Votre question

Infection par spywarre secure

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Août 2007 16:31:09

J'ai analysé avec HijackThis et voila le rapport

Logfile of HijackThis v1.99.1
Scan saved at 16:27:15, on 11/08/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Users\Fernand\AppData\Local\Microsoft\ekiontrxvd.exe
C:\Program Files\GRISOFT\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://side.search.ke.voila.fr/voilafr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr/voilafr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [ekiontrxvd] "c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe" ekiontrxvd
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] "C:\Windows\SYSTEM32\WerFault.exe" -k -rq
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PowerArchiver Tray] "C:\Program Files\PowerArchiver\PASTARTER.EXE"
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C401808E-3DB7-4A73-B8DB-9C0978CA4682}
O4 - HKCU\..\Run: [ekiontrxvd] c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe ekiontrxvd
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scan...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


Merci de votre aide

Autres pages sur : infection spywarre secure

11 Août 2007 16:38:15

Bonjour

Peu d'outils fonctionnent actuellement avec Vista.

Télécharge Brute Force Uninstaller (de Merijn).
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

Ouvre le Bloc-note et copie-colle les lignes ci-dessous

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0


Sauvegarde dans le dossier créé (C:\BFU) (Nom du fichier : "Egd.bfu " -sans inclure les guillemets- ; Type : Tous les fichiers).

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Egd.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Egd.bfu

Clique sur Execute et laisse-le faire son travail.

Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU

Poste le rapport situé ici
C:\egd.txt
11 Août 2007 16:44:16

Voici le rapport
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"ekiontrxvd"="\"c:\\users\\fernand\\appdata\\local\\microsoft\\ekiontrxvd.exe\" ekiontrxvd"
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\GRISOFT\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
Contenus similaires
11 Août 2007 18:44:51

Bien, on continue.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
.



$$ FAIS UN CLIC-DROIT sur le lien suivant
http://metallica.geekstogo.com/EGDACCESS.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).


$$ Ouvre le Bloc-note et copie-colle les lignes ci-dessous

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ekiontrxvd
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ekiontrxvd
FileDelete %SYSTEMDRIVE%\users\fernand\appdata\local\microsoft\ekiontrxvd_navps.dat
FileDelete %SYSTEMDRIVE%\users\fernand\appdata\local\microsoft\ekiontrxvd_nav.dat
FileDelete %SYSTEMDRIVE%\users\fernand\appdata\local\microsoft\ekiontrxvd.dat
FileDelete %SYSTEMDRIVE%\users\fernand\appdata\local\microsoft\ekiontrxvd.exe

SystemEmptyTempFolder
SystemEmptyRecycleBin

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0


Sauvegarde dans le dossier créé (C:\BFU) (Nom du fichier : "Fixme.bfu " -sans inclure les guillemets- ; Type : Tous les fichiers).

$$,Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.


$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

EGDACCESS.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.

--- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Fixme.bfu

Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.

Clique Exit pour fermer le programme BFU.


$$ Redémarre normalement

Poste un nouveau hijackthis avec le rapport situé ici C:\egd.txt
11 Août 2007 20:00:02

La manip en mode sans echec s'est bien passée

Apres redemmarage je lance l'analyse avec hijackthis et voici ce que ca donne

Une première fenetre d'erreur isant ceci:

Your system denied write access to the host file If any Hijacked domains are in this file, Hijack This may not be able to fix this
If that happens, you need to edit the file yoursel To do this, Clic start, run and type:
notepad "C:\windows\system\drivers\etc\hosts"
and press enter Find the line(s) Hijack This reports and delete them
Save the file as "hosts" (with quotes) and reboot

Et une deuxième fenetre comme suit :
An unexpected error has occured at procedure :
modMain-CheckOtherItem()
Error#75-Path/File access error

Please email me at merijn@spywareinfo.com, and reorting the following:
*What you were trying to fix when the error occured, if applicable
*How you can reproduce the error
*A complete HjackThis scan log, if possible

Windows Version : Windows NT 6.00.1904
MSIE version : 7.0.6000.16473
HijackThis version : 1.99.1

This Message has been copied to your clipboard.
Click of to continue the rest of the scan.


Et enfin il me donne le résultat de l'analyse que voici:


Logfile of HijackThis v1.99.1
Scan saved at 16:27:15, on 11/08/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Users\Fernand\AppData\Local\Microsoft\ekiontrxvd.exe
C:\Program Files\GRISOFT\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://side.search.ke.voila.fr/voilafr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr/voilafr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [ekiontrxvd] "c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe" ekiontrxvd
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] "C:\Windows\SYSTEM32\WerFault.exe" -k -rq
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PowerArchiver Tray] "C:\Program Files\PowerArchiver\PASTARTER.EXE"
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C401808E-3DB7-4A73-B8DB-9C0978CA4682}
O4 - HKCU\..\Run: [ekiontrxvd] c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe ekiontrxvd
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scan...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Il est vrai que je suis très limité quand a mon anglais donc voila tous les éléments que je peux te fournir

Merci

et le rapport suivant
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"ekiontrxvd"="\"c:\\users\\fernand\\appdata\\local\\microsoft\\ekiontrxvd.exe\" ekiontrxvd"
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\GRISOFT\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

12 Août 2007 00:24:19

Bon, le fichier aléatoire est toujours là.


