhost.exe 2464 - alg.exe 2496 - explorer.exe 3004 - msnmsgr.exe 3076 - tcm.exe 3100 - ashDisp.exe 3148 - avgas.exe 3172 - tca.exe 3180 - tcm.exe 3208 - ehtray.exe 3348 - msnmsgr.exe 3424 - ashDisp.exe 3576 - winlogon.exe 3604 - arpwrmsg.exe 4068 - IEXPLORE.EXE 4292 - cmd.exe Total number of processes = 43 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 tkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7A70000 - \WINDOWS\system32\KDCOM.DLL F7980000 - \WINDOWS\system32\BOOTVID.dll F7440000 - ACPI.sys F7A72000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F742F000 - pci.sys F7570000 - isapnp.sys F7580000 - ohci1394.sys F7590000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7B38000 - pciide.sys F77F0000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7A74000 - viaide.sys F7A76000 - intelide.sys F75A0000 - MountMgr.sys F7410000 - ftdisk.sys F7A78000 - dmload.sys F73EA000 - dmio.sys F77F8000 - PartMgr.sys F75B0000 - VolSnap.sys F73D2000 - atapi.sys F738F000 - ftsata2.sys F7377000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F75C0000 - disk.sys F75D0000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7357000 - fltMgr.sys F7345000 - sr.sys F75E0000 - bb-run.sys F75F0000 - PxHelp20.sys F732E000 - KSecDD.sys F731B000 - WudfPf.sys F728E000 - Ntfs.sys F7261000 - NDIS.sys F7246000 - Mup.sys F7680000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F7900000 - \SystemRoot\system32\DRIVERS\aracpi.sys F6E9E000 - \SystemRoot\system32\DRIVERS v4_mini.sys F6E8A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7908000 - \SystemRoot\system32\DRIVERS\usbohci.sys F6E67000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7910000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7690000 - \SystemRoot\system32\DRIVERS\imapi.sys F76A0000 - \SystemRoot\system32\DRIVERS\cdrom.sys F76B0000 - \SystemRoot\system32\DRIVERS edbook.sys F6E44000 - \SystemRoot\system32\DRIVERS\ks.sys F7918000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F76C0000 - \SystemRoot\system32\DRIVERS ic1394.sys F6E1F000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7A6C000 - \SystemRoot\system32\DRIVERS vnetbus.sys F6DD4000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS F6D9D000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS F76D0000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7920000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7AB0000 - \SystemRoot\system32\DRIVERS\armoucfltr.sys F7928000 - \SystemRoot\system32\DRIVERS\PS2.sys F7930000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7AB2000 - \SystemRoot\system32\DRIVERS\arkbcfltr.sys F7222000 - \SystemRoot\system32\DRIVERS\arpolicy.sys F7C3A000 - \SystemRoot\system32\DRIVERS\audstub.sys F76E0000 - \SystemRoot\system32\DRIVERS asl2tp.sys F721E000 - \SystemRoot\system32\DRIVERS distapi.sys F6D86000 - \SystemRoot\system32\DRIVERS diswan.sys F76F0000 - \SystemRoot\system32\DRIVERS aspppoe.sys F7700000 - \SystemRoot\system32\DRIVERS aspptp.sys F7938000 - \SystemRoot\system32\DRIVERS\TDI.SYS F6D75000 - \SystemRoot\system32\DRIVERS\psched.sys F7710000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7940000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7948000 - \SystemRoot\system32\DRIVERS aspti.sys F6C2E000 - \SystemRoot\system32\DRIVERS dpdr.sys F7720000 - \SystemRoot\system32\DRIVERS ermdd.sys F7AB4000 - \SystemRoot\system32\DRIVERS\swenum.sys F6BFA000 - \SystemRoot\system32\DRIVERS\update.sys F7202000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F7730000 - \SystemRoot\System32\Drivers\NDProxy.SYS F7750000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7AB6000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7760000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys F4211000 - \SystemRoot\system32\drivers\RtkHDAud.sys F41EF000 - \SystemRoot\system32\drivers\portcls.sys F7770000 - \SystemRoot\system32\drivers\drmk.sys F7ABA000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C1C000 - \SystemRoot\System32\Drivers\Null.SYS F7ABC000 - \SystemRoot\System32\Drivers\Beep.SYS F7C1D000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7978000 - \SystemRoot\System32\drivers\vga.sys F7ABE000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7AC0000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7838000 - \SystemRoot\System32\Drivers\Msfs.SYS F7840000 - \SystemRoot\System32\Drivers\Npfs.SYS F6CD1000 - \SystemRoot\system32\DRIVERS asacd.sys F4194000 - \SystemRoot\system32\DRIVERS\ipsec.sys F413C000 - \SystemRoot\system32\DRIVERS cpip.sys F7780000 - \SystemRoot\System32\Drivers\aswTdi.SYS F4114000 - \SystemRoot\system32\DRIVERS etbt.sys F40F2000 - \SystemRoot\System32\drivers\afd.sys F7790000 - \SystemRoot\system32\DRIVERS etbios.sys F40C7000 - \SystemRoot\system32\DRIVERS dbss.sys F4030000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F77B0000 - \SystemRoot\System32\Drivers\Fips.SYS F400F000 - \SystemRoot\system32\DRIVERS\ipnat.sys F77C0000 - \SystemRoot\system32\DRIVERS\wanarp.sys F77D0000 - \SystemRoot\system32\DRIVERS\arp1394.sys F7C7C000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F7848000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F7850000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F3F4C000 - \SystemRoot\System32\Drivers\Fastfat.SYS F3F34000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7AD2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F40C3000 - \SystemRoot\System32\drivers\Dxapi.sys F7888000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C5C000 - \SystemRoot\System32\drivers\dxgthk.sys BADE0000 - \SystemRoot\system32\DRIVERS disuio.sys BA36A000 - \SystemRoot\System32\Drivers\aswMon2.SYS BA1AE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys BA199000 - \SystemRoot\system32\drivers\wdmaud.sys F3FEF000 - \SystemRoot\system32\drivers\sysaudio.sys B9FA2000 - \SystemRoot\System32\Drivers\HTTP.sys B9F28000 - \SystemRoot\system32\DRIVERS\srv.sys F78A8000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys B950E000 - \??