Des pages d'acceuil de IE s'ouvrent sans cesse,+ de 40/hr

Bonjour,
Je me présente, je m'appelle Lou et j'ai un gros soucis depuis plusieurs semaines !!

Ce sujet est traité sur bien des forums et je pense qu'une soluce est possible, je me permet donc de créer un nouveau post comme demandé par Anthony10.

J'ai IE 7, je l'ai désinstaller, remis le IE6 mais toujours pareil , là j'ai à nouveau IE7.

Là, le temps d'écrire ce post, j'ai une dizaine de pages qui ce sont ouverte et cela est vraiment plus que gênant.

Je me suis donc inscrite sur le forum en espérant avoir une soluce car j'ai les nerfs qui lâchent tout doucement !!!

Merci d'avance

PS: Je travaille de 14 hr à 22 hr, je viendrais voir ce soir si quelqu'un veut bien m'aider

Lou

Bonjour


Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse ici.

PS : je fais les même horaires aujourd'hui

cool pour moi alors !!

Je fait ça de suite si j'ai le temps, dans une demi-hr, je pars

Voiçi le rapport:

Logfile of HijackThis v1.99.1
Scan saved at 13:08:22, on 5/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\twxxfwgh.dll
O2 - BHO: (no name) - {C9B343B9-0CEF-4ACF-BB4D-A82C8A31D1DF} - C:\WINDOWS\system32\mllih.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\urqpoli.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70111799 /d
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\eksbojaj.dll",forkonce
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mllih - C:\WINDOWS\system32\mllih.dll
O20 - Winlogon Notify: urqpoli - C:\WINDOWS\SYSTEM32\urqpoli.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Re


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt.

hello, désolée d'être si tard mais j'ai eu un petit souci au boulot

Voici les deux log :

VUNDOFIX:il n'y a qu'une ligne dans un fichier texte nommé addmorfile, et 30 fichier .bad mais je ne sais pas les "copier " ???


VOICI LE FICHIER DE ADDMORFILE

C:\windows\system32\urqpoli.dll
et le rapport HIJACKTHIS

Hijacthis/

Logfile of HijackThis v1.99.1
Scan saved at 23:52:32, on 5/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A71FB1DF-53E4-4130-B88C-C73B2663628A} - C:\WINDOWS\system32\mllih.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70111799 /d
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Voilà, @ plus, merci

Bien


Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A71FB1DF-53E4-4130-B88C-C73B2663628A} - C:\WINDOWS\system32\mllih.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

voila voilou !!

Log:

"laudia" - 2007-07-06 1:21:51 - ComboFix 07-07-04.4 - Service Pack 2 FAT32


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\laudia\Bureau.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


2007-07-05 23:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 23:25 <REP> d-------- C:\VundoFix Backups
2007-07-05 13:07 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-05 10:02 4,672 --a------ C:\WINDOWS\system32\itfohdjl.exe
2007-07-05 09:01 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-05 09:01 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-05 09:01 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-05 09:01 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-05 09:01 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-05 09:01 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-05 09:01 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-27 16:46 4,672 --a------ C:\WINDOWS\system32\eumxfudk.exe
2007-06-21 23:59 <REP> d-------- C:\DOCUME~1\laudia\APPLIC~1\Apple Computer
2007-06-21 23:51 <REP> d-------- C:\Program Files\QuickTime
2007-06-21 23:50 <REP> d-------- C:\Program Files\Apple Software Update
2007-06-21 23:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-16 21:36 <REP> d-------- C:\Program Files\MSXML 4.0
2007-06-16 00:25 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-16 00:23 <REP> d-------- C:\Program Files\HP
2007-06-16 00:20 308 --------- C:\WINDOWS\hpgmdl24.dat
2007-06-16 00:20 142,019 --a------ C:\WINDOWS\hpgins24.dat
2007-06-15 23:34 <REP> d-------- C:\Program Files\Hewlett-Packard


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 22:07:44 49,684 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-05 22:07:44 369,446 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-05 11:07:26 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-05-25 00:00:14 -------- d-----w C:\DOCUME~1\laudia\APPLIC~1\Dossier de téléchargement Share-to-Web
2007-05-24 23:54:40 -------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:36 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2001-12-21 23:58 C:\WINDOWS\system32\atiptaxx.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2001-10-19 20:46]
"CPATR10"="C:\PROGRA~1\EzButton\CPATR10.EXE" [2006-02-17 12:00]
"XpDis0Conf"="C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe" [2004-02-20 17:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 14:28]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2006-12-27 17:20]
"Magentic"="C:\PROGRA~1\MAGENTIC\bin\Magentic.exe" []


