Trojan Win32.BHO-JKRésolu/Fermé

Question

Bonjour,
Depuis le 10.12 le troyen win 32.BHO-JK a infecté mon pc. Il plante. J'ai reçu une centaine d'alertes par avast antivirus et ces alertes croissent.... J'ai utilisé spyware doctor, spybot, ad aware.... J'ai zone alarm pro. et rien ne me le détecte. Avast n'arrive pas à supprimier le logiciel malveillant.  Je ne sais plus quoi faire.... Si vous pouviez m'aider. Merci beaucoup d'avance.
Zando.

FillPCA · Answer

Bonjour,

Peux-tu éditer un rapport Hijackthis ?

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm


Fais un scan et poste l'analyse.


FillPCA

Zandollydor · Answer

Je suis novice mercie de votre aide : 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:31, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\The Cleaner Free\cleaner.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\607GWY4O\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AED836EE-F897-4CF0-995D-40EDE3838FD5} - C:\WINDOWS\system32\vtstr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: hggfebc - hggfebc.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

FillPCA · Answer

Re,

Belle infection !

Tu as attrapé cela avec Emule ?

1/     *  Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
    * Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
    * Clique sur l'onglet  "diagnostic du PC" puis "analyser".
    * Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
    * Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
    * Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

2/     *  Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

FillPCA

Zandollydor · Answer

Mes réponses ne vous parviennent plus....
# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :08/12/2007 14:35:03
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\The Cleaner Free\cleaner.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Zando\LOCALS~1\Temp\Rar$EX00.313\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.118712.fr/sortir.html
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = https://www.printme.com/support/adobe/index.html
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
02 - BHO:  - {AED836EE-F897-4CF0-995D-40EDE3838FD5} - C:\WINDOWS\system32\vtstr.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [IMJPMIG8.1] - "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
04 - HKLM\..\RUN: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKLM\..\RUN: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKLM\..\RUN: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [eabconfg.cpl] - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [hpWirelessAssistant] - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
04 - HKLM\..\RUN: [SoundMAXPnP] - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
04 - HKLM\..\RUN: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
04 - HKLM\..\RUN: [ATIPTA] - "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe
04 - HKLM\..\RUN: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
04 - HKLM\..\RUN: [ZoneAlarm Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [AGRSMMSG] - AGRSMMSG.exe
04 - HKLM\..\RUN: [Cpqset] - C:\Program Files\HPQ\Default Settings\cpqset.exe
04 - HKLM\..\RUN: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe
04 - HKLM\..\RUN: [TkBellExe] - "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [SDTray] - "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RUN: [ccleaner] - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
04 - HKLU\..\RUN: [IncrediMail] - C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
04 - HKLU\..\RUN: [msnmsgr] - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
04 - HKLU\..\RUN: [eMuleAutoStart] - C:\Program Files\eMule\emule.exe -AutoStart
04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLM\..\RunServices: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLM\..\RunServices: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLM\..\RunServices: [ccleaner] - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
04 - HKLM\..\RunServices: [IncrediMail] - C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
04 - HKLM\..\RunServices: [msnmsgr] - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
04 - HKLM\..\RunServices: [eMuleAutoStart] - C:\Program Files\eMule\emule.exe -AutoStart
04 - HKLM\..\RunServices: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLU\..\RunServices: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RunServices: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RunServices: [ccleaner] - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
04 - HKLU\..\RunServices: [IncrediMail] - C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
04 - HKLU\..\RunServices: [msnmsgr] - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
04 - HKLU\..\RunServices: [eMuleAutoStart] - C:\Program Files\eMule\emule.exe -AutoStart
04 - HKLU\..\RunServices: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKUS\S-1-5-21-1275210071-1284227242-839522115-1004\..\RUN: [ctfmon.exe] - "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
04 - HKUS\S-1-5-21-1275210071-1284227242-839522115-1004\..\RUN: [swg] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKUS\S-1-5-21-1275210071-1284227242-839522115-1004\..\RUN: [ccleaner] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKUS\S-1-5-21-1275210071-1284227242-839522115-1004\..\RUN: [IncrediMail] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
04 - HKUS\S-1-5-21-1275210071-1284227242-839522115-1004\..\RUN: [msnmsgr] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKUS\S-1-5-21-1275210071-1284227242-839522115-1004\..\RUN: [eMuleAutoStart] - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
04 - HKUS\S-1-5-21-1275210071-1284227242-839522115-1004\..\RUN: [SpybotSD TeaTimer] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - Global Startup: HP Digital Imaging Monitor.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
04 - Global Startup: Outil de mise à jour Google.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra 'Tools' menuitem:  - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 
09 - Extra button:  - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra button:  - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :  Microsoft Data Collection Control - {0742B9EF-8C83-41CA-BFBA-830A59E23533} - C:\WINDOWS\Downloaded Program Files\MSDcode.dll
O16 - DPF :  Facebook Photo Uploader 4 Control - {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
O16 - DPF :  Facebook Photo Uploader Control - {5F8469B4-B055-49DD-83F7-62B522420ECC} - C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx
O16 - DPF :  HpProductDetection Class - {6B75345B-AA36-438A-BBE6-4078B4C6984D} - C:\Program Files\HP\Common\HPDeviceDetection.dll
O16 - DPF :  HouseCall Control - {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - C:\WINDOWS\DOWNLO~1\xscan53.ocx
O16 - DPF :  Java Plug-in 1.6.0_03 - {8AD9C840-044E-11D1-B3E9-00805F499D93} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF :   - {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - 
O16 - DPF :  Get_ActiveX Control - {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
O16 - DPF :  Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [] - %SystemRoot%\system32\Ati2evxx.exe
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Windows Presentation Foundation Font Cache 3.0.0.0] - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [HP WMI Interface] - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [iPod Service] - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [Pml Driver HPZ12] - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32svp.exe
O23 - Service: [PC Tools Auxiliary Service] - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: [PC Tools Security Service] - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: [SoundMAX Agent Service] - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DACF2D2D-FFB9-4F72-818F-00913A6B12E3}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [TrueVector Internet Monitor] - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