\C:\WINDOWS\system32\drivers mcomm.sys B941A000 * --[Hidden]-- B914E000 - \SystemRoot\System32\Drivers\Cdfs.SYS B7044000 - \SystemRoot\system32\drivers\kmixer.sys BFF50000 - \SystemRoot\System32\TSDDD.dll BF9D5000 - \SystemRoot\System32 v4_disp.dll F7C8D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 129 Liste des programmes installes Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.1 - Français Amélioration de nos services Amélioration de nos services AutoUpdate avast! Antivirus AVG Anti-Spyware 7.5 Barre d'outils Outlook de Windows Live (Windows Live Toolbar) Bloqueur de fenêtres pop-up (Windows Live Toolbar) BufferChm Canon PhotoRecord Canon PIXMA iP1500 Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox Connexion Facile à Internet Connexion Facile à Internet Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 10 (KB910393) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB888795) Correctif pour Windows XP (KB891593) Correctif pour Windows XP (KB893357) Correctif pour Windows XP (KB899337) Correctif pour Windows XP (KB899510) Correctif pour Windows XP (KB902841) Correctif pour Windows XP (KB906569) Correctif pour Windows XP (KB912024) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB892050 Correctif Windows XP - KB893066 Correctif Windows XP - KB895961 CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig Cryptext (Remove Only) CueTour Destinations DeviceManagementQFolder DivX Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) Easy-WebPrint eMule Enhanced Multimedia Keyboard Solution Extension de Windows Live Toolbar (Windows Live Toolbar) EZface ActiveX 208 FullDPAppQFolder GemMaster Mystic Google Earth Google Talk (remove only) Google Toolbar for Internet Explorer High Definition Audio - KB888111 HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB926239) HP Boot Optimizer HP DigitalMedia Archive HP DVD Play 2.1 HP Imaging Device Functions 7.0 HP Photosmart for Media Center PC HP Photosmart Premier Software 6.5 HP Software Update HPPhotoSmartExpress HpSdpAppCoreApp InstantShareDevices iTunes J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 La Toolbar MEDIADICO Lecteur Windows Media 11 LightScribe 1.4.105.1 Menus intelligents (Windows Live Toolbar) Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Away Mode Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word Viewer 2003 Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB939653) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB942615) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944533) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Lecteur Windows Media 10 (KB926251) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB942840) Mise à jour pour Windows XP (KB946627) Mozilla Firefox (2.0.0.12) MSN MSXML 4.0 SP2 (KB936181) muvee autoProducer 5.0 muvee autoProducer unPlugged 2.0 Navigation par onglets (Windows Live Toolbar) Navilog1 3.4.5 Navilog1 Version 2.0.7 NVIDIA Drivers OneCare Advisor (Windows Live Toolbar) OpenMG Limited Patch 4.4-06-13-19-01 OpenMG Secure Module 4.4.00 OpenMG Secure Module 4.4.00 OptionalContentQFolder Otto Outil de mise à jour Google PC-Doctor 5 pour Windows PhotoGallery Picasa 2 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QuickTime RandMap RealPlayer Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Services Internet Services Internet SkinsHP1 SlideShow SlideShowMusic Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK SonicStage 3.4 Spybot - Search & Destroy 1.4 The Cleaner Trojan Remover 6.6.1 Unload Update for Outlook 2007 Junk Email Filter (kb944965) USB Storage Driver WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Live Favorites pour Windows Live Toolbar Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Media Center Edition 2005 KB925766 XnView 1.91.1 Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\Program Files 2008-02-09 16:55 . 2008-02-09 16:55 .. 2007-09-19 17:26 Adobe 2007-03-18 17:00 Alwil Software 2008-01-23 20:21 Canon 2005-11-12 01:09 ComPlus Applications 2006-08-14 15:08 DivX 2006-08-14 15:23 EasyBits 2008-02-08 19:01 eMule 2007-08-06 10:24 EZFace 2008-02-09 16:55 Fichiers communs 2006-08-14 14:33 FrenchOtto 2006-08-14 14:33 GemMasterFrench 2007-08-27 19:01 Google 2007-08-16 10:08 Grisoft 2006-08-14 15:22 Hewlett-Packard 2006-08-14 15:05 HP 2006-08-14 15:02 HP DigitalMedia Archive 2008-02-12 20:23 Internet Explorer 2007-06-11 21:32 iPod 2007-06-11 21:32 iTunes 2007-10-08 09:41 Java 2007-03-20 13:42 LAventure 2006-08-14 14:43 Messenger 2007-05-09 11:49 Microsoft CAPICOM 2.1.0.2 2005-11-15 03:24 microsoft frontpage 2008-02-09 16:55 Microsoft Office 2008-02-09 16:55 Microsoft Visual Studio 2008-02-09 16:55 Microsoft Works 2008-02-09 16:53 Microsoft.NET 2007-07-08 09:00 Miniapic 2005-11-15 03:24 Movie Maker 2008-02-17 23:26 Mozilla Firefox 2008-02-09 16:55 MSBuild 2007-03-18 12:12 MSN 2005-11-15 03:25 MSN Gaming Zone 2007-10-29 20:03 MSN Messenger 2007-03-19 08:16 MSXML 4.0 2006-08-14 15:08 muvee Technologies 2008-02-16 21:06 Navilog1 2005-11-15 