Contents of the 'Scheduled Tasks' folder
2007-06-21 21:50:24 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 01:24:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-06 1:25:15
C:\ComboFix2.txt ... 2007-07-05 23:46
C:\ComboFix-quarantined-files.txt ... 2007-07-06 01:25

--- E O F ---

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 1:31:10, on 6/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70111799 /d
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

bonjour chercheur,

J'ai laissé le pc allumé toute la nuit, ce matin j'ai 47 fenêtre google ouverte

Hello, de pire en pire, je viens d'aller faire une course Deux heures, je rentre 78 fenêtres !!!!!!!!!!!!!!!!

Bonjour


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\itfohdjl.exe
C:\WINDOWS\system32\eumxfudk.exe

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Fais aussi ceci. Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

Hello, je fait ça de suite !!

voilà, mais un petit soucis
Le combo fix no problem !!

Pour le diaghelp, j'ai bien suivi les instructions, j'ai eu l'écran bleu comme prévu, après quelques min , j'ai eu un écran me disant scan ok mais pas de démarrage de pc et surtout pas de dossier C:/resultat dans C ????? µPar contre j'ai un fichier apparru sur mon écran nommé "catchme", je le poste et dis-moi si c'est ok, stp ?

le log:

"laudia" - 2007-07-06 23:07:02 - ComboFix 07-07-04.4 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\laudia\Bureau\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\poof


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-06 02:17 <REP> d-------- C:\Program Files\MSN BackUp
2007-07-05 23:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 23:25 <REP> d-------- C:\VundoFix Backups
2007-07-05 13:07 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-05 10:02 4,672 --a------ C:\WINDOWS\system32\itfohdjl.exe
2007-07-05 09:01 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-05 09:01 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-05 09:01 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-05 09:01 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-05 09:01 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-05 09:01 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-05 09:01 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-27 16:46 4,672 --a------ C:\WINDOWS\system32\eumxfudk.exe
2007-06-21 23:59 <REP> d-------- C:\DOCUME~1\laudia\APPLIC~1\Apple Computer
2007-06-21 23:51 <REP> d-------- C:\Program Files\QuickTime
2007-06-21 23:50 <REP> d-------- C:\Program Files\Apple Software Update
2007-06-21 23:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-16 21:36 <REP> d-------- C:\Program Files\MSXML 4.0
2007-06-16 00:25 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-16 00:23 <REP> d-------- C:\Program Files\HP
2007-06-16 00:20 308 --------- C:\WINDOWS\hpgmdl24.dat
2007-06-16 00:20 142,019 --a------ C:\WINDOWS\hpgins24.dat
2007-06-15 23:34 <REP> d-------- C:\Program Files\Hewlett-Packard


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 22:07:44 49,684 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-05 22:07:44 369,446 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-05 11:07:26 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-05-25 00:00:14 -------- d-----w C:\DOCUME~1\laudia\APPLIC~1\Dossier de téléchargement Share-to-Web
2007-05-24 23:54:40 -------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:36 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2001-12-21 23:58 C:\WINDOWS\system32\atiptaxx.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2001-10-19 20:46]
"CPATR10"="C:\PROGRA~1\EzButton\CPATR10.EXE" [2006-02-17 12:00]
"XpDis0Conf"="C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe" [2004-02-20 17:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 14:28]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2006-12-27 17:20]
"Magentic"="C:\PROGRA~1\MAGENTIC\bin\Magentic.exe" []


Contents of the 'Scheduled Tasks' folder
2007-06-21 21:50:24 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 23:11:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-06 23:13:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-06 23:13
C:\ComboFix3.txt ... 2007-07-06 01:25
C:\ComboFix2.txt ... 2007-07-06 22:33


Le catchme:

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 23:15:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

PS: le catchme est l'écran que j'avais dans la fenêtre bleue et qui est restée sans bouger pendant plus de 30 minutes !!!!!!!!!!!
--- E O F ---

Les fichiers sont encore là.

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\itfohdjl.exe
C:\WINDOWS\system32\eumxfudk.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Télécharge SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse

Re et merci d'être là si tard !!

voici le rapport OTMoveIt

C:\WINDOWS\system32\itfohdjl.exe moved successfully.
C:\WINDOWS\system32\eumxfudk.exe moved successfully.

Created on 07/07/2007 00:14:37 (je pense que cette fois, ils sont partis !!)