Relance un scan HijackThis et coche les lignes ci-dessous :

O4 - HKCU\..\Run: [ekiontrxvd] c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe ekiontrxvd

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\users\fernand\appdata\local\microsoft\ekiontrxvd_navps.dat
C:\users\fernand\appdata\local\microsoft\ekiontrxvd_nav.dat
C:\users\fernand\appdata\local\microsoft\ekiontrxvd.dat
C:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avc un nouveau Hijackthis.
12 Août 2007 10:48:55

Bonjour,

J'ai un problème il me met toujours deux messages d'erreur sur Hijackthis et n'enregistre pas de nouveau rapport c'est toujours le meme et dans Hijackthis je ne retrouve pas les lignes
O4 - HKCU\..\Run: [ekiontrxvd] c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe ekiontrxvd

et si je fait la manip avec avec OTmove it il me dit qu'i ne peut pas crée le fichier de log

le nouveau Hijackthis donne ceci

Logfile of HijackThis v1.99.1
Scan saved at 16:27:15, on 11/08/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Users\Fernand\AppData\Local\Microsoft\ekiontrxvd.exe
C:\Program Files\GRISOFT\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://side.search.ke.voila.fr/voilafr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr/voilafr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [ekiontrxvd] "c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe" ekiontrxvd
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] "C:\Windows\SYSTEM32\WerFault.exe" -k -rq
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PowerArchiver Tray] "C:\Program Files\PowerArchiver\PASTARTER.EXE"
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C401808E-3DB7-4A73-B8DB-9C0978CA4682}
O4 - HKCU\..\Run: [ekiontrxvd] c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe ekiontrxvd
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scan...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


Est il normal en revanche que la date du rapport soit Scan saved at 16:27:15, on 11/08/2007
alors que l'on est le 12 et qu'il est 10h48?

merci
12 Août 2007 11:40:51

Bonjour

Je crois comprendre.

J'ai déja eu le cas avec Vista.
Je en sais pas pourquoi, mais il y a toujours le même rapport Hijackthis.
Le fichier infectieux avait peut être disparu après la première manip.

Fais ceci.

Désinstalle et supprime Hijackthis.

Retélécharge le
http://pchelpbordeaux.free.fr/logiciels.html

Fais un nouveau scan et poste le rapport.
12 Août 2007 12:23:30

Je viens de refaire la procédure précedente et voici ce que cela donne.
En fait si je ne desinstalle pas HijackThis a chaque fois que je ve l'utiliser les manip ne marchent pas.
Donc j'ai refait :


Relance un scan HijackThis et coche les lignes ci-dessous :

O4 - HKCU\..\Run: [ekiontrxvd] c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe ekiontrxvd

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.c [...] MoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt aste List of Files/Folders to be moved.

C:\users\fernand\appdata\local\microsoft\ekiontrxvd_navps.dat
C:\users\fernand\appdata\local\microsoft\ekiontrxvd_nav.dat
C:\users\fernand\appdata\local\microsoft\ekiontrxvd.dat
C:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes. NON PAS DEMANDER


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles donc voila:

C:\users\fernand\appdata\local\microsoft\ekiontrxvd_navps.dat moved successfully.
C:\users\fernand\appdata\local\microsoft\ekiontrxvd_nav.dat moved successfully.
C:\users\fernand\appdata\local\microsoft\ekiontrxvd.dat moved successfully.
C:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe moved successfully.
File/Folder not found.

Created on 08/12/2007 12:19:15

avc un nouveau Hijackthis que je t'envoie dans peu de temps

merci



12 Août 2007 12:27:13

Voici le rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 12:24:33, on 12/08/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\GRISOFT\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://side.search.ke.voila.fr/voilafr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr/voilafr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [ekiontrxvd] "c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe" ekiontrxvd
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [PowerArchiver Tray] "C:\Program Files\PowerArchiver\PASTARTER.EXE"
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C401808E-3DB7-4A73-B8DB-9C0978CA4682}
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scan...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

voila, j'attend tes indications
merci

Sinon juste une question, si on reformate le disque et que l'on réinstalle vista il réaparait spyware secure ou pas?
12 Août 2007 22:00:44

Re


Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ekiontrxvd] "c:\users\fernand\appdata\local\microsoft\ekiontrxvd.exe" ekiontrxvd
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


As tu encore des dysfonctionnements ?