03:25 NetMeeting 2005-11-15 03:25 Online Services 2007-06-12 21:02 Outlook Express 2006-08-14 15:19 PC-Doctor 5 for Windows 2007-10-25 20:22 Picasa2 2007-06-11 21:31 QuickTime 2006-08-14 15:02 Real 2006-08-14 15:24 Services en ligne 2006-08-14 15:03 Sonic 2007-10-22 17:50 Sony 2007-10-22 17:50 Sony Corporation 2007-08-19 16:34 Spybot - Search & Destroy 2008-02-18 19:14 The Cleaner 2007-08-16 12:12 Trojan Remover 2007-12-02 22:29 Windows Live Favorites 2007-12-03 07:19 Windows Live Toolbar 2007-03-31 10:23 Windows Media Connect 2 2007-03-31 10:26 Windows Media Player 2005-11-15 03:25 Windows NT 2005-11-15 03:25 Windows Plus 2005-11-15 03:26 xerox 2007-07-19 19:34 XnView 0 fichier(s) 0 octets 62 Rép(s) 109,061,017,600 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\Program Files\fichiers communs 2008-02-09 16:55 . 2008-02-09 16:55 .. 2007-09-19 17:27 Adobe 2008-02-09 16:55 DESIGNER 2006-08-14 14:58 HP 2006-08-14 15:21 InstallShield 2006-08-14 14:39 Java 2006-08-14 15:04 LightScribe 2006-08-14 15:04 LS Getting Started 2008-02-09 16:55 Microsoft Shared 2005-11-15 03:24 MSSoap 2006-08-14 15:07 muvee Technologies 2005-11-15 03:24 ODBC 2007-09-17 15:22 Real 2005-11-15 03:24 Services 2006-08-14 15:03 Sonic Shared 2007-10-22 17:50 Sony Shared 2005-11-15 03:24 SpeechEngines 2006-08-14 15:03 SureThing Shared 2007-08-16 21:44 Symantec Shared 2008-02-09 16:50 System 2006-08-14 15:03 TiVo Shared 2007-09-17 15:22 xing shared 0 fichier(s) 0 octets 23 Rép(s) 109,061,017,600 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 881E-2B7E Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2008-02-09 16:54 . 2008-02-09 16:54 .. 2008-02-09 16:51 1036 2006-10-26 19:49 970,528 MSONSEXT.DLL 2006-10-26 20:12 40,256 MSOSV.DLL 1999-06-03 10:09 122,937 MSOWS409.DLL 2001-03-07 05:00 127,033 MSOWS40c.DLL 4 fichier(s) 1,260,754 octets 3 Rép(s) 109,061,017,600 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.2.0.35\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiA.Exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiW.Exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe c:\Documents and Settings\HP_Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\HP_Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\HP_Administrateur\.housecall6.6 sc.exe c:\Documents and Settings\HP_Administrateur\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\HP_Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\muc60.exe c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\ybl61.exe c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\yul8.exe c:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\eMule0.48a-Installer.exe c:\Documents and Settings\HP_Administrateur\Bureau\ewido-setup.exe c:\Documents and Settings\HP_Administrateur\Bureau\Navilog1.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\clean\clean\pskill.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp ar.exe c:\Documents and Settings\HP_Administrateur\Bureau\Navilog1\Navilog1.exe c:\Documents and Settings\HP_Administrateur\Bureau\pca\pca.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\catchme.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\dummy.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\download.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\dummy.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\ERUNT.EXE c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\FixPath.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\grep.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\isadmin.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\moveex.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Process.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\procs.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\psservice.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps egedit.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\sed.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\shutdown.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\vfind.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\WINMSG.EXE c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\find.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups egedit.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix estart.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\HP_Administrateur\Bureau\sreng2\SREngPS.EXE c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Picasa2\update\LifescapeUpdater\setup.exe c:\Documents and Settings\HP_Administrateur\Local Settings\Temp\Répertoire temporaire 1 pour pca.zip\pca.exe c:\Documents and Settings\HP_Administrateur\Mes documents\iTunesSetup.exe c:\Documents and Settings\HP_Administrateur\Mes documents\Norton_Removal_Tool_9x.exe c:\Documents and Settings\HP_Administrateur\Mes documents\setupfre avast.exe c:\Documents and Settings\HP_Administrateur\Mes documents\anpe\hijack\HijackThis.exe c:\Documents and Settings\HP_Administrateur\Mes documents\iview\iview385.exe c:\Documents and Settings\yves\Application Data\U3 emp\cleanup.exe c:\Documents and Settings\yves\Application Data\U3 emp\Launchpad Removal.exe c:\Documents and Settings\yves\Bureau\Install3373.exe c:\Documents and Settings\yves\Mes documents\eMule0.47c-Installer.exe c:\Documents and Settings\yves\Mes documents\Install_Messenger.exe c:\Documents and Settings\yves\Mes documents\Scrabble\SCRABBLE_2005_demo_fr.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_NOM-FB9B15D2723.tar.gz a l'adresse http://upload.malekal.com