Zandollydor · Answer

[CODE] 2007-12-08,14:42:19 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Google Inc] <"C:\Program Files\CCleaner\ccleaner.exe" /AUTO> [N/A] [IncrediMail, Ltd.] <"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] https://www.emule-project.net/home/perl/general.cgi?l=1 [(Verified)Safer Networking Ltd.] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [Hewlett-Packard Co.] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [Hewlett-Packard ] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [Hewlett-Packard Company] [Analog Devices, Inc.] [Analog Devices, Inc.] <"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] [Apple Computer, Inc.] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] [(Verified)ALWIL Software] <"C:\Program Files\Spyware Doctor\SDTrayApp.exe"> [(Verified)PC Tools] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggfebc] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== Startup Folders [HP Digital Imaging Monitor] C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [Outil de mise à jour Google] C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [Google]> ================================== Services [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start] [Google Updater Service / gusvc][Running/Auto Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [HP WMI Interface / hpqwmi][Running/Manual Start]

[Windows CardSpace / idsvc][Stopped/Manual Start] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"> [iPod Service / iPodService][Running/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start] [PC Tools Auxiliary Service / sdAuxService][Running/Auto Start] [PC Tools Security Service / sdCoreService][Running/Auto Start] [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start] [TrueVector Internet Monitor / vsmon][Running/Auto Start] ================================== Drivers [Service d'installation du pilote audio Intel(r) 82801 (WDM) / ac97intc][Stopped/Manual Start] [aeaudio / aeaudio][Running/Manual Start] [PPdus ASPI Shell / Afc][Running/Manual Start] [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start] [ati2mtag / ati2mtag][Running/Manual Start] [Pilote de carte Intel (R) PRO / E100B][Stopped/Manual Start] [eabfiltr / eabfiltr][Running/System Start] <\??\C:\WINDOWS\system32\drivers\EABFiltr.sys> [eabusb / eabusb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\eabusb.sys> [GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start] [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [File Security Driver / IKFileSec][Running/Boot Start] <\SystemRoot\system32\drivers\ikfilesec.sys> [System Filter Driver / IKSysFlt][Running/System Start] [System Security Driver / IKSysSec][Running/System Start] [MidiSyn / MidiSyn][Stopped/Manual Start] [Pilote de carte réseau Ethernet ou Fast Ethernet Compaq / N100][Stopped/Manual Start] [Webcam Deluxe / ovt530][Stopped/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [senfilt / senfilt][Running/Manual Start] [smwdm / smwdm][Running/Manual Start] [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [SymEvent / SymEvent][Stopped/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS> [SYMIDSCO / SYMIDSCO][Stopped/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20040824.002\symidsco.sys> [tifm21 / tifm21][Running/Manual Start] [vsdatant / vsdatant][Running/System Start] [Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP / w29n51][Running/Manual Start] [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] ================================== Browser Add-ons [Spybot-S&D IE Protection] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [] {AED836EE-F897-4CF0-995D-40EDE3838FD5} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Spybot-S&D IE Protection] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [Microsoft Data Collection Control] {0742B9EF-8C83-41CA-BFBA-830A59E23533} [Facebook Photo Uploader 4 Control] {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [Facebook Photo Uploader Control] {5F8469B4-B055-49DD-83F7-62B522420ECC} [HpProductDetection Class] {6B75345B-AA36-438A-BBE6-4078B4C6984D} [HouseCall Control] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Get_ActiveX Control] {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [Java Plug-in 1.5.0_02] {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [Microsoft Data Collection Control] {0742B9EF-8C83-41CA-BFBA-830A59E23533} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [Spybot-S&D IE Protection] {53707962-6F74-2D53-2644-206D7942484F} [DeviceEnum Class] {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Facebook Photo Uploader 4 Control] {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [Facebook Photo Uploader Control] {5F8469B4-B055-49DD-83F7-62B522420ECC} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [DivXBrowserPlugin Object] {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HpProductDetection Class] {6B75345B-AA36-438A-BBE6-4078B4C6984D} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [HouseCall Control] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [] {98A3C275-4A81-4F1E-8494-BD84A88F662D} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Get_ActiveX Control] {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [] {AED836EE-F897-4CF0-995D-40EDE3838FD5} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [VIDEO__AVI Moniker Class] {CD3AFA88-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Google Updater Class] {D6A5A215-FBF3-45E5-ABF8-22FF50916184} [iTunesDetector Class] {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [] {EF7E41A1-B72D-47E3-9AC9-34C14C545E1B} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [E&xporter vers Microsoft Excel] ================================== Running Processes [PID: 652 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 736 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 784 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 796 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\vtstr.dll] [N/A, ] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 976 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1016 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1120 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1160 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1312 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1404 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1420 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1484 / Zando][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\vtstr.dll] [N/A, ] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\WinRAR arext.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [PID: 1988 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 524 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1184 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.003] [C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011] [C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1648 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1768 / SYSTEM][C:\Program Files\Spyware Doctor\svcntaux.exe] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1852 / SYSTEM][C:\Program Files\Spyware Doctor\swdsvc.exe] [PC Tools, 5.0.5.23] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\commhlpr.dll] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\RegHelper.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\inethlpr.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\filehlpr.dll] [PC Tools, 5.0.5.21] [C:\Program Files\Spyware Doctor\sdcore.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Spyware Doctor\FileStorage.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\Settings.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\IDBLib.