Si tu fais un formatage bas niveau (avec effacement de toutes tes données personnelles), il n'y aura plus d'infection, tu auras un PC neuf. Il faudra ensuite que tu réinstalles tes programmes et autres.
12 Août 2007 22:46:44

bonsoir chercheur,

J'ai suivi tes indications et malheureusement j'ai encore des fenetres intempestives qui s'ouvrent aléatoirement c'est à dire soit une page vierge, des pubs, des pages des 3Suisses, cdiscount...

Merci de ton aide
12 Août 2007 22:54:50

Re


Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://europe.f-secure.com/blacklight/try.shtml
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique fsbl.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse
12 Août 2007 23:08:15

Voici le rapport du scan de Backlight, toutefois je n'ai pas vu de liste de fichiers détectés apparaître :

08/12/07 23:01:27 [Info]: BlackLight Engine 1.0.64 initialized
08/12/07 23:01:27 [Info]: OS: 6.0 build 6000 ()
08/12/07 23:01:27 [Note]: 7019 4
08/12/07 23:01:27 [Note]: 7005 0
08/12/07 23:01:39 [Note]: 7006 0
08/12/07 23:01:39 [Note]: 7027 0
08/12/07 23:01:41 [Note]: 7026 0
08/12/07 23:01:41 [Note]: 7026 0
08/12/07 23:01:49 [Note]: FSRAW library version 1.7.1022
08/12/07 23:06:28 [Note]: 7007 0
12 Août 2007 23:33:04

Blacklight ne trouve rien.

Télécharge SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse

Attention, le rapport est long (Vista ..). Poste te le en deux fois, la deuxième partie commencera par


--------------------------
Running processes
12 Août 2007 23:46:26

voici le rapport partie 1 :
[CODE]

2007-08-12,23:44:01

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition (Build 6000) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows]
<ehTray.exe><C:\Windows\ehome\ehTray.exe> [(Verified)Microsoft Windows]
<BitTorrent><"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized> []
<PowerArchiver Tray><"C:\Program Files\PowerArchiver\PASTARTER.EXE"> [(Verified)"ConeXware, Inc."]
<IncrediMail><"C:\Program Files\IncrediMail\bin\IncMail.exe" /c> [IncrediMail, Ltd.]
<Magentic><"C:\PROGRA~1\Magentic\bin\Magentic.exe" /c> []
<WMPNSCFG><"C:\Program Files\Windows Media Player\WMPNSCFG.exe"> [(Verified)Microsoft Windows]
<RunSpySweeperScheduleAtStartup><"C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C401808E-3DB7-4A73-B8DB-9C0978CA4682}> [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Picasa Media Detector><"C:\Program Files\Picasa2\PicasaMediaDetector.exe"> [(Verified)Google Inc.]
<AVG7_CC><"C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP> [GRISOFT, s.r.o.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
<!AVG Anti-Spyware><"C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.]
<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup> [Google]
<SDTray><"C:\Program Files\Spyware Doctor\SDTrayApp.exe"> [(Verified)PC Tools]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows]
<Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL> [Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
<WinlogonNotify: avgwlntf><avgwlntf.dll> [GRISOFT, s.r.o.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\Windows\System32\MAGENT~1.SCR> [IncrediMail LTD.]