Moon · Answer

Bon, j'imagine que tu n'as pas pû revenir sur mon post, je reviendrais demain donc.
Merci et bonne soirée à toi.
Moon

FillPCA · Answer

Re,

    *  Sélectionne le texte suivant :

Killall::

Driver::
wbblpcae

NetSvc::
wbblpcae

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-

File::
C:\WINDOWS\system32\d3dimb.dll
C:\WINDOWS\system32\d3dimb.dll.bak
C:\WINDOWS\system32\ihiyjnst.dat
C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
C:\WINDOWS\system32\dz1fzfc.exe

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

Si ça ne marche pas, essaie en mode sans échec.

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite ce rapport et un nouveau rapport SREng.

FillPCA

Moon · Answer

Bonjour, j'ai un doute, est-ce que lors du redemarrage de ma machine, pas combofix, je dois egalement^me mettre en mode sans echec?
Merci. 



ComboFix 08-02-17.2 - HP_Administrateur 2008-02-19 10:54:04.9 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.773 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt

FILE ::
C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
C:\WINDOWS\system32\d3dimb.dll
C:\WINDOWS\system32\d3dimb.dll.bak
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\system32\ihiyjnst.dat
.

FillPCA · Answer

Re,

non, le démarrage doit être normal. C'est l'intégralité de ton rapport Combofix ?

FillPCA

Moon · Answer

[CODE] 2008-02-19,11:07:37 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Google Inc] <"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] <"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"> [Sonic Solutions] [] <> [N/A] [Hewlett-Packard Co.] [(Verified)ALWIL Software] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [CANON INC.] <"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] [MooSoft Development] [MooSoft Development] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] <%SystemRoot%\System32 undll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] ================================== Startup Folders [Outil de mise à jour Google] C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [Google]> ================================== Services [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] [Google Updater Service / gusvc][Running/Auto Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"> [Service de l'iPod / iPod Service][Stopped/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start] <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"> [MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [PACSPTISVR / PACSPTISVR][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"> [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start] <> [Sony SPTI Service / SPTISRV][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"> [SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start] [Symantec Core LC / Symantec Core LC][Stopped/Auto Start] <> ================================== Drivers [Pilote de processeur AMD / AmdK8][Running/System Start] [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [Promise driver accelerator / bb-run][Running/Boot Start] <\SystemRoot\system32\DRIVERS\bb-run.sys> [catchme / catchme][Stopped/Manual Start] <\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys> [ftsata2 / ftsata2][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ftsata2.sys> [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] [Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [nv / nv][Running/Manual Start] [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] [Ps2 / Ps2][Running/Manual Start]