Et le rapport SREngLOG mais il est très long:

[CODE]

2007-07-07,00:19:02

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<NBJ><"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"> [Ahead Software AG]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<IncrediMail><C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c> [IncrediMail, Ltd.]
<Magentic><C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIModeChange><Ati2mdxx.exe> [ATI Technologies, Inc.]
<AtiPTA><atiptaxx.exe> [ATI Technologies, Inc.]
<Apoint><C:\Program Files\Apoint2K\Apoint.exe> [Alps Electric Co., Ltd.]
<CPATR10><C:\PROGRA~1\EzButton\CPATR10.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<XpDis0Conf><C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70111799 /d> [N/A]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl> [N/A]

==================================
Startup Folders
N/A

==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\System32\Ati2evxx.exe><>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Diskeeper / Diskeeper][Running/Auto Start]
<"C:\Program Files\Executive Software\Diskeeper\DkService.exe"><Executive Software International, Inc.>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
<"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[SmartLinkService / SLService][Running/Auto Start]
<slserv.exe><>
[WLTRYSVC / WLTRYSVC][Running/Auto Start]
<C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe><N/A>

==================================
Drivers
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
<System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[ASNDIS5 Protocol Driver / ASNDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ASNDIS5.SYS><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Pilote pour carte réseau BCM 802.11b / BCM43XX][Stopped/Manual Start]
<System32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\laudia\LOCALS~1\Temp\catchme.sys><N/A>
[Crystal WDM Audio Codec Driver / cs429x][Running/Manual Start]
<system32\drivers\cwawdm.sys><Cirrus Logic, Inc.>
[Dritek Port I/O Driver / DPortIO][Running/Auto Start]
<System32\Drivers\DPortIO.sys><Dritek System Inc.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[Dritek HotKey Keyboard Filter Driver / KBFiltr][Running/Manual Start]
<System32\Drivers\KBFiltr.sys><Dritek System Inc.>
[AEGIS Protocol (IEEE 802.1x) v2.3.1.9 / MDC8021X][Running/Auto Start]
<system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[Mtlmnt5 / Mtlmnt5][Running/Manual Start]
<System32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
<System32\DRIVERS\Mtlstrm.sys><>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
<System32\DRIVERS\NtMtlFax.sys><>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[AsusTek RT2500 Wireless Driver / RT2500][Stopped/Manual Start]
<system32\DRIVERS\RT2500.sys><Ralink Technology Inc.>
[Belkin USB Network Adapter / RT73][Stopped/Manual Start]
<system32\DRIVERS\rt73.sys><Ralink Technology, Corp.>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
<System32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal][Stopped/Manual Start]
<System32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup][Running/Manual Start]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[V90drv / V90drv][Stopped/Manual Start]
<System32\DRIVERS\v90drv.sys><>

==================================
Browser Add-ons
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Image Uploader Control]
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, Aurigma, Inc.>
[Aurigma Image Uploader 3.5 Control]
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} <C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx, Aurigma Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common files\Microsoft Shared\TriEdit\Dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\System32\tdc.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <"C:\PROGRA~1\MSNMES~1\msgsc.dll", N/A>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Image Uploader Control]
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, Aurigma, Inc.>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\drmstor.dll, Microsoft Corporation>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Aurigma Image Uploader 3.5 Control]
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} <C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx, Aurigma Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[&Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <"C:\PROGRA~1\MSNMES~1\msgsc.dll", N/A>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>