==================================
Startup Folders
N/A

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe><GRISOFT, s.r.o.>
[AVG7 Resident Shield Service / AvgCoreSvc][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe><GRISOFT, s.r.o.>
[AVG E-mail Scanner / AVGEMS][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgemc.exe><GRISOFT, s.r.o.>
[Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start]
<"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><N/A>
[GoogleDesktopManager / GoogleDesktopManager][Stopped/Manual Start]
<"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"><Google>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Service de l'iPod / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Spyware Doctor Auxiliary Service / sdAuxService][Running/Auto Start]
<C:\Program Files\Spyware Doctor\svcntaux.exe><PC Tools>
[Spyware Doctor Service / sdCoreService][Running/Auto Start]
<C:\Program Files\Spyware Doctor\swdsvc.exe><PC Tools>
[Fujitsu Siemens Computers Diagnostic Testhandler / TestHandler][Running/Auto Start]
<C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe><Fujitsu Siemens Computers>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
<C:\Windows\System32\ZoneLabs\vsmon.exe -service><Check Point Software Technologies LTD>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
<\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[amdide / amdide][Stopped/Disabled]
<\SystemRoot\system32\drivers\amdide.sys><Microsoft Corporation>
[arc / arc][Stopped/Disabled]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
<\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
<\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[AVG Minifilter x86 Resident Driver / AvgMfx86][Running/System Start]
<\SystemRoot\System32\Drivers\avgmfx86.sys><GRISOFT, s.r.o.>
[AVG7 Firewall Driver x86 / AvgWFP][Running/Manual Start]
<\SystemRoot\System32\Drivers\avgwfp.sys><N/A>
[BestCrypt bus driver / bcbus][Stopped/System Start]
<system32\DRIVERS\bcbus.sys><N/A>
[Jetico Personal Firewall Network Monitor / Bcfilter][Stopped/Manual Start]
<system32\DRIVERS\bcfilter.sys><N/A>
[BcfilterMP / BcfilterMP][Stopped/Manual Start]
<system32\DRIVERS\bcfilter.sys><N/A>
[blbdrive / blbdrive][Stopped/Disabled]
<\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
<\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
<system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[VIA Rhine-Family Fast-Ethernet Adapter Driver Service / FET5X86V][Running/Manual Start]
<system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[HpCISSs / HpCISSs][Stopped/Disabled]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel AHCI Controller / iaStor][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastor.sys><Intel Corporation>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[File Filter Driver / IKFileFlt][Stopped/System Start]
<system32\drivers\ikfileflt.sys><PCTools Research Pty Ltd.>
[File Security Driver / IKFileSec][Stopped/System Start]
<system32\drivers\ikfilesec.sys><PCTools Research Pty Ltd.>
[System Filter Driver / IkSysFlt][Stopped/System Start]
<system32\drivers\iksysflt.sys><PCTools Research Pty Ltd.>
[System Security Driver / IKSysSec][Stopped/System Start]
<system32\drivers\iksyssec.sys><PCTools Research Pty Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[megasas / megasas][Stopped/Disabled]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
<\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
<\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvatabus / nvatabus][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvatabus.sys><NVIDIA Corporation>
[nvlddmkm / nvlddmkm][Running/Manual Start]
<system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
<system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
<system32\DRIVERS\nwlnkfwd.sys><N/A>
[Dual Mode USB Camera Plus / OVT511Plus][Running/Manual Start]
<System32\Drivers\omcamvid.sys><OmniVision Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[uliahci / uliahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
<\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[viamraid / viamraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\viamraid.sys><VIA Technologies inc,.ltd>
[videX32 / videX32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[Zone Alarm Firewall Driver / vsdatant][Running/System Start]
<system32\DRIVERS\vsdatant.sys><Check Point Software Technologies LTD>
[vsmraid / vsmraid][Running/Boot Start]
<\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[NETGEAR WG111 802.11g Wireless USB Adapter Driver / wg111nd5][Stopped/Manual Start]
<system32\DRIVERS\wg111nd5.sys><NETGEAR, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[Java Plug-in 1.6.0_01]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Microsoft Outlook 8.0 Object Library]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Office Outlook]
{0006F03A-0000-0000-C000-000000000046} <, N/A>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[TECollaboration.Manager]
{07FEE7FA-EA56-4790-AE41-2E227CCF6EB7} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[VistaWUWebControl Class]
{12A66224-5E8A-4679-8941-0B9B960BF5EA} <%SystemRoot%\system32\wuwebv.dll, N/A>
[SkyGps Class]
{1D1342E2-B737-43C4-B2B2-BB855FC353F1} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Plane]
{1E686889-C1F3-437F-A8CE-729C78AA3BEC} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.VirtualCursor]
{2040FA1B-53B6-41BD-BF73-6400C4F40E49} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\Windows\System32\Macromed\Director\swdir.dll, Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[TerraExplorer Class]
{3a4f9191-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TE3DWindow Class]
{3a4f9192-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TEInformationWindow Class]
{3a4f9193-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TENavigationMap Class]
{3a4f9194-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[FalconViewObj Class]
{504AC303-A983-45B7-8663-CB5649B3AB1A} <C:\Program Files\Skyline\TerraExplorer\Tools\TEFVT\TEFVT.dll, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\Windows\system32\ieframe.dll, Microsoft Corporation>
[TECollaboration.FlyFile]
{641ECCA4-28F2-4AE0-90E6-3152E62AFCA2} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Comunication Class]
{662CB034-1B5F-46DE-83C8-8BDCA1424856} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLCU.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[FVGps Class]
{765FB9BF-38D5-4678-9BD0-40DDE72906ED} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Annotation]
{7A412365-8492-42A0-9411-BEE11106AAD6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.Chat]
{8120661B-1913-4C41-8C47-A0A9279715C6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\Windows\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_01]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[TECollaboration.Projection]
{984E67E2-6C7E-4D87-AC71-A640954D4495} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[FileManager Class]
{A3EEA80F-5A77-402B-8A2E-D1D9A08A497C} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLFM.dll, >
[TETest Class]
{A5606C7C-13E8-4403-B5C1-72CE1AEE1CA2} <C:\ProgramData\Skyline\TEDetect.dll, Skyline software systems Inc.>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\Windows\System32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, N/A>
[CreateMPU Class]
{BF001C67-5DEE-40B5-85BE-A5B0E1AA0AD6} <C:\Program Files\Skyline\TerraExplorer\Tools\PyramidTool\SLMPU.dll, >
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, Adobe Systems, Inc.>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, N/A>
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\System32\msxml3.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Google Updater Class]
{D6A5A215-FBF3-45E5-ABF8-22FF50916184} <C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll, Google>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
12 Août 2007 23:47:55

voila la partie 2 :