[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [symlcbrd / symlcbrd][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys> [tmcomm / tmcomm][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers mcomm.sys> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A> [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Aide à la connexion] {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [MEDIADICO Familial] {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Easy-WebPrint] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Windows Live Photo Upload Control] {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Java Plug-in 1.5.0_11] {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Microsoft HTML Document 6.0] {25336921-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [Easy-WebPrint] {327C2873-E90D-4C37-AA9D-10AC9BABA46C} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [] {53707962-6F74-2D53-2644-206D7942484F} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Photo Upload Control] {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [Navigateur Web Microsoft] {8856F961-340A-11D0-A96B-00C04FD705A2} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Helper Class] {BF0118D4-63FF-4138-9327-F3028FB1A578} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__MPEGURL Moniker Class] {CD3AFA78-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [MEDIADICO Familial] {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D4A8680F-4272-4161-80FF-851A62AEA027} [Google Updater Class] {D6A5A215-FBF3-45E5-ABF8-22FF50916184} [EZFaceWL.EZFaceControlXWL] {E55194C4-4B04-4285-85DA-CA0AE64D3B39} [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [Runclose Control] {F31D1897-7EFD-4647-8687-E05894E382AB} [&Windows Live Search] [Add to Windows &Live Favorites] [E&xporter vers Microsoft Excel] [Easy-WebPrint Ajouter à la liste d'impressions] [Easy-WebPrint Impression rapide] [Easy-WebPrint Imprimer] [Easy-WebPrint Prévisualiser] [Ouvrir dans un nouvel onglet d'arrière-plan] [Ouvrir dans un nouvel onglet de premier plan] ================================== Running Processes [PID: 660 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 964 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1020 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1116 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1152 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [PID: 1272 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1388 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1512 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1560 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1740 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\CNMLM5y.DLL] [CANON INC., 1.80.2.50] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD5y.DLL] [CANON INC., 1.80.2.50] [PID: 1900 / SYSTEM][C:\WINDOWS\arservice.exe] [Microsoft, 6.0.0160.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1960 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [PID: 2004 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\sbe.dll] [, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 2024 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 2044 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta] [PID: 252 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.105.1] [C:\Program Files\Fichiers communs\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.105.1] [C:\Program Files\Fichiers communs\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.105.1] [PID: 308 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.10.8208] [PID: 644 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1112 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 1420 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1444 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1372 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2156 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3080 / HP_Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\iTunes\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35] [C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll] [Apple Inc., 7.2.0.28] [C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [PID: 3844 / HP_Administrateur][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3860 / HP_Administrateur][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.7.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3868 / HP_Administrateur][C:\WINDOWS\ARPWRMSG.EXE] [Microsoft, 6.0.0160.0] [PID: 3900 / HP_Administrateur][C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe] [Sonic Solutions, 1.0.0.1] [C:\Program Files\HP DigitalMedia Archive\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\PxWrap.dll] [Sonic Solutions, 2.06.30a] [C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 3.2.46.500] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PXDRV.DLL] [Sonic Solutions, 1.01.95a] [C:\WINDOWS\system32\PXMAS.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\PXSFS.DLL] [Sonic Solutions, 3.0.65.500] [C:\WINDOWS\system32\PXWAVE.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\VXBLOCK.DLL] [Sonic Solutions, 1.00.72a] [PID: 3924 / HP_Administrateur][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000] [PID: 4012 / HP_Administrateur][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 4024 / HP_Administrateur][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [PID: 4040 / HP_Administrateur][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [PID: 4056 / HP_Administrateur][C:\Program Files\The Cleaner ca.exe] [MooSoft Development, 3.1.0.3073] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [PID: 4064 / HP_Administrateur][C:\Program Files\The Cleaner cm.exe] [MooSoft Development, 2.1.0.2043] [PID: 192 / HP_Administrateur][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.4043] [PID: 336 / HP_Administrateur][C:\Program Files\QuickTime\qttask.exe] [Apple Inc., 7.1.6] [PID: 1976 / HP_Administrateur][C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe] [Adobe Systems Incorporated, 8.0.0.0] [PID: 596 / HP_Administrateur][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] [, 3.4.01.13062] [C:\PROGRA~1\Sony\SONICS~1\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\Sony\SONICS~1\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\Sony\SONICS~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 588 / HP_Administrateur][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00] [PID: 2132 / HP_Administrateur][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\armcex.dll] [, 6.0.0160.0] [c:\windows\system32\fpalsu.dll] [Hewlett-Packard Company, 1, 0, 2, 3] [PID: 2228 / HP_Administrateur][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 476 / HP_Administrateur][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.940.34809.beta] [C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll] [Google, 2.2.940.34809.beta] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [PID: 3380 / HP_Administrateur][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3920 / HP_Administrateur][C:\Program Files\Windows Live Toolbar\msn_sl.exe] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\MSN_SLrs.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0146] [PID: 1968 / HP_Administrateur][C:\Documents and Settings\HP_Administrateur\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Documents and Settings\HP_Administrateur\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3900, C:\PROGRAM FILES\HP DIGITALMEDIA ARCHIVE\DMASCHEDULER.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3924, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE] Special Privilege Enabled: SeDebugPrivilege [PID = 4056, C:\PROGRAM FILES\THE CLEANER\TCA.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 4056, C:\PROGRAM FILES\THE CLEANER\TCA.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 4064, C:\PROGRAM FILES\THE CLEANER\TCM.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 336, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 596, C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== /CODE

Moon · Answer

Oui, c'est tout ce que j'ai pour le rapport Combofix. Compliqué?

FillPCA · Answer

Re,

Le dernier rapport SRENg est propre. Peux-tu éditer un rapport Hijackthis ET me dire comment le pc se porte ?

FillPCA

Moon · Answer

L'ordinateur n'a jamais eu de signes particuliers depuis ce cheval de Troie, donc je dirais qu'il va plutôt bien... [CODE] 2008-02-19,11:07:37 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Google Inc] <"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] <"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"> [Sonic Solutions] [] <> [N/A] [Hewlett-Packard Co.] [(Verified)ALWIL Software] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [CANON INC.] <"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] [MooSoft Development] [MooSoft Development] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] <%SystemRoot%\System32 undll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] ================================== Startup Folders [Outil de mise à jour Google] C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [Google]> ================================== Services [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] [Google Updater Service / gusvc][Running/Auto Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"> [Service de l'iPod / iPod Service][Stopped/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start] <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"> [MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [PACSPTISVR / PACSPTISVR][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"> [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start] <> [Sony SPTI Service / SPTISRV][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"> [SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start] [Symantec Core LC / Symantec Core LC][Stopped/Auto Start] <> ================================== Drivers [Pilote de processeur AMD / AmdK8][Running/System Start] [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [Promise driver accelerator / bb-run][Running/Boot Start] <\SystemRoot\system32\DRIVERS\bb-run.sys> [catchme / catchme][Stopped/Manual Start] <\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys> [ftsata2 / ftsata2][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ftsata2.sys> [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] [Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [nv / nv][Running/Manual Start] [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] [Ps2 / Ps2][Running/Manual Start]