==================================
Running Processes
[PID: 516 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1020 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1356 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 1464 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhResJs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 1480 / laudia][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 1692 / laudia][C:\WINDOWS\system32\atiptaxx.exe] [ATI Technologies, Inc., 6.13.10.2529]
[C:\WINDOWS\system32\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.13.10.2529]
[C:\WINDOWS\system32\atipdsxx.dll] [ATI Technologies, Inc., 6.13.10.2529]
[PID: 1700 / laudia][C:\Program Files\Apoint2K\Apoint.exe] [Alps Electric Co., Ltd., 5.3.1.106]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 5.3.1.42]
[C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.3.201.153]
[C:\Program Files\Apoint2K\EzAuto.dll] [Alps Electric Co., Ltd., 4.5.1.82]
[C:\Program Files\Apoint2K\EzLaunch.DLL] [Alps Electric Co., Ltd., 4.5.0.42]
[PID: 1708 / laudia][C:\PROGRA~1\EzButton\CPATR10.EXE] [Dritek System Inc., 1.00]
[C:\PROGRA~1\EzButton\SzUPFUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\EzButton\OSDUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\EzButton\RgnMaker.dll] [Dritek System Inc., 12.07.1999 ( VC60 )]
[C:\PROGRA~1\EzButton\CDRomUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\EzButton\MixerUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\EzButton\ComFnUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\EzButton\LgKCUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\EzButton\Wnd2File.dll] [Dritek System Inc., 3.00]
[C:\PROGRA~1\EzButton\PtIOUTL.dll] [N/A, ]
[C:\PROGRA~1\EzButton\TkBarUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 1716 / laudia][C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe] [XPDisable0Conf, 2, 0, 3, 0]
[PID: 1724 / laudia][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 997, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 997, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 997, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 997, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 997, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 997, 0]
[c:\program files\alwil software\avast4\ahruijs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1748 / laudia][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 1864 / laudia][C:\Program Files\Apoint2K\Apntex.exe] [Alps Electric Co., Ltd., 5.0.1.13]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 5.3.1.42]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 2036 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 364 / laudia][C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\PROGRA~1\INCRED~1\bin\ImUtils2.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\PROGRA~1\INCRED~1\bin\ImNtUtil.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\PROGRA~1\INCRED~1\bin\ImLook2.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\IncrediMail\bin\ImAppR.dll] [, 5, 2, 5, 2598]
[C:\Program Files\IncrediMail\bin\ImComUtl.dll] [, 5, 2, 5, 2598]
[C:\Program Files\IncrediMail\bin\ImSpool.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\Program Files\IncrediMail\bin\ImFoldrs.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\Program Files\IncrediMail\bin\ImServ.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\Program Files\IncrediMail\bin\ImJunk.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[C:\PROGRA~1\INCRED~1\bin\asapsdk.dll] [Commtouch, 3.02.0003]
[C:\Program Files\IncrediMail\bin\ImNotfy.dll] [IncrediMail, Ltd., 5, 2, 5, 2598]
[PID: 436 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 456 / SYSTEM][C:\Program Files\Executive Software\Diskeeper\DkService.exe] [Executive Software International, Inc., 8.0.480.0]
[C:\Program Files\Executive Software\Diskeeper\tl32v20.dll] [Preview Software Inc, 1, 2, 0, 0]
[C:\Program Files\Executive Software\Diskeeper\DkLib.dll] [Executive Software International, Inc., 8.0.480.0]
[C:\Program Files\Executive Software\Diskeeper\DkRes.dll] [Executive Software International, Inc., 8.0.480.0]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 508 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.39.1]
[C:\Program Files\Fichiers communs\LightScribe\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\LightScribe\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\slserv.exe] [ , 2.80.00(24Apr2000)]
[PID: 936 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / SYSTEM][C:\WINDOWS\System32\WLTRYSVC.EXE] [N/A, ]
[PID: 1288 / laudia][C:\WINDOWS\System32\bcmwltry.exe] [Broadcom Corporation, 3.50.21.10]
[C:\WINDOWS\System32\AegisE5.dll] [Meetinghouse Data Communications, 1, 8, 0, 23]
[C:\WINDOWS\System32\SSLEAY32.dll] [N/A, ]
[C:\WINDOWS\System32\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 2324 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 2380 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 997, 0]
[PID: 2828 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2688 / laudia][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Program Files\Alwil Software\Avast4\AhAScr.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.3.201.153]
[C:\WINDOWS\system32\Vxdif.dll] [Alps Electric Co., Ltd., 5.3.1.42]
[PID: 2548 / laudia][C:\Documents and Settings\laudia\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 997, 0]
[C:\Documents and Settings\laudia\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1692, C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1700, C:\PROGRAM FILES\APOINT2K\APOINT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1716, C:\PROGRA~1\BELKIN\BELKIN~1\TOOL\WINXPDISABLEZEROCONFIGATION.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1864, C:\PROGRAM FILES\APOINT2K\APNTEX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 364, C:\PROGRA~1\INCRED~1\BIN\IMAPP.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1288, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]

Merci, j'attends devant le pc !!

hello,
Plus de soluces ??

Je vais je pense donc formater
merci

Bonjour


Un peu de patience.
On a beau être dimanche, je travaillais.

As tu formaté ?

Hello,

Non, je n'ai pas encore formaté car problème pour formater!
En effet, c'est un pc portable dont le lecteur dvd interne est foutu, je suis donc en lecteur externe et le bios ne reconnait pas le USB donc, je ne sais pas encore comment je vais faire pour formater, peut-être en réinstallant un windows 3.11 et un dos 6 , je pense qu'alors le usb sera reconnu !! Je pars pour une semaine aujourd'hui et en rentrant, je teste .

Je te tiendrais au courant

Merci quand-même !!

Lou