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\SDInfo.sdp] [PC Tools, 5.0.5.8] [C:\Program Files\Spyware Doctor\SDExtra.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\PCTWSC.dll] [PC Tools, 1, 0, 0, 7] [C:\Program Files\Spyware Doctor\Immunizer.sdp] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\Localizer.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\NfyMan.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\quarantine.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\BH.dll] [PC Tools, 5.0.5.0] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\RebootManager.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\scaneng.sdp] [PC Tools, 5.0.5.5] [C:\Program Files\Spyware Doctor\stasks.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\SystemMonitor.sdp] [PC Tools, 5.0.5.44] [C:\Program Files\Spyware Doctor\whitelist.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\plugins\Browsers.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\plugins\grfiles.SDP] [PC Tools, 5.0.5.27] [C:\Program Files\Spyware Doctor\plugins\grregistry.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\SH.dll] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\plugins\Network.SDP] [PC Tools, 5.0.5.12] [C:\Program Files\Spyware Doctor\plugins\Process.SDP] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\plugins\StartUp.SDP] [PC Tools, 5.0.5.2] [PID: 1912 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2000 / Zando][C:\Program Files\Spyware Doctor\SDTrayApp.exe] [PC Tools, 5.0.5.31] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\cdialogs.dll] [PC Tools, 5.0.5.23] [C:\Program Files\Spyware Doctor\pwindow.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2016 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2424 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2452 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2488 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2900 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 3732 / Zando][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1224 / Zando][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe] [Hewlett-Packard , 5, 1, 1, 2] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL] [Hewlett-Packard , 5, 1, 1, 2] [C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL] [Hewlett-Packard , 5, 1, 1, 2] [PID: 1900 / Zando][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2116 / Zando][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] [Hewlett-Packard Company, 1, 1, 1, 3] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2268 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 788 / Zando][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 5, 0, 2, 2] [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Devices, Inc., 5, 0, 2, 008] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2756 / SYSTEM][C:\Program Files\HPQ\shared\hpqwmi.exe] [Hewlett-Packard Development Company, L.P., 1, 0, 4, 3] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2760 / Zando][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5160] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5160] [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5160] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5160] [PID: 3068 / Zando][C:\Program Files\Apoint2K\Apoint.exe] [Alps Electric Co., Ltd., 5.5.1.200] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Apoint2K\ApResFR.dll] [Alps Electric Co., Ltd., 5.5.1.13] [C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.6] [C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.2.248] [C:\Program Files\Apoint2K\EzAuto.dll] [Alps Electric Co., Ltd., 4.5.1.83] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Apoint2K\EzLaunch.DLL] [Alps Electric Co., Ltd., 5.5.1.63] [PID: 3176 / Zando][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.51 2.1.51 03/04/2005 12:01:54] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 3228 / Zando][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 4.7.0.42] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 4.7.0.42] [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 4.7.0.42] [PID: 1392 / Zando][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.4279] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 220 / Zando][C:\Program Files\Apoint2K\Apntex.exe] [Alps Electric Co., Ltd., 5.5.1.21] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.6] [C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.2.248] [PID: 232 / Zando][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Alwil Software\Avast4\AavmGuih.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 3424 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 4.7.0.42] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 4.7.0.42] [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 4.7.0.42] [PID: 3688 / Zando][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1012 / Zando][C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.206.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.206.000] [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll] [Hewlett-Packard Co., 53.0.20.000] [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Hp\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [PID: 2252 / Zando][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.969.23408.beta] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Google\Google Updater\2.2.969.23408\ci.dll] [Google, 2.2.969.23408.beta] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [PID: 3520 / Zando][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000] [PID: 3796 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00] [PID: 2888 / Zando][C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] [Safer Networking Limited, 1, 5, 0, 9] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Spybot - Search & Destroy\advcheck.dll] [Safer Networking Limited, 1, 5, 3, 0] [PID: 2176 / Zando][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [PID: 2652 / Zando][C:\Program Files\The Cleaner Free\cleaner.exe] [MooSoft Development Inc, 5.0.0.134] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\The Cleaner Free\ms0012.dll] [MooSoft Development Inc, 1.0.0.184] [C:\Program Files\The Cleaner Free\ms0002.dll] [MooSoft Development Inc, 1.0.0.457] [C:\Program Files\The Cleaner Free\ms0008.dll] [MooSoft Development Inc, 1.0.0.373] [C:\Program Files\The Cleaner Free\ms0007.dll] [MooSoft Development Inc, 1.0.0.427] [C:\Program Files\The Cleaner Free\ms0006.dll] [MooSoft Development Inc, 1.0.0.444] [C:\Program Files\The Cleaner Free\ms0005.dll] [MooSoft Developemnt Inc, 1.0.0.395] [C:\Program Files\The Cleaner Free\ms0009.dll] [MooSoft Development Inc, 1.0.0.379] [C:\Program Files\The Cleaner Free\ms0003.dll] [MooSoft Development Inc, 1.0.0.497] [C:\Program Files\The Cleaner Free\ms0011.dll] [MooSoft Development Inc, 1.0.0.183] [C:\Program Files\The Cleaner Free\ms0001.dll] [MooSoft Development Inc, 1.0.0.463] [C:\Program Files\The Cleaner Free\ztvunrar36.dll] [N/A, ] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\ieframe.DLL] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\The Cleaner Free\ms1000.dll] [MooSoft Development Inc, 1, 0, 0, 1] [PID: 2244 / Zando][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [c:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1601, 4978] [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8] [C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5] [C:\Program Files\Java\jre1.6.0_03\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\vtstr.dll] [N/A, ] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461] [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [PID: 4012 / Zando][C:\Documents and Settings\Zando\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Documents and Settings\Zando\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A