[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [symlcbrd / symlcbrd][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys> [tmcomm / tmcomm][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers mcomm.sys> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A> [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Aide à la connexion] {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [MEDIADICO Familial] {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Easy-WebPrint] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Windows Live Photo Upload Control] {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Java Plug-in 1.5.0_11] {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Microsoft HTML Document 6.0] {25336921-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [Easy-WebPrint] {327C2873-E90D-4C37-AA9D-10AC9BABA46C} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [] {53707962-6F74-2D53-2644-206D7942484F} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Photo Upload Control] {7FC1B346-83E6-4774-8D20-1A6B09B0E737} [Navigateur Web Microsoft] {8856F961-340A-11D0-A96B-00C04FD705A2} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Helper Class] {BF0118D4-63FF-4138-9327-F3028FB1A578} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__MPEGURL Moniker Class] {CD3AFA78-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [MEDIADICO Familial] {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D4A8680F-4272-4161-80FF-851A62AEA027} [Google Updater Class] {D6A5A215-FBF3-45E5-ABF8-22FF50916184} [EZFaceWL.EZFaceControlXWL] {E55194C4-4B04-4285-85DA-CA0AE64D3B39} [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [Runclose Control] {F31D1897-7EFD-4647-8687-E05894E382AB} [&Windows Live Search] [Add to Windows &Live Favorites] [E&xporter vers Microsoft Excel] [Easy-WebPrint Ajouter à la liste d'impressions] [Easy-WebPrint Impression rapide] [Easy-WebPrint Imprimer] [Easy-WebPrint Prévisualiser] [Ouvrir dans un nouvel onglet d'arrière-plan] [Ouvrir dans un nouvel onglet de premier plan] ================================== Running Processes [PID: 660 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 964 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1020 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1116 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1152 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [PID: 1272 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1388 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1512 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1560 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1740 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\CNMLM5y.DLL] [CANON INC., 1.80.2.50] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD5y.DLL] [CANON INC., 1.80.2.50] [PID: 1900 / SYSTEM][C:\WINDOWS\arservice.exe] [Microsoft, 6.0.0160.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1960 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [PID: 2004 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\sbe.dll] [, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 2024 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 2044 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta] [PID: 252 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.105.1] [C:\Program Files\Fichiers communs\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.105.1] [C:\Program Files\Fichiers communs\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.105.1] [PID: 308 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.10.8208] [PID: 644 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1112 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 1420 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1444 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1372 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2156 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3080 / HP_Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\iTunes\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35] [C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll] [Apple Inc., 7.2.0.28] [C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [PID: 3844 / HP_Administrateur][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3860 / HP_Administrateur][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.7.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3868 / HP_Administrateur][C:\WINDOWS\ARPWRMSG.EXE] [Microsoft, 6.0.0160.0] [PID: 3900 / HP_Administrateur][C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe] [Sonic Solutions, 1.0.0.1] [C:\Program Files\HP DigitalMedia Archive\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\PxWrap.dll] [Sonic Solutions, 2.06.30a] [C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 3.2.46.500] [c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PXDRV.DLL] [Sonic Solutions, 1.01.95a] [C:\WINDOWS\system32\PXMAS.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\PXSFS.DLL] [Sonic Solutions, 3.0.65.500] [C:\WINDOWS\system32\PXWAVE.DLL] [Sonic Solutions, 3.2.46.500] [C:\WINDOWS\system32\VXBLOCK.DLL] [Sonic Solutions, 1.00.72a] [PID: 3924 / HP_Administrateur][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000] [PID: 4012 / HP_Administrateur][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 4024 / HP_Administrateur][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [PID: 4040 / HP_Administrateur][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [PID: 4056 / HP_Administrateur][C:\Program Files\The Cleaner ca.exe] [MooSoft Development, 3.1.0.3073] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [PID: 4064 / HP_Administrateur][C:\Program Files\The Cleaner cm.exe] [MooSoft Development, 2.1.0.2043] [PID: 192 / HP_Administrateur][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.4043] [PID: 336 / HP_Administrateur][C:\Program Files\QuickTime\qttask.exe] [Apple Inc., 7.1.6] [PID: 1976 / HP_Administrateur][C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe] [Adobe Systems Incorporated, 8.0.0.0] [PID: 596 / HP_Administrateur][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] [, 3.4.01.13062] [C:\PROGRA~1\Sony\SONICS~1\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\Sony\SONICS~1\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\Sony\SONICS~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 588 / HP_Administrateur][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00] [PID: 2132 / HP_Administrateur][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\armcex.dll] [, 6.0.0160.0] [c:\windows\system32\fpalsu.dll] [Hewlett-Packard Company, 1, 0, 2, 3] [PID: 2228 / HP_Administrateur][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 476 / HP_Administrateur][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.940.34809.beta] [C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll] [Google, 2.2.940.34809.beta] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [PID: 3380 / HP_Administrateur][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3920 / HP_Administrateur][C:\Program Files\Windows Live Toolbar\msn_sl.exe] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\MSN_SLrs.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0146] [PID: 1968 / HP_Administrateur][C:\Documents and Settings\HP_Administrateur\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Documents and Settings\HP_Administrateur\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3900, C:\PROGRAM FILES\HP DIGITALMEDIA ARCHIVE\DMASCHEDULER.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3924, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE] Special Privilege Enabled: SeDebugPrivilege [PID = 4056, C:\PROGRAM FILES\THE CLEANER\TCA.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 4056, C:\PROGRAM FILES\THE CLEANER\TCA.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 4064, C:\PROGRAM FILES\THE CLEANER\TCM.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 336, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 596, C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== /CODE

FillPCA · Answer

Re,

Tu as republié un rapport SREng. Ce que je voudrais, c'est un rapport Hijackthis. J'aimerais aussi que tu lances normalement Combofix (sans l'utilisation de Cfscript) soit en mode normal ou en mode sans échec si ça ne marche pas autrement.
Laisse l'ordinateur redémarrer normalement.