==================================
Running Processes
[PID: 460 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 524 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 568 / SYSTEM][C:\Windows\system32\wininit.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 580 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 612 / SYSTEM][C:\Windows\system32\services.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 624 / SYSTEM][C:\Windows\system32\lsass.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 632 / SYSTEM][C:\Windows\system32\lsm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 700 / SYSTEM][C:\Windows\system32\winlogon.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 828 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 884 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 920 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DAFE28F0-A3D0-420C-BE13-76EB1A074460}\mpengine.dll] [Microsoft Corporation, 1.1.2704.0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1012 / SERVICE LOCAL][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\system32\RtkAPO.dll] [Realtek Semiconductor Corp., 11.0.6000.16 built by: WinDDK]
[PID: 1092 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1136 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1240 / SERVICE RÉSEAU][C:\Windows\system32\SLsvc.exe] [Microsoft Corporation, 6.0.6000.16509 (vista_gdr.070620-1500)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1280 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1396 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1808 / SYSTEM][C:\Windows\System32\spoolsv.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\System32\CNBLM3_2.DLL] [CANON INC., 1.00.2.82 (vbl_wcp_d2_drivers.061013-1714)]
[C:\Windows\System32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\Windows\system32\spool\PRTPROCS\W32X86\CNBPP3.DLL] [CANON INC., 1.00.2.82 (vbl_wcp_d2_drivers.060929-0047)]
[C:\Windows\system32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1840 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 12 / Fernand][C:\Windows\system32\Dwm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9743]
[PID: 512 / Fernand][C:\Windows\system32\taskeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1148 / Fernand][C:\Windows\Explorer.EXE] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\WI4EB4~1\wmpband.dll] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\PowerArchiver\PASHLEXT.DLL] [ConeXware, Inc., 10.0.0.6]
[C:\Program Files\Grisoft\AVG7\avgse.dll] [GRISOFT, s.r.o., 7.5.0.409]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.10.6]
[PID: 2028 / Fernand][C:\Program Files\Picasa2\PicasaMediaDetector.exe] [Google Inc., 2.7.36.60]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2036 / Fernand][C:\Program Files\GRISOFT\AVG7\avgcc.exe] [GRISOFT, s.r.o., 7.5.0.460]
[C:\Program Files\GRISOFT\AVG7\AvgTMgr.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\GRISOFT\AVG7\AvgCtrl.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Windows\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\GRISOFT\AVG7\AvgAbout.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\GRISOFT\AVG7\AvgTest.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\GRISOFT\AVG7\AvgTRes.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\GRISOFT\AVG7\AvgSet.dll] [, ]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\GRISOFT\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.460]
[C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.476]
[C:\Program Files\Grisoft\AVG7\avgf.dll] [N/A, ]
[C:\Program Files\Grisoft\AVG7\AVGRES.DLL] [N/A, ]
[C:\Program Files\Grisoft\AVG7\avgcckrn.dll] [GRISOFT, s.r.o., 7.5.0.460]
[C:\Program Files\Grisoft\AVG7\avgvault.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avgrep.dll] [GRISOFT, s.r.o., 7.5.0.448]
[C:\Program Files\Grisoft\AVG7\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.474]
[C:\PROGRA~1\Grisoft\AVG7\avgemsui.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll] [GRISOFT, s.r.o., 7.5.0.420]
[PID: 1576 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 12, 0, 0]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1632 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 1884 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe] [GRISOFT, s.r.o., 7.5.0.453]
[C:\PROGRA~1\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.460]
[C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.476]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.429]
[PID: 1992 / Fernand][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.3.2.6]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.3.2.2]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.3.2.6]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.2]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx] [Apple Computer, Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx] [Apple Computer, Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx] [Apple Inc., 7.2]
[C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx] [Apple Inc., 7.2]
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 7, 3, 85, 0]
[PID: 664 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe] [GRISOFT, s.r.o., 7.5.0.420]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2060 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe] [GRISOFT, s.r.o., 7.5.0.473]
[C:\PROGRA~1\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2080 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgemc.exe] [GRISOFT, s.r.o., 7.5.0.474]
[C:\PROGRA~1\Grisoft\AVG7\libsasl.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.460]
[C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.476]
[C:\Program Files\Grisoft\AVG7\avgscan.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.474]
[C:\PROGRA~1\Grisoft\AVG7\saslcrammd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\sasldigestmd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\sasllogin.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\saslplain.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\Program Files\Grisoft\AVG7\avgmail.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll] [GRISOFT, s.r.o., 7.5.0.420]
[PID: 2088 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe] [GRISOFT, s.r.o., 7.5.0.473]