FillPCA · Answer

Re,

# Télécharge Vundofix  (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
# Double-clique VundoFix.exe afin de le lancer.
# Clique sur le bouton Scan for Vundo.
# Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
# Une invite te demandera si tu veux supprimer les fichiers, clique YES.
# Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
# Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

FillPCA

FillPCA · Answer

Re,
As-tu vu ceci :
http://www.commentcamarche.net/forum/affich 4258095 trojan win32 bho jk#6

FillPCA

FillPCA · Answer

Re,
Oui, c'est ce rapport qu'il me faut, mais nos réponses se sont croisées donc je ne savais pas si tu avais lu cette info.

FillPCA

FillPCA · Answer

Re,

Non, je parle du rapport de Vundofix que tu auras après avoir fini de passer le scan, qui peut prendre un peu de temps en effet.

FillPCA

FillPCA · Answer

Re,

    *  Lance Vundofix mais ne clique pas sur "Scan for Vundo".
    * Fais un clic droit sur la fenêtre blanche et choisis "add more files".
    * Indique le ou les fichiers suivants dans les cases (un fichier par case) :

C:\WINDOWS\system32\vtstr.dll

    * Clique sur "add files" puis "close windows".
    * Clique sur "Remove Vundo". Un redémarrage sera peut-être nécessaire.
    * Poste le rapport généré. Il se trouve ici :  C:\vundofix.txt

FillPCA

FillPCA · Answer

Re,

1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O2 - BHO: (no name) - {007EA891-48DF-4281-9163-F6E42A8623F1} - C:\WINDOWS\system32\vtstr.dll (file missing) 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O20 - Winlogon Notify: hggfebc - hggfebc.dll (file missing)

Clique sur fix/réparer.

2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

3/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

4/ Edite les rapports suivants :
AVGantispyware, Kaspersky et un nouveau rapport Hijackthis.