Edite le rapport Combofix avec le rapport Hijackthis.

FillPCA

Moon · Answer

ok, je fais ça ce soir, je dois partir.
Merci beaucoup.
Bonne journée à toi

Moon · Answer

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-19 20:37:20.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
C:\WINDOWS\system32\d3dimb.dll.bak
C:\WINDOWS\system32\ihiyjnst.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WBBLPCAE
-------\poof
-------\wbblpcae

((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
.

2008-02-19 07:59 . 2008-02-19 20:40 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-18 19:32 . 2008-02-18 19:32 14,043,930 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-16 21:20 . 2008-02-16 21:37 <REP> d-------- C:\SDFix
2008-02-12 11:12 . 2008-02-12 11:12 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-12 11:12 . 2008-02-12 11:12 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-02-09 16:55 . 2008-02-09 16:55 <REP> d-------- C:\Program Files\MSBuild
2008-02-09 16:53 . 2008-02-09 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-09 16:50 . 2008-02-09 16:54 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-09 16:50 . 2008-02-13 22:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-06 20:44 . 2008-02-06 21:22 <REP> d-------- C:\Documents and Settings\yves\Application Data\U3
2008-02-05 18:17 . 2002-03-05 15:24 36,864 -ra------ C:\WINDOWS\system32\deluidrv.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\usbmonit.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\delentry.exe
2008-02-05 18:17 . 2002-03-05 15:24 21,064 -ra------ C:\WINDOWS\system32\drivers\geneuide.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 19:34 --------- d-----w C:\Program Files\The Cleaner
2008-02-19 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-16 20:06 --------- d-----w C:\Program Files\Navilog1
2008-02-11 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 15:55 --------- d-----w C:\Program Files\Microsoft Works
2008-02-08 18:01 --------- d-----w C:\Program Files\eMule
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\XnView
2008-01-23 19:21 --------- d-----w C:\Program Files\Canon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 08:01 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"tcactive"="C:\Program Files\The Cleaner\tca.exe" [2004-04-09 08:26 631808]
"tcmonitor"="C:\Program Files\The Cleaner\tcm.exe" [2004-03-13 12:48 388096]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-17 15:22 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\yves\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-23 20:32:03 124912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wbblpcae

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-19 18:15:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 20:41:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-19 20:41:31
ComboFix-quarantined-files.txt 2008-02-19 19:41:22
ComboFix2.txt 2008-02-18 10:57:28
ComboFix3.txt 2007-08-15 17:28:24
.
2008-02-13 21:20:42 --- E O F ---

Moon · Answer

Bonsoir, voici les rapports de scan que tu m'as demandé. Merci


Logfile of HijackThis v1.99.1
Scan saved at 20:52:37, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner	ca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner	cm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

FillPCA · Answer

Re,

1/     *  Sélectionne le texte suivant :

NetSvc::
wbblpcae

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

3/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

4/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite ces rapports : Combofix, AVGantispyware et Kaspersky.

FillPCA

Moon · Answer

Bonsoir, désolé pour le manque de suivi, travail oblige.
Voici donc le rapport Combofix. Merci beaucoup de ton aide.

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-21 20:39:31.11 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.560 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.

2008-02-20 07:03 . 2008-02-20 07:03 0 --a------ C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-19 07:59 . 2008-02-21 20:42 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-18 19:32 . 2008-02-18 19:32 14,043,930 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-16 21:20 . 2008-02-16 21:37 <REP> d-------- C:\SDFix
2008-02-12 11:12 . 2008-02-12 11:12 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-12 11:12 . 2008-02-12 11:12 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-02-09 16:55 . 2008-02-09 16:55 <REP> d-------- C:\Program Files\MSBuild
2008-02-09 16:53 . 2008-02-09 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-09 16:50 . 2008-02-09 16:54 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-09 16:50 . 2008-02-13 22:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-06 20:44 . 2008-02-06 21:22 <REP> d-------- C:\Documents and Settings\yves\Application Data\U3
2008-02-05 18:17 . 2002-03-05 15:24 36,864 -ra------ C:\WINDOWS\system32\deluidrv.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\usbmonit.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\delentry.exe
2008-02-05 18:17 . 2002-03-05 15:24 21,064 -ra------ C:\WINDOWS\system32\drivers\geneuide.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 16:31 --------- d-----w C:\Program Files\The Cleaner
2008-02-19 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-16 20:06 --------- d-----w C:\Program Files\Navilog1
2008-02-11 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 15:55 --------- d-----w C:\Program Files\Microsoft Works
2008-02-08 18:01 --------- d-----w C:\Program Files\eMule
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\XnView
2008-01-23 19:21 --------- d-----w C:\Program Files\Canon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 08:01 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"tcactive"="C:\Program Files\The Cleaner\tca.exe" [2004-04-09 08:26 631808]
"tcmonitor"="C:\Program Files\The Cleaner\tcm.exe" [2004-03-13 12:48 388096]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-17 15:22 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\yves\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-23 20:32:03 124912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-21 19:15:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 20:42:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-21 20:43:10
ComboFix-quarantined-files.txt 2008-02-21 19:43:01
ComboFix2.txt 2008-02-19 19:41:32
ComboFix3.txt 2008-02-18 10:57:28
ComboFix4.txt 2007-08-15 17:28:24
.
2008-02-13 21:20:42 --- E O F ---