[C:\PROGRA~1\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.476]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2108 / Fernand][C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
[C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 2412 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2480 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2492 / SYSTEM][C:\Program Files\Spyware Doctor\svcntaux.exe] [PC Tools, 5.0.1.22]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.1.15]
[C:\Program Files\Spyware Doctor\rtl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1024]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2588 / Fernand][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll] [Google, 5.1.706.29690]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_fr.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 5.1.706.29690]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\gzlib.dll] [N/A, ]
[PID: 2596 / SYSTEM][C:\Program Files\Spyware Doctor\swdsvc.exe] [PC Tools, 5.0.1.62]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.1.50]
[C:\Program Files\Spyware Doctor\rtl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.1.15]
[C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1024]
[C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.0.10]
[C:\Program Files\Spyware Doctor\commhlpr.dll] [PC Tools, 5.0.1.11]
[C:\Program Files\Spyware Doctor\RegHelper.dll] [PC Tools, 5.0.1.27]
[C:\Program Files\Spyware Doctor\inethlpr.dll] [PC Tools, 5.0.1.17]
[C:\Program Files\Spyware Doctor\filehlpr.dll] [PC Tools, 5.0.1.6]
[C:\Program Files\Spyware Doctor\sdcore.dll] [PC Tools, 5.0.1.30]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\FileStorage.sdp] [PC Tools, 5.0.0.8]
[C:\Program Files\Spyware Doctor\Settings.sdp] [PC Tools, 5.0.1.10]
[C:\Program Files\Spyware Doctor\IDBLib.sdp] [PC Tools, 5.0.1.11]
[C:\Program Files\Spyware Doctor\SDInfo.sdp] [PC Tools, 5.0.1.26]
[C:\Program Files\Spyware Doctor\SDExtra.sdp] [PC Tools, 5.0.1.15]
[C:\Program Files\Spyware Doctor\PCTWSC.dll] [PC Tools, 1, 0, 0, 4]
[C:\Program Files\Spyware Doctor\Immunizer.sdp] [PC Tools, 5.0.1.13]
[C:\Program Files\Spyware Doctor\Localizer.sdp] [PC Tools, 5.0.1.10]
[C:\Program Files\Spyware Doctor\NfyMan.sdp] [PC Tools, 5.0.0.8]
[C:\Program Files\Spyware Doctor\quarantine.sdp] [PC Tools, 5.0.1.18]
[C:\Program Files\Spyware Doctor\BH.dll] [PC Tools, 5.0.1.26]
[C:\Program Files\Spyware Doctor\RebootManager.sdp] [PC Tools, 5.0.1.22]
[C:\Program Files\Spyware Doctor\scaneng.sdp] [PC Tools, 5.0.1.72]
[C:\Program Files\Spyware Doctor\stasks.sdp] [PC Tools, 5.0.1.6]
[C:\Program Files\Spyware Doctor\SystemMonitor.sdp] [PC Tools, 5.0.1.79]
[C:\Program Files\Spyware Doctor\whitelist.sdp] [PC Tools, 5.0.1.8]
[C:\Program Files\Spyware Doctor\sdwvhlp.dll] [PC Tools, 1, 0, 0, 2]
[C:\Program Files\Spyware Doctor\plugins\Browsers.SDP] [PC Tools, 5.0.1.56]
[C:\Program Files\Spyware Doctor\plugins\cookie.sdp] [PC Tools, 5.0.1.8]
[C:\Program Files\Spyware Doctor\plugins\grfiles.SDP] [PC Tools, 5.0.1.17]
[C:\Program Files\Spyware Doctor\plugins\grregistry.SDP] [PC Tools, 5.0.1.40]
[C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.1.6]
[C:\Program Files\Spyware Doctor\SH.dll] [PC Tools, 5.0.1.47]
[C:\Program Files\Spyware Doctor\plugins\Network.SDP] [PC Tools, 5.0.1.42]
[C:\Program Files\Spyware Doctor\plugins\Process.SDP] [PC Tools, 5.0.1.44]
[C:\Program Files\Spyware Doctor\plugins\ScriptEngine.SDP] [PC Tools, 5.0.1.24]
[C:\Program Files\Spyware Doctor\plugins\StartUp.SDP] [PC Tools, 5.0.1.56]
[PID: 2680 / Fernand][C:\Program Files\Spyware Doctor\SDTrayApp.exe] [PC Tools, 5.0.1.40]
[C:\Program Files\Spyware Doctor\rtl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.0.1.50]
[C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.0.1.15]
[C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1024]
[C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.0.0.10]
[C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.0.1.6]
[C:\Program Files\Spyware Doctor\cdialogs.dll] [PC Tools, 5.0.1.27]
[C:\Program Files\Spyware Doctor\pwindow.dll] [PC Tools, 5.0.1.6]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2688 / Fernand][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_fr.dll] [Google, 5.1.706.29690]
[C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9743]
[C:\Windows\system32\icm32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[PID: 2696 / Fernand][C:\Windows\ehome\ehtray.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2704 / Fernand][C:\Program Files\BitTorrent\bittorrent.exe] [N/A, ]
[C:\Program Files\BitTorrent\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\BitTorrent\PYTHON24.DLL] [N/A, ]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\BitTorrent\_socket.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_ssl.pyd] [N/A, ]
[C:\Program Files\BitTorrent\win32api.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\pywintypes24.dll] [, 2.4.207.0]
[C:\Program Files\BitTorrent\pythoncom24.dll] [, 2.4.207.0]
[C:\Program Files\BitTorrent\shell.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\zlib.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_zope_interface_coptimizations.pyd] [N/A, ]
[C:\Program Files\BitTorrent\win32file.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\_ctypes.pyd] [N/A, ]
[C:\Program Files\BitTorrent\win32process.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\win32event.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\win32ui.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\BitTorrent\dde.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_iocp.pyd] [N/A, ]
[C:\Program Files\BitTorrent\win32gui.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\win32pipe.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\win32security.pyd] [, 2.4.207.0]
[C:\Program Files\BitTorrent\select.pyd] [N/A, ]
[C:\Program Files\BitTorrent\ARC4.pyd] [N/A, ]
[C:\Program Files\BitTorrent\cBitfield.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_c_urlarg.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_core_.pyd] [N/A, ]
[C:\Program Files\BitTorrent\wxmsw26uh_vc.dll] [N/A, ]
[C:\Program Files\BitTorrent\_gdi_.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_windows_.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_controls_.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_misc_.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_grid.pyd] [N/A, ]