FillPCA

Zandollydor · Answer

OUh !!!!!
Après 1h50 de scan, voici les résultats de AVG  Anti-spyware :
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:30:56 08/12/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Zando\Cookies\zando@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@real[2].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Zando\Cookies\zando@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport





Je commence le scan Kaspersky.....

FillPCA · Answer

Re,

Oui. Ces scans sont très longs, notamment Kaspersky.

FillPCA

Zandollydor · Answer

Re- Bonsoir,

Voilà les résultats du scan : 
Saturday, December 08, 2007 10:07:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 477363
 
 
Scan Settings 
Scan using the following antivirus database extended 
Scan Archives true 
Scan Mail Bases true 
 
Scan Target My Computer 
C:\
D:\  
 
Scan Statistics 
Total number of scanned objects 53884 
Number of viruses found 0 
Number of infected objects 0 
Number of suspicious objects 0 
Duration of the scan process 01:20:43 

Infected Object Name Virus Name Last Action 
C:\Documents and Settings\LocalService\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\LocalService\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Cookies\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Messenger\zandollydor@hotmail.com\SharingMetadata\Logs\Dfsr00005.log  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Messenger\zandollydor@hotmail.com\SharingMetadata\pending.dat  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Messenger\zandollydor@hotmail.com\SharingMetadata\Working\database_7C88_EA6B_88EA_237E\dfsr.db  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Messenger\zandollydor@hotmail.com\SharingMetadata\Working\database_7C88_EA6B_88EA_237E\fsr.log  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Messenger\zandollydor@hotmail.com\SharingMetadata\Working\database_7C88_EA6B_88EA_237E\fsrtmp.log  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Messenger\zandollydor@hotmail.com\SharingMetadata\Working\database_7C88_EA6B_88EA_237E	mp.edb  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Application Data\Microsoft\Windows Live Contacts\zandollydor@hotmail.comeal\members.stg  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Historique\History.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Historique\History.IE5\MSHist012007120820071209\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Temp\hpodvd09.log  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Temp\Perflib_Perfdata_a50.dat  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Temp\~DF78F6.tmp  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Temp\~DF8609.tmp  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Temp\~DF8682.tmp  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\E37JRI7R\l[1].swf  Object is locked  skipped  
 
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\index.dat  Object is locked  skipped  
 
C:\Documents and Settings\Zando\NTUSER.DAT  Object is locked  skipped  
 
C:\Documents and Settings\Zando
tuser.dat.LOG  Object is locked  skipped  
 
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat  Object is locked  skipped  
 
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db  Object is locked  skipped  
 
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int  Object is locked  skipped  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws  Object is locked  skipped  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log  Object is locked  skipped  
 
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log  Object is locked  skipped  
 
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt  Object is locked  skipped  
 
C:\System Volume Information\MountPointManagerRemoteDatabase  Object is locked  skipped  
 
C:\System Volume Information\_restore{668B0B51-6BB6-4126-A13E-FE61D122F5BF}\RP79\change.log  Object is locked  skipped  
 
C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs\EMMA-1E1438022B.ldb  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs\fwdbglog.txt  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs\fwpktlog.txt  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs\IAMDB.RDB  Object is locked  skipped  
 
C:\WINDOWS\Internet Logs	vDebug.log  Object is locked  skipped  
 
C:\WINDOWS\SchedLgU.Txt  Object is locked  skipped  
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked  skipped  
 
C:\WINDOWS\Sti_Trace.log  Object is locked  skipped  
 
C:\WINDOWS\system32\CatRoot2\edb.log  Object is locked  skipped  
 
C:\WINDOWS\system32\CatRoot2	mp.edb  Object is locked  skipped  
 
C:\WINDOWS\system32\config\Antivirus.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\default  Object is locked  skipped  
 
C:\WINDOWS\system32\config\default.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\Internet.evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SAM  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\software  Object is locked  skipped  
 
C:\WINDOWS\system32\config\software.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped  
 
C:\WINDOWS\system32\config\system  Object is locked  skipped  
 
C:\WINDOWS\system32\config\system.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\h323log.txt  Object is locked  skipped  
 
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked  skipped  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked  skipped  
 
C:\WINDOWS\Temp\Perflib_Perfdata_29c.dat  Object is locked  skipped  
 
C:\WINDOWS\Temp\ZLT0039e.TMP  Object is locked  skipped  
 
C:\WINDOWS\Temp\ZLT021f5.TMP  Object is locked  skipped  
 
C:\WINDOWS\Temp\_avast4_\Webshlock.txt  Object is locked  skipped  
 
C:\WINDOWS\wiadebug.log  Object is locked  skipped  
 
C:\WINDOWS\wiaservc.log  Object is locked  skipped  
 
C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped  
 
Scan process completed. 



Je fais suivre du rapport Hijackthis.

zandollydor · Answer

Faut-il que je sélectionne tous les "Infected Object Name Virus Name Last Action " et que j'effectue l'action "send"????

FillPCA · Answer

Non, c'est propre.

    *  Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

As-tu toujours des soucis ?

FillPCA

FillPCA · Answer

Re,

Si tu n'as plus de soucis, tu peu faire cela :

1/ Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
2/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
Tu peux par contre, garder AVG Antispyware et CCleaner.
3/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois  ouvrir une session Administrateur sous Windows XP. 
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. 
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs" 
> Appliquer et Ok. Redémarrer l'ordinateur.
4/ Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902 
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp 
5/ Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Ton infection : VUNDO ***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM 
6/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
7/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

FillPCA

zandollydor · Answer

Merci pour tous ces renseignements. Je vais faire ce que vous me conseillez. 
Mon pc est toujours un peu lent, mais je n'ai plus d'alertes avast je refais un scan pr être sure.
En antivirus, avast est assez sûr (en gratuit)?
Il n'y aura pas de "séquelles" du trojan sur mon pc? Le système ne sera -t-il pas instable? je suis protégée contre de nouvelles attaques? 
Je suis étudiante, et j'ai tous mes cours, mon mémoire sur ce pc. Je vous dois une fière chandelle et ne sais comment vous remercier.
Je vous souhaite une bonne soirée.
Zando

FillPCA · Answer

Bonjour,

Je prends connaissance de ton post ce matin.

On continue si l'infection est toujours là.