FillPCA · Answer

Salut,

Combofix a bien travaillé. J'attends le rapport AVGantispyware et le rapport antivirus.

FillPCA

Moon · Answer

Désolé, pas pu revenir avant. Je fais les scans demain matin. Merci beaucoup à toi.

moon · Answer

Désolé pour le retard et le manque de suivi mais periode d'ecrits dans mon travail.
Merci pour votre aide
Bonne soirée



AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	22:28:39 25/03/2008

 + Résultat de l'analyse:	



C:\Documents and Settings\yves\Bureau\Install3373.exe -> Not-A-Virus.Hoax.Win32.Renos.avb : Aucune action entreprise.
C:\Documents and Settings\yves\Local Settings\Application Data\Mozilla\Firefox\Profiles\ve9lxfqd.default\Cache\8F458952d01 -> Not-A-Virus.Hoax.Win32.Renos.avb : Aucune action entreprise.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP8\A0000437.exe -> Not-A-Virus.Hoax.Win32.Renos.avb : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ice.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@webpopulation.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.104:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.110:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.144:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.119:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adviva[2].txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@adviva[2].txt -> TrackingCookie.Adviva : Aucune action entreprise.
:mozilla.129:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@commission-junction[1].txt -> TrackingCookie.Commission-junction : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.77:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-psychologies.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@searchportal.information[1].txt -> TrackingCookie.Information : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@mediaplex[2].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@perf.overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@revenue[2].txt -> TrackingCookie.Revenue : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@revsci[2].txt -> TrackingCookie.Revsci : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statcounter[2].txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@statcounter[1].txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.51:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.54:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.134:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
:mozilla.111:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.112:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.113:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.114:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@argenius.solution.weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@nestle.solution.weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@webo.solution.weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@m.webtrends[1].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport

moon · Answer

Désolé pour le retard et le manque de suivi mais periode d'ecrits dans mon travail.
Merci pour votre aide
Bonne soirée



AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	22:28:39 25/03/2008

 + Résultat de l'analyse:	



C:\Documents and Settings\yves\Bureau\Install3373.exe -> Not-A-Virus.Hoax.Win32.Renos.avb : Aucune action entreprise.
C:\Documents and Settings\yves\Local Settings\Application Data\Mozilla\Firefox\Profiles\ve9lxfqd.default\Cache\8F458952d01 -> Not-A-Virus.Hoax.Win32.Renos.avb : Aucune action entreprise.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP8\A0000437.exe -> Not-A-Virus.Hoax.Win32.Renos.avb : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ice.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@webpopulation.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.104:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.110:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.144:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.119:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adviva[2].txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@adviva[2].txt -> TrackingCookie.Adviva : Aucune action entreprise.
:mozilla.129:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@commission-junction[1].txt -> TrackingCookie.Commission-junction : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.77:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-psychologies.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@searchportal.information[1].txt -> TrackingCookie.Information : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@mediaplex[2].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@perf.overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@revenue[2].txt -> TrackingCookie.Revenue : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@revsci[2].txt -> TrackingCookie.Revsci : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statcounter[2].txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@statcounter[1].txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.51:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.54:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.134:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
:mozilla.111:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.112:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.113:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.114:C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles	x2x4m0e.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@argenius.solution.weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@nestle.solution.weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@webo.solution.weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\yves\Cookies\yves@m.webtrends[1].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport

FillPCA · Answer

Salut,

Vu la date du dernier message, il va falloir reprendre à zéro.
Edite un rapport Hijackthis.

FillPCA

Moon · Answer

Ok, merci bien, j'ai pas pu faire plus vite, désolé.


Logfile of HijackThis v1.99.1
Scan saved at 10:45:06, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner	ca.exe
C:\Program Files\The Cleaner	cm.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner	ca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner	cm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

FillPCA · Answer

Salut,

1/     *  Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
          o afficher les fichiers et dossiers cachés,
          o décocher "masquer les extensions des fichiers dont le type est connu",
          o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

2/     *  Peux-tu tester ceci : C:\WINDOWS\arservice.exe
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

3/ AVGantispyware a été mal utilisé car dans le rapport, il est écrit "aucune action entreprise".

# Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.
# Clique sur le bouton Analyse (de la barre d'outils),
# Puis sur l'onglet Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

4/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite ces rapports :
Virustotal, AVGantispyware et Kaspersky.

FillPCA

Win32:BHO-KD que faire?

61 réponses

Discussions similaires

Newsletters