[C:\Program Files\BitTorrent\_stc.pyd] [N/A, ]
[C:\Program Files\BitTorrent\wxmsw26uh_stc_vc.dll] [N/A, ]
[C:\Program Files\BitTorrent\_gizmos.pyd] [N/A, ]
[C:\Program Files\BitTorrent\wxmsw26uh_gizmos_vc.dll] [N/A, ]
[PID: 2712 / Fernand][C:\Program Files\PowerArchiver\PASTARTER.EXE] [ConeXware, Inc., 1.1.0.1]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2748 / Fernand][C:\Program Files\Windows Media Player\wmpnscfg.exe] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2876 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\system32\OmCamUSD.dll] [Omnivision Technologies, Inc., 2.2.0.2600]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 2908 / SYSTEM][C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe] [Fujitsu Siemens Computers, 1.03]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2948 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 3084 / SYSTEM][C:\Windows\system32\SearchIndexer.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 3448 / Fernand][C:\Windows\ehome\ehmsas.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 3880 / Fernand][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Windows\system32\icm32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_fr.dll] [Google, 5.1.706.29690]
[C:\Windows\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r22]
[C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9743]
[PID: 3924 / Fernand][C:\PROGRA~1\Magentic\bin\MgApp.exe] [, 1, 3, 1, 0524]
[C:\PROGRA~1\Magentic\bin\NeoUtils.dll] [IncrediMail, Ltd., 1, 3, 1, 0524]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\Magentic\bin\NeoLook.dll] [IncrediMail, Ltd., 1, 3, 1, 0524]
[C:\PROGRA~1\Magentic\bin\NeoWrap.dll] [IncrediMail, Ltd., 1, 3, 1, 0524]
[C:\PROGRA~1\Magentic\bin\SFTTV32.DLL] [Softel vdm, Inc., 4.01]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\PROGRA~1\Magentic\bin\NeoTrayR.dll] [IncrediMail, Ltd., 1, 3, 1, 0524]
[C:\PROGRA~1\Magentic\bin\NeoComm.dll] [, 1, 3, 1, 0]
[C:\PROGRA~1\Magentic\bin\NeoNtUtil.dll] [IncrediMail, Ltd., 1, 3, 1, 0524]
[C:\PROGRA~1\Magentic\bin\NeoCommR.dll] [IncrediMail, Ltd., 1, 3, 1, 0524]
[PID: 2256 / SYSTEM][C:\Windows\system32\taskeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[PID: 2756 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\wmpnetwk.exe] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 3692 / Fernand][C:\PROGRA~1\INCRED~1\bin\IMApp.exe] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImUtilsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImNtUtilU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\PROGRA~1\INCRED~1\bin\ImLookU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\IncrediMail\bin\ImAppRU.dll] [, 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImComUtlU.dll] [, 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImSpoolU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImFoldrsU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImServU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImJunkU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\PROGRA~1\INCRED~1\bin\ImNotfyU.dll] [IncrediMail, Ltd., 5, 6, 5, 3056]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[PID: 3428 / Fernand][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll] [Google, 5.1.706.29690]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_fr.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 5.1.706.29690]
[PID: 3540 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.3.2.6]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.3.2.2]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.3.2.6]
[PID: 4280 / Fernand][C:\Program Files\Internet Explorer\ieuser.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 3380 / Fernand][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16386 (vista_rtm.061101-2205)]
[C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL] [Google, 5.1.706.29690]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopCommon.dll] [Google, 5.1.706.29690]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll] [Google, 5.1.706.29690]
[C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopResources_fr.dll] [Google, 5.1.706.29690]
[C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 5.1.706.29690]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll] [Yahoo! Inc., 2006, 10, 26, 1]
[C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.10.6]
[C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll] [Yahoo! Inc., 2005, 12, 16, 1]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll] [Yahoo! Inc., 2006.1.25.01]
[C:\Program Files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll] [Yahoo!, Inc., 2006, 4, 26, 1]
[C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9743]
[C:\Program Files\Google\Google Desktop Search\gzlib.dll] [N/A, ]
[PID: 4604 / Fernand][C:\Users\Fernand\Desktop\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[C:\Program Files\Spyware Doctor\smumhook.dll] [PC Tools, 5.0.1.58]
[C:\Users\Fernand\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost
::1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1576, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 1576, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1884, C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 1884, C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 664, C:\PROGRA~1\GRISOFT\AVG7\AVGUPSVC.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 664, C:\PROGRA~1\GRISOFT\AVG7\AVGUPSVC.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2060, C:\PROGRA~1\GRISOFT\AVG7\AVGRSSVC.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 2060, C:\PROGRA~1\GRISOFT\AVG7\AVGRSSVC.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2080, C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 2080, C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2088, C:\PROGRA~1\GRISOFT\AVG7\AVGRSSVC.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 2088, C:\PROGRA~1\GRISOFT\AVG7\AVGRSSVC.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2908, C:\FIRSTSTEPS\ONLINEDIAGNOSTIC\TESTMANAGER\TESTHANDLER.EXE]
Special Privilege Enabled: SeSystemtimePrivilege [PID = 2908, C:\FIRSTSTEPS\ONLINEDIAGNOSTIC\TESTMANAGER\TESTHANDLER.EXE]