    *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite aussi un nouveau rapport Hijackthis.

FillPCA

zandollydor · Answer

Bonjour!
Eh oui cette infection periste.
Voici le rapport de Combofix, merci de continuer à m'aider :
ComboFix 07-12-09.1 - Zando 2007-12-09 10:21:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.101 [GMT 1:00]
Running from: C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\OLET3MPC\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.

2007-12-08 19:34 . 2007-12-08 19:34 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-08 19:34 . 2007-12-08 19:34 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-08 17:41 . 2007-12-08 17:41 <REP> d----c--- C:\Documents and Settings\Zando\Application Data\Grisoft
2007-12-08 17:41 . 2007-12-08 17:41 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 17:41 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-08 14:00 . 2007-12-08 14:00 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-12-07 23:09 . 2007-12-09 10:45 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-07 23:08 . 2007-12-09 10:35 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-07 23:08 . 2007-12-07 23:08 <REP> d----c--- C:\Documents and Settings\Zando\Application Data\PC Tools
2007-12-07 23:08 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-07 23:08 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-07 23:08 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-07 23:08 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-07 23:07 . 2007-12-09 10:12 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-07 20:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-07 19:42 . 2007-12-04 14:04 837,496 --a--c--- C:\WINDOWS\system32\aswBoot.exe
2007-12-07 19:42 . 2004-01-09 10:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2007-12-07 19:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-07 19:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-07 19:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-07 19:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-07 19:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-07 19:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-07 13:13 . 2007-12-07 13:13 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-07 13:08 . 2007-12-07 12:13 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 13:07 . 2007-12-07 13:08 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 12:17 . 2007-12-07 12:17 <REP> d-------- C:\WINDOWS\report
2007-12-07 12:13 . 2007-12-07 13:08 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-07 12:13 . 2007-12-07 12:13 1,902,547 --a------ C:\WINDOWS\tsc.ptn
2007-12-07 12:13 . 2007-12-07 13:08 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-07 12:13 . 2007-12-07 12:13 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-07 12:13 . 2007-12-07 13:08 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-07 12:13 . 2007-12-07 12:13 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-07 12:13 . 2007-12-07 13:15 823 --a------ C:\WINDOWS\tsc.ini
2007-12-07 12:12 . 2007-12-07 12:13 39,917,509 --a------ C:\WINDOWS\VPTNFILE.869
2007-12-07 12:10 . 2007-12-07 12:10 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-07 12:10 . 2007-12-07 12:10 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-07 12:10 . 2007-12-07 12:10 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-07 12:10 . 2007-12-07 12:10 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-07 12:10 . 2007-12-07 13:07 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-12-02 14:47 . 2007-12-08 16:58 82,930 ---hs---- C:\WINDOWS\system32\rtstv.ini
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 22:52 . 2007-11-28 22:52 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-11-28 22:52 . 2007-11-28 22:52 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-11-26 00:25 . 2007-11-26 00:25 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-11-26 00:23 . 2007-11-26 00:23 <REP> d-------- C:\Program Files\Real
2007-11-26 00:23 . 2007-11-26 00:25 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-11-22 09:40 . 2007-11-24 13:45 7,133 ---hs---- C:\WINDOWS\system32\rtstv.bak2
2007-11-21 18:59 . 2007-11-21 18:59 6,367 ---hs---- C:\WINDOWS\system32\rtstv.bak1
2007-11-14 00:15 . 2007-11-14 00:15 <REP> d-------- C:\eb3a54665cae6de64ade7ae7

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 22:15 --------- d-----w C:\Program Files\eMule
2007-12-08 12:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 22:07 --------- d-----w C:\Program Files\Google
2007-12-06 22:31 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-05 18:25 --------- d-----w C:\Program Files\DivX
2007-11-27 11:14 141,796 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_27_07_20_04_small.dmp.zip
2007-11-24 20:48 24,523,778 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_24_19_26_34_full.dmp.zip
2007-11-24 20:48 130,642 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_24_19_58_54_small.dmp.zip
2007-11-23 07:22 168,686 ----a-w C:\WINDOWS\Fonts\cranberry_blues.zip
2007-11-21 17:08 7,456,042 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-18 19:30 --------- dc----w C:\Documents and Settings\Zando\Application Data\Image Zone Express
2007-11-15 21:06 140,084 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_15_22_01_12_small.dmp.zip
2007-11-13 22:37 138,422 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_13_18_58_18_small.dmp.zip
2007-11-07 15:23 --------- d-----w C:\Program Files\MSECache
2007-11-07 10:15 142,657 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_07_07_15_13_small.dmp.zip
2007-11-06 17:53 140,890 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_06_18_01_58_small.dmp.zip
2007-11-05 17:20 145,305 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_16_42_21_small.dmp.zip
2007-11-05 15:02 139,653 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_10_27_39_small.dmp.zip
2007-10-21 23:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 18:24 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2007-10-13 11:31 --------- d-----w C:\Program Files\Java
2007-10-13 06:46 137,596 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_12_13_45_22_small.dmp.zip
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 22:04]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" []
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2007-09-20 14:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-16 14:32]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 14:21]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 15:38]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 13:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-03-29 13:45]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 15:04]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-26 00:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys
S3 N100;Pilote de carte réseau Ethernet ou Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys
S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b6ff6c-6675-11dc-a791-001500393860}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-09 09:52:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 10:51:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?2?7?2??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 10:56:45 - machine was rebooted
.
--- E O F ---

Je fais suivre du rapport Hijackthis.

zandollydor · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
otepad.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\E37JRI7R\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

FillPCA · Answer

Re,

Curieux. Les rapports ne montrent rien.

Quel genre de problème as-tu ?

1/     *  Télécharge DiagHelp.zip sur ton bureau(Merci Malekal)  : http://www.malekal.com/download/DiagHelp.zip
Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    * Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
    * Un nouveau dossier chercher va être créé.
    * Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    * Une fenêtre va s'ouvrir, choisis l'option 1
    * L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
    * Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
    * Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
    * Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
    * Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

2/     *  Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

3/     *  Télécharge GenProc (de Lazzzy et Narco4) sur ton bureau : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
    * Dézippe-le sur ton bureau (Clic droit>Extraire ici).
    * Double-clique sur GenProc.bat et édite le rapport généré par le programme.
    * Tu trouveras une aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

FillPCA

zandollydor · Answer

Mon pc rame terriblement. Il lui faut près de 15 min pour démarrer, et il bugge "bizarrement", si ça peut vous intéresser, je peux lancer une analyse avst et vous envoyer le rapport?

FillPCA · Answer

Re,

Non, édite simplement les rapports demandés.

FillPCA

zandollydor · Answer

[CODE] 2007-12-09,12:00:44 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Google Inc] <"C:\Program Files\CCleaner\ccleaner.exe" /AUTO> [N/A] [IncrediMail, Ltd.] <"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] [(Verified)Safer Networking Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [Hewlett-Packard Co.] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [Hewlett-Packard ] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [Hewlett-Packard Company] [Analog Devices, Inc.] [Analog Devices, Inc.] <"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows XP Publisher] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] [Apple Computer, Inc.] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] [(Verified)ALWIL Software] <"C:\Program Files\Spyware Doctor\SDTrayApp.exe"> [(Verified)PC Tools] <"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== Startup Folders [HP Digital Imaging Monitor] C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [Outil de mise à jour Google] C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [Google]> ================================== Services [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] [Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start] [Google Updater Service / gusvc][Running/Auto Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [HP WMI Interface / hpqwmi][Running/Manual Start]

[Windows CardSpace / idsvc][Stopped/Manual Start] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"> [iPod Service / iPodService][Running/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start] [PC Tools Auxiliary Service / sdAuxService][Running/Auto Start] [PC Tools Security Service / sdCoreService][Running/Auto Start] [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start] [TrueVector Internet Monitor / vsmon][Running/Auto Start] ================================== Drivers [Service d'installation du pilote audio Intel(r) 82801 (WDM) / ac97intc][Stopped/Manual Start] [aeaudio / aeaudio][Running/Manual Start] [PPdus ASPI Shell / Afc][Running/Manual Start] [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start] [ati2mtag / ati2mtag][Running/Manual Start] [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\Zando\LOCALS~1\Temp\catchme.sys> [Pilote de carte Intel (R) PRO / E100B][Stopped/Manual Start] [eabfiltr / eabfiltr][Running/System Start] <\??\C:\WINDOWS\system32\drivers\EABFiltr.sys> [eabusb / eabusb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\eabusb.sys> [GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start] [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [File Security Driver / IKFileSec][Running/Boot Start] <\SystemRoot\system32\drivers\ikfilesec.sys> [System Filter Driver / IKSysFlt][Running/System Start] [System Security Driver / IKSysSec][Running/System Start] [MidiSyn / MidiSyn][Stopped/Manual Start] [MS1000 / MS1000][Stopped/Manual Start] [Pilote de carte réseau Ethernet ou Fast Ethernet Compaq / N100][Stopped/Manual Start] [Webcam Deluxe / ovt530][Stopped/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [senfilt / senfilt][Running/Manual Start] [smwdm / smwdm][Running/Manual Start] [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [SymEvent / SymEvent][Stopped/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS> [SYMIDSCO / SYMIDSCO][Stopped/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20040824.002\symidsco.sys> [tifm21 / tifm21][Running/Manual Start] [vsdatant / vsdatant][Running/System Start] [Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP / w29n51][Running/Manual Start] [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] ================================== Browser Add-ons [Spybot-S&D IE Protection] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Spybot-S&D IE Protection] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [Microsoft Data Collection Control] {0742B9EF-8C83-41CA-BFBA-830A59E23533} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [Facebook Photo Uploader 4 Control] {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [Facebook Photo Uploader Control] {5F8469B4-B055-49DD-83F7-62B522420ECC} [HpProductDetection Class] {6B75345B-AA36-438A-BBE6-4078B4C6984D} [HouseCall Control] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Get_ActiveX Control] {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [Java Plug-in 1.5.0_02] {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [Microsoft Data Collection Control] {0742B9EF-8C83-41CA-BFBA-830A59E23533} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A> [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [Spybot-S&D IE Protection] {53707962-6F74-2D53-2644-206D7942484F} [DeviceEnum Class] {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Facebook Photo Uploader 4 Control] {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [Facebook Photo Uploader Control] {5F8469B4-B055-49DD-83F7-62B522420ECC} [CKAVReportCtrl Object] {6117669B-8C2D-41FA-A6D9-9E484B999CF0} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [DivXBrowserPlugin Object] {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HpProductDetection Class] {6B75345B-AA36-438A-BBE6-4078B4C6984D} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [HouseCall Control] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [] {98A3C275-4A81-4F1E-8494-BD84A88F662D} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Get_ActiveX Control] {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [VIDEO__AVI Moniker Class] {CD3AFA88-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Google Updater Class] {D6A5A215-FBF3-45E5-ABF8-22FF50916184} [iTunesDetector Class] {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [] {EF7E41A1-B72D-47E3-9AC9-34C14C545E1B} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [E&xporter vers Microsoft Excel] ================================== Running Processes [PID: 648 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 736 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 784 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 796 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 948 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 964 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1060 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1152 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1228 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1368 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1484 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4118] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1540 / Zando][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll] [N/A, ] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\WinRAR arext.dll] [N/A, ] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 404 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 844 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1688 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.003] [C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011] [C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)] [PID: 1516 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1140 / SYSTEM][C:\Program Files\Spyware Doctor\svcntaux.exe] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 1292 / SYSTEM][C:\Program Files\Spyware Doctor\swdsvc.exe] [PC Tools, 5.0.5.23] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\commhlpr.dll] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\RegHelper.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\inethlpr.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\filehlpr.dll] [PC Tools, 5.0.5.21] [C:\Program Files\Spyware Doctor\sdcore.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Spyware Doctor\FileStorage.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\Settings.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\IDBLib.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\SDInfo.sdp] [PC Tools, 5.0.5.8] [C:\Program Files\Spyware Doctor\SDExtra.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\PCTWSC.dll] [PC Tools, 1, 0, 0, 7] [C:\Program Files\Spyware Doctor\Immunizer.sdp] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\Localizer.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\NfyMan.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\quarantine.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\BH.dll] [PC Tools, 5.0.5.0] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\RebootManager.sdp] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\scaneng.sdp] [PC Tools, 5.0.5.5] [C:\Program Files\Spyware Doctor\stasks.sdp] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\SystemMonitor.sdp] [PC Tools, 5.0.5.44] [C:\Program Files\Spyware Doctor\whitelist.sdp] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\plugins\Browsers.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\plugins\grfiles.SDP] [PC Tools, 5.0.5.27] [C:\Program Files\Spyware Doctor\plugins\grregistry.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\SH.dll] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\plugins\Network.SDP] [PC Tools, 5.0.5.12] [C:\Program Files\Spyware Doctor\plugins\Process.SDP] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP] [PC Tools, 5.0.5.0] [C:\Program Files\Spyware Doctor\plugins\StartUp.SDP] [PC Tools, 5.0.5.2] [PID: 2052 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2060 / Zando][C:\Program Files\Spyware Doctor\SDTrayApp.exe] [PC Tools, 5.0.5.31] [C:\Program Files\Spyware Doctor tl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1035] [C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451] [C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.5.4] [C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.5.1] [C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.5.3] [C:\Program Files\Spyware Doctor\cdialogs.dll] [PC Tools, 5.0.5.23] [C:\Program Files\Spyware Doctor\pwindow.dll] [PC Tools, 5.0.5.2] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2076 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2136 / Zando][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2164 / Zando][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe] [Hewlett-Packard , 5, 1, 1, 2] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL] [Hewlett-Packard , 5, 1, 1, 2] [C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL] [Hewlett-Packard , 5, 1, 1, 2] [PID: 2208 / Zando][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2292 / Zando][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] [Hewlett-Packard Company, 1, 1, 1, 3] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2324 / Zando][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 5, 0, 2, 2] [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Devices, Inc., 5, 0, 2, 008] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2488 / Zando][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5160] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5160] [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5160] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5160] [PID: 2612 / Zando][C:\Program Files\Apoint2K\Apoint.exe] [Alps Electric Co., Ltd., 5.5.1.200] [C:\Program Files\Apoint2K\ApResFR.dll] [Alps Electric Co., Ltd., 5.5.1.13] [C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.6] [C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.2.248] [C:\Program Files\Apoint2K\EzAuto.dll] [Alps Electric Co., Ltd., 4.5.1.83] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Apoint2K\EzLaunch.DLL] [Alps Electric Co., Ltd., 5.5.1.63] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2672 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2904 / Zando][C:\Program Files\Apoint2K\Apntex.exe] [Alps Electric Co., Ltd., 5.5.1.21] [C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.6] [C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.2.248] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 3040 / Zando][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.51 2.1.51 03/04/2005 12:01:54] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 3252 / Zando][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 4.7.0.42] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 4.7.0.42] [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 4.7.0.42] [PID: 3268 / Zando][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.4279] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 3324 / Zando][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 3424 / Zando][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 3432 / Zando][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 4036 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 520 / Zando][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [PID: 1616 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1968 / Zando][C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] [Safer Networking Limited, 1, 5, 0, 9] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Spybot - Search & Destroy\advcheck.dll] [Safer Networking Limited, 1, 5, 3, 0] [PID: 2172 / Zando][C:\PROGRA~1\INCRED~1\bin\IMApp.exe] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\PROGRA~1\INCRED~1\bin\ImUtilsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\PROGRA~1\INCRED~1\bin\ImNtUtilU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\PROGRA~1\INCRED~1\bin\ImLookU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\IncrediMail\bin\ImAppRU.dll] [, 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\ImComUtlU.dll] [, 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\ImSpoolU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\ImFoldrsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\ImServU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\ImJunkU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\ImNotfyU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\ImParserU.dll] [IncrediMail, Ltd., 5, 6, 5, 3116] [C:\Program Files\IncrediMail\bin\mimepp.dll] [Hunny Software, Ltd., 7, 0, 0, 0] [PID: 2508 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 4.7.0.42] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 4.7.0.42] [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 4.7.0.42] [PID: 2868 / SYSTEM][C:\Program Files\HPQ\shared\hpqwmi.exe] [Hewlett-Packard Development Company, L.P., 1, 0, 4, 3] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2872 / Zando][C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.206.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.206.000] [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll] [Hewlett-Packard Co., 53.0.20.000] [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Hp\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [PID: 3176 / Zando][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.969.23408.beta] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Google\Google Updater\2.2.969.23408\ci.dll] [Google, 2.2.969.23408.beta] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [PID: 3380 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 260 / Zando][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000] [PID: 3680 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [PID: 2888 / Zando][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [c:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1601, 4978] [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8] [C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5] [C:\Program Files\Java\jre1.6.0_03\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858] [C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461] [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [PID: 2084 / Zando][C:\Program Files\Alwil Software\Avast4\ashSimpl.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.5.24] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\actskin4.ocx] [, 4, 2, 7, 3] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\

zandollydor · Answer

Re, 

Et voilà, le dernier!

Rapport GenProc 0.72 [1] effectué le 09/12/2007 à 12:06:47,57 - SystemRoot = C:\WINDOWS 

# Etape 1/ Télécharge :  
  
- CCleaner https://www.ccleaner.com/ccleaner/download
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme. 
 
- VundoFix.exe  (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

- combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau 
 
 
***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://docs.microsoft.com/en-us/?mfr=true (choisis ta session courante "Zando") ***** 
 
 
# Etape 2/ 
 
* Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

* Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra 
 
# Etape 3/ 
 
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. 
 
# Etape 4/ 

Redémarre normalement et poste : 
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ; 
- Le contenu du rapport situé dans C:\vundofix.txt ; 
- Le contenu du rapport situé dans C:\Combofix.txt ; 


Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

FillPCA · Answer

Re,

Je m'absente cet après-midi mais j'examine ceci ce soir.

FillPCA

zandollydor · Answer

D'accord, merci. Bonne après-midi.

FillPCA · Answer

Re,

1/     *  Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
          o afficher les fichiers et dossiers cachés,
          o décocher "masquer les extensions des fichiers dont le type est connu",
          o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

2/     *  Peux-tu tester ceci : C:\WINDOWS\system32\drivers\MS1000.sys
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

FillPCA

zandollydor · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\E37JRI7R\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

FillPCA · Answer

Re,

1/     *  Imprime ceci.
    * Télécharge Brute Force Uninstaller (de Merijn).
    * Créé un nouveau dossier directement sur le C:\ et nomme-le BFU.
    * Décompresse le fichier téléchargé dans ce nouveau dossier au moyen d'un clic droit (Extraire vers...C:\BFU).
    * Ouvre le bloc-note de windows.
    * Copie-colle ces lignes dans la fenêtre du bloc-note :

OptionUnloadShell

RegDeleKey HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b6ff 6c-6675-11dc-a791-001500393860}

FileDelete %SYSDIR%\rtstv.bak2
FileDelete %SYSDIR%\rtstv.bak1
FileDelete %SYSDIR%\rtstv.ini
FileDelete E:\setupSNK.exe

SystemEmptyTempFolder
SystemEmptyInternetCache
SystemEmptyRecycleBin

    * Enregistre le fichier sur le bureau en fix.txt
    * Fais un clic droit sur ce fichier, choisis Renommer et dans la case, indique le nom fix.BFU.
    * Déplace-le dans le même dossier que Brute Force Uninstaller soit dans c:\BFU
    * Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : fix.bfu et BFU.exe (très important).
    * Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 (ou F5); tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
    * Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
    * Configure BFU comme ceci :
http://img160.imageshack.us/img160/5732/bfuyg7.jpg
    * Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : fix.bfu.
    * Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\fix.bfu
    * Clique sur Execute et laisse-le faire son travail.
    * Attendre que Complete script execution apparaîsse et clique sur OK.
    * Clique sur save et enregistre le rapport sur le bureau : rapport.txt
    * Clique Exit pour fermer le programme BFU.
    * Redémarre normalement ton PC et édite le contenu de rapport.txt dans ta prochaine réponse.

2/ Désactive ton antivirus.

3/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Panda
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

4/ Ré-active ton antivirus et édite le rapport Panda avec un nouveau rapport Hijackthis.

FillPCA

zandollydor · Answer

Re, 
Voici le rapport Panda, 

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@247realmedia[1].txt                                                                                                                                                                                               
Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@advertising[1].txt                                                                                                                                                                                                
Spyware:Cookie/Adviva                                                           Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@adviva[1].txt                                                                                                                                                                                                     
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@atdmt[2].txt                                                                                                                                                                                                      
Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@bs.serving-sys[2].txt                                                                                                                                                                                             
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@doubleclick[1].txt                                                                                                                                                                                                
Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@serving-sys[2].txt                                                                                                                                                                                                
Spyware:Cookie/Smartadserver                                                    Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@smartadserver[1].txt                                                                                                                                                                                              
Spyware:Cookie/Tribalfusion                                                     Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@tribalfusion[1].txt                                                                                                                                                                                               
Spyware:Cookie/Weborama                                                         Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@weborama[2].txt                                                                                                                                                                                                   
Spyware:Cookie/Xiti                                                             Not disinfected               C:\Documents and Settings\Zando\Cookies\zando@xiti[1].txt

zandollydor · Answer

Re, 
19:21 10/12/2007Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Zando\Local Settings\Temporary Internet Files\Content.IE5\HIR7SD2S\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

FillPCA · Answer

Re,

Pour moi, le rapport est propre et il n'y a plus d'infection. As-tu toujours des ennuis ? 

On pourra éventuellement supprimer des entrées inutiles au démarrage si le pc est lent.

FillPCA

FillPCA · Answer

Salut,
Il y a des entrées inutiles qui ralentissent le pc.

1/     *  Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

2/ Dézippe Hijackthis dans un répertoire dédié comme c:\HJT

3/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC 
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC 
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot 
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe 

Clique sur fix/réparer.

Bon surf !

FillPCA

Meggy · Answer

Bonjour, je suis moi aussi infectée par le cheval de Troie Win32:BHO-JK

Je viens de faire une analyse avec hijack mais c'est pour moi du chinois.
 Quelqu'un pourrait-il m'aider  à résoudre ce problème?
Je ne suis pas un as en informatique. Merci d'être clair dans votre aide.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:56:05, on 12/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\INCRED~1\BIN\IMAPP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CLAVELIERES\Mes documents\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Basic\Search Bar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S7F.tmp" /EF "HKLM"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .aiff: C:\PROGRA~1\INTERN~1\PLUGINS
pqtplugin.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS
pqtplugin.dll
O12 - Plugin for .ivr: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS
pqtplugin.dll
O16 - DPF: Win32 Classes - 
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - 
O16 - DPF: {17D8B270-9C15-11D3-8F03-00105A9965CA} - http://www.easyclick.com/ie/pc/tf1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} - https://www.nordnet.com/securite
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {91285EE6-F2ED-11D4-B38C-0050BAE63BA3} (Mediaphora Agent) - 
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - 
O16 - DPF: {FF690DE1-27F6-11D4-91BD-0048546A1450} (acx_install Class) - http://download.oreka.com/installer/httpload.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

FillPCA · Answer

Salut,

Il faut que tu crées ton propre sujet. Celui-ci est résolu.

FillPCA

aachrys · Answer

j ai reussit a detruire le trojan bho!!!!voici la page ou j ai ecrit 3 articles qui expliquent le cheminement jusqu a la fin j ai gagné ainsi jvous fait part de mon combat et vious souhaite bonne chance a tous!!!                                        http://www.commentcamarche.net/forum/affich 3969523 infection par win32 bho df

FillPCA · Answer

Bonjour,

Pour info, l'appellation trojan BHO ne veut pas dire grand-chose. Les BHO sont des lignes qui apparaissent en 02 dans Hijackthis. Les infections peuvent être de type Vundo/Virtumonde comme c'était le cas ici. Ca peut aussi être du Delf, et là, malwarebyte's n'y peut pas grand-chose.
Les infection smitfraud peuvent aussi insérer des 02.

Bonne journée.

FillPCA

FillPCA · Answer

Bonjour,

Un bonjour ou une formule de politesse sont toujours appréciables, ainsi que quelques mots d'explications pour donner des précisions sur l'origine du problème...
D'autre part, la règle veut qu'on crée un nouveau sujet en cas de problème plutôt que d'insérer sa demande dans une autre déjà formulée.

Le fichier hosts a été modifié ce qui semble montrer une infection, peut-être de type Brontok, mais je ne fais plus de désinfection sur ce forum.

Crée ton propre sujet en respectant quelques règles élémentaires de courtoisie, et je suis sûr qu'un helpeur se fera un plaisir de t'apporter une assistance.

FillPCA

Trojan Win32.BHO-JK

40 réponses

Discussions similaires

Newsletters