==================================
API HOOK
LoadLibraryExW (Dangerous Level: Generic, Hooked by Module: )

==================================
Hidden Process
N/A

==================================


[/CODE]

merci
12 Août 2007 23:50:20

chercheur, j'ai recu un message privé d'eric71 disant ceci

Posté le 12-08-2007 à 23:29:50

Bonsoir

Comme tu as du le voir , je fais partie des personnes qui désifectent les PC

Je fais aussi de la programmation et j'ais fait un programme qui doit détecter la cause des pubs sous Vista

peux-tu faire un essai ( déja testé sur plusieurs PC Vista , ne fonctionne pas avec tous ) :

Télécharge RechInf <- ici

Décompresse le sur ton Bureau

Double clique sur Recherche_.bat ( le .bat peut ne pas apparaitre )

Copie / Colle le rapport généré

Merci

PS : il ne produit qu'un rapport et ne supprime rien

Qu'en pense tu?
Merci
13 Août 2007 00:15:05

Re

Fais la manip avec RechInf, il n'y a aucun risque.
Je regarde le rapport de SReng et je reviens.
13 Août 2007 00:29:23

ok merci
pas de souci toutefois nos chers amis ne sont pas très cool quand on y connait rien
enfin c pas grave
14 Août 2007 02:17:37

help j'attend des news de "chercheur"
14 Août 2007 09:50:01

Bonjour

Rien de visible dans ce rapport.


Désactive le contrôle des comptes utilisateurs (tu le réactiveras lorsque tu auras obtenu le rapport):
- Vas dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Télécharge maintenant Navilog1VistaBeta :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1Vista...

Enregistre-le sur ton bureau.
Fais un clic-droit dessus et choisis tout extraire.

Fais un clic-droit sur le fichier Navilog1.bat et choisis Propriétés :
dans l'onglet Compatibilité, Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur".

Lance Navilog1.bat
Laisse toi guider et patiente.
A la fin du scan, le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote

Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%. (Racine de ton disque )
14 Août 2007 11:34:46

Désolé j'ai essayé de faire cette manip, mais quand le dossier http://perso.orange.fr/il.mafioso/ [...] taBeta.zip est decompressé je n'obtiens que Navilog1 et pas d'accés au Cadre "Niveau de privilège".
Merci pour ton aide.
14 Août 2007 17:49:11

Re

As tu essayer de le lancer normalement ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS