Forum Clubic

Trojan banker win 32 banker IK

bonjour

mon antivirus avira antivirus personnal de free n’a rien trouvé par contre a squared free4.5 a trouvé un trojan banker win 32 banker IK qui se trouve dans C/adm/hw.dll , j’ai beau le supprimer à la fin du balayage avec a squared free mais il revient sans cesse que faire pour m’en débarrasser définitivement
puis également supprimer le dossier c/adm/hw.dll
merci de votre aide
kalye16

Salut

faudrai quand même au départ donner plus d infos OS ,etc !!!

Fais ceci

1)Télécharges --> Malwarebytes’ (mbam)

==>Malwarebytes’ (mbam)
installes + mise a jour

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”

==> Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport

Important ==>Si MalwareBytes’ détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection

=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

ensuite

  1. Désactives ton antivirus et antispyware

Télécharge ComboFix

==> ComboFix

==>sur ton Bureau ==> et pas ailleurs et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>kalye16.com
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”
Fermez toutes les fenêtres ouvertes

Double clique==> kalye16.com ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

Réactives ton antivirus et antispyware

aprés

  1. Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

http://i46.tinypic.com/i5q0c7.png

==>RSIT

==>Dans le menu Déroulant choisi ==>Windows Vista (Pack 2)

==> Double-clique sur RSIT.exe afin de lancer RSIT.

==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

je n’arrive pas à coller le rapport combofix ici

salut

Pourquoi

tu fais un copié :Collé,des rapports ==> Malwarebytes- Combofix et RSIT

tu sais ou peut être pas

Fais un copié-collé de ce rapport

 Clic-droit sur le texte du rapport --> Sélectionner tout
 Clic-droit sur le texte du rapport --> Copier
Clic droit dans ta fenêtre de réponse sur le forum --> coller 

ou
Ctrl+A= selectionner
Ctrl+C=copier
Ctrl+V=coller

ou

dans le rapport ouvert
clic sur ==> Edition
dans le menu Contextuel ==> selectionner tout
Pour mettre en surbrillance ==> clic droit==> copié
et sur le forum ==> collé

re
j’ai fait toutes les manips que tu m’as dites , j’ai les rapports mais je n’arrive pas à faire un copier coller pour les mettre sur le forum
merci de ton aide

Re

je viens de faire un Copié-colé d unrapport d une derniére desinfection sur le Forum

[spoiler]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:21, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\flepflep\Bureau\RSIT.exe
C:\Documents and Settings\flepflep\Bureau\Tous contre les virus !!\le barbier philippe.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU…\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe


End of file - 4988 bytes

[/spoiler]
donc je ne vois pas d ou viens le probs ==> sinon fais une capture d écran de chaque rapport

mets les balises ==> Spoiler pour éviter de prendre toute la page j ai fais de même avec le rapport

Malwarebytes’ Anti-Malware 1.44
Version de la base de données: 3615
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/01/2010 09:51:44
mbam-log-2010-01-25 (09-51-44).txt

Type de recherche: Examen complet (C:|D:|J:|)
Eléments examinés: 177285
Temps écoulé: 44 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voilà le rapport de malwarebytes après restauration système et nettoyage de disque faut il faire combofix merci de ta réponse

Salut

Fais Combofix comme décris,poste le rapport

ensuite

Poste les rapports de RSIT

Logfile created: 25/01/2010 11:35:21
Lavasoft Ad-Aware version: 8.1.3
User performing scan: Nicole

*********************** Definitions database information ***********************
Lavasoft definition file: 149.138
Genotype definition file version: 2010/01/21 13:02:09

******************************** Scan results: *********************************
Scan profile name: Analyse complète (ID: full)
Objects scanned: 96061
Objects detected: 12

Type Detected

Processes…: 0
Registry entries: 0
Hostfile entries: 0
Files…: 2
Folders…: 0
LSPs…: 0
Cookies…: 10
Browser hijacks.: 0
MRU objects…: 0

Removed items:
Description: atdmt Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: atdmt Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: bs.serving-sys Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: serving-sys Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: webtrends Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: serving-sys Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: adserver Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: adserv Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: adserve Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: specificclick Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Quarantined items:
Description: C:\Documents and Settings\Nicole\Mes documents\Téléchargements\Download_DriverDetective-6.3.1.2(2).exe Family Name: Win32.Monitor.SpyBuddy Engine: 1 Clean status: Success Item ID: 937664 Family ID: 3212 MD5: 51f61a7a43ac0a148ea8444e4a655341
Description: C:\Documents and Settings\Nicole\Mes documents\Téléchargements\Download_DriverDetective-6.3.1.2.exe Family Name: Win32.Monitor.SpyBuddy Engine: 1 Clean status: Success Item ID: 937664 Family ID: 3212 MD5: 51f61a7a43ac0a148ea8444e4a655341

Scan and cleaning complete: Finished correctly after 5555 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Analyse complète
ID: folderstoscan, enabled:1, value: C:,J:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: to be filled in automatically\alert.wav

Scheduled scan settings:

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Jan 13 22:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Jan 13 04:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Jan 13 10:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Jan 13 16:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jan 13 22:26:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: NICOLE-4Y7MGDGM
Processor name: AMD Athlon™ 64 Processor 3800+
Processor identifier: x86 Family 15 Model 79 Stepping 2
Processor speed: ~2411MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 20226, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 568176640 bytes
Physical memory total: 937869312 bytes
Virtual memory available: 1982070784 bytes
Virtual memory total: 2147352576 bytes
Memory load: 39%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 448 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: AUTORITE NT
PID: 680 name: ??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: AUTORITE NT
PID: 704 name: ??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: AUTORITE NT
PID: 752 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: AUTORITE NT
PID: 764 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: AUTORITE NT
PID: 952 name: C:\WINDOWS\System32\nvsvc32.exe owner: SYSTEM domain: AUTORITE NT
PID: 984 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1076 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1172 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1236 name: C:\WINDOWS\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1376 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 1608 name: C:\WINDOWS\Explorer.EXE owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 1772 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORITE NT
PID: 1840 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: AUTORITE NT
PID: 1888 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: AUTORITE NT
PID: 1976 name: C:\WINDOWS\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 196 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: AUTORITE NT
PID: 212 name: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: AUTORITE NT
PID: 268 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: AUTORITE NT
PID: 484 name: C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe owner: SYSTEM domain: AUTORITE NT
PID: 768 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: AUTORITE NT
PID: 1288 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 2744 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORITE NT
PID: 2804 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: AUTORITE NT
PID: 2908 name: C:\WINDOWS\System32\alg.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 3820 name: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3832 name: C:\WINDOWS\RTHDCPL.EXE owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3840 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3856 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3904 name: C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3976 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2620 name: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2664 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3264 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: AUTORITE NT
PID: 3296 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3768 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3804 name: C:\WINDOWS\system32\ctfmon.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 1268 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 1036 name: C:\Program Files\OpenOffice.org 3\program\soffice.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2548 name: C:\Program Files\OpenOffice.org 3\program\soffice.bin owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3972 name: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3644 name: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3116 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2416 name: C:\Program Files\Outlook Express\msimn.exe owner: Nicole domain: NICOLE-4Y7MGDGM

Startup items:
Name: SkyTel
imagepath: SkyTel.EXE
Name: NeroFilterCheck
imagepath: C:\WINDOWS\system32\NeroCheck.exe
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: iTunesHelper
imagepath: “C:\Program Files\iTunes\iTunesHelper.exe”
Name: avgnt
imagepath: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
Name: ISUSPM Startup
imagepath: C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Name: ISUSScheduler
imagepath: “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
Name: nwiz
imagepath: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: S32sys_net29
imagepath: C:\Adm\Adm.exe stw
Name: Adobe Reader Speed Launcher
imagepath: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
Name: Adobe ARM
imagepath: “C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe”
Name: TkBellExe
imagepath: “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
Name: SunJavaUpdateSched
imagepath: “C:\Program Files\Java\jre6\bin\jusched.exe”
Name: CTFMON.EXE
imagepath: C:\WINDOWS\System32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Pré-chargeur Browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Démon de cache des catégories de composant
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name:
imagepath: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\forteManager.lnk
imagepath: C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: ALG
displayname: Service de la passerelle de la couche Application
Name: AntiVirSchedulerService
displayname: Avira AntiVir Planificateur
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Audio Windows
Name: BITS
displayname: Service de transfert intelligent en arrière-plan
Name: Bonjour Service
displayname: Service Bonjour
Name: Browser Defender Update Service
displayname: Browser Defender Update Service
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: Lanceur de processus serveur DCOM
Name: Dhcp
displayname: Client DHCP
Name: Dnscache
displayname: Client DNS
Name: ERSvc
displayname: Service de rapport d’erreurs
Name: Eventlog
displayname: Journal des événements
Name: EventSystem
displayname: Système d’événements de COM+
Name: FastUserSwitchingCompatibility
displayname: Compatibilité avec le Changement rapide d’utilisateur
Name: helpsvc
displayname: Aide et support
Name: iPod Service
displayname: Service de l’iPod
Name: lanmanserver
displayname: Serveur
Name: lanmanworkstation
displayname: Station de travail
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: Assistance TCP/IP NetBIOS
Name: Netman
displayname: Connexions réseau
Name: Nla
displayname: NLA (Network Location Awareness)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug-and-Play
Name: PolicyAgent
displayname: Services IPSEC
Name: ProtectedStorage
displayname: Emplacement protégé
Name: RasMan
displayname: Gestionnaire de connexions d’accès distant
Name: RpcSs
displayname: Appel de procédure distante (RPC)
Name: SamSs
displayname: Gestionnaire de comptes de sécurité
Name: Schedule
displayname: Planificateur de tâches
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: Notification d’événement système
Name: SharedAccess
displayname: Pare-feu Windows / Partage de connexion Internet
Name: ShellHWDetection
displayname: Détection matériel noyau
Name: Spooler
displayname: Spouleur d’impression
Name: srservice
displayname: Service de restauration système
Name: SSDPSRV
displayname: Service de découvertes SSDP
Name: stisvc
displayname: Acquisition d’image Windows (WIA)
Name: TapiSrv
displayname: Téléphonie
Name: TermService
displayname: Services Terminal Server
Name: Themes
displayname: Thèmes
Name: TrkWks
displayname: Client de suivi de lien distribué
Name: upnphost
displayname: Hôte de périphérique universel Plug-and-Play
Name: W32Time
displayname: Horloge Windows
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Infrastructure de gestion Windows
Name: wscsvc
displayname: Centre de sécurité
Name: wuauserv
displayname: Mises à jour automatiques
Name: WZCSVC
displayname: Configuration automatique sans fil

Logfile created: 25/01/2010 11:35:21
Lavasoft Ad-Aware version: 8.1.3
User performing scan: Nicole

*********************** Definitions database information ***********************
Lavasoft definition file: 149.138
Genotype definition file version: 2010/01/21 13:02:09

******************************** Scan results: *********************************
Scan profile name: Analyse complète (ID: full)
Objects scanned: 96061
Objects detected: 12

Type Detected

Processes…: 0
Registry entries: 0
Hostfile entries: 0
Files…: 2
Folders…: 0
LSPs…: 0
Cookies…: 10
Browser hijacks.: 0
MRU objects…: 0

Removed items:
Description: atdmt Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: atdmt Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: bs.serving-sys Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: serving-sys Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: webtrends Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: serving-sys Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: adserver Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: adserv Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: adserve Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: specificclick Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0

Quarantined items:
Description: C:\Documents and Settings\Nicole\Mes documents\Téléchargements\Download_DriverDetective-6.3.1.2(2).exe Family Name: Win32.Monitor.SpyBuddy Engine: 1 Clean status: Success Item ID: 937664 Family ID: 3212 MD5: 51f61a7a43ac0a148ea8444e4a655341
Description: C:\Documents and Settings\Nicole\Mes documents\Téléchargements\Download_DriverDetective-6.3.1.2.exe Family Name: Win32.Monitor.SpyBuddy Engine: 1 Clean status: Success Item ID: 937664 Family ID: 3212 MD5: 51f61a7a43ac0a148ea8444e4a655341

Scan and cleaning complete: Finished correctly after 5555 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Analyse complète
ID: folderstoscan, enabled:1, value: C:,J:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: to be filled in automatically\alert.wav

Scheduled scan settings:

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Jan 13 22:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Jan 13 04:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Jan 13 10:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Jan 13 16:26:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jan 13 22:26:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: NICOLE-4Y7MGDGM
Processor name: AMD Athlon™ 64 Processor 3800+
Processor identifier: x86 Family 15 Model 79 Stepping 2
Processor speed: ~2411MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 20226, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 568176640 bytes
Physical memory total: 937869312 bytes
Virtual memory available: 1982070784 bytes
Virtual memory total: 2147352576 bytes
Memory load: 39%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 448 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: AUTORITE NT
PID: 680 name: ??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: AUTORITE NT
PID: 704 name: ??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: AUTORITE NT
PID: 752 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: AUTORITE NT
PID: 764 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: AUTORITE NT
PID: 952 name: C:\WINDOWS\System32\nvsvc32.exe owner: SYSTEM domain: AUTORITE NT
PID: 984 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1076 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1172 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 1236 name: C:\WINDOWS\System32\svchost.exe owner: SERVICE RÉSEAU domain: AUTORITE NT
PID: 1376 name: C:\WINDOWS\system32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 1608 name: C:\WINDOWS\Explorer.EXE owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 1772 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORITE NT
PID: 1840 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: AUTORITE NT
PID: 1888 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: AUTORITE NT
PID: 1976 name: C:\WINDOWS\System32\svchost.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 196 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: AUTORITE NT
PID: 212 name: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: AUTORITE NT
PID: 268 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: AUTORITE NT
PID: 484 name: C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe owner: SYSTEM domain: AUTORITE NT
PID: 768 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: AUTORITE NT
PID: 1288 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORITE NT
PID: 2744 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORITE NT
PID: 2804 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: AUTORITE NT
PID: 2908 name: C:\WINDOWS\System32\alg.exe owner: SERVICE LOCAL domain: AUTORITE NT
PID: 3820 name: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3832 name: C:\WINDOWS\RTHDCPL.EXE owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3840 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3856 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3904 name: C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3976 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2620 name: C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2664 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3264 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: AUTORITE NT
PID: 3296 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3768 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3804 name: C:\WINDOWS\system32\ctfmon.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 1268 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 1036 name: C:\Program Files\OpenOffice.org 3\program\soffice.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2548 name: C:\Program Files\OpenOffice.org 3\program\soffice.bin owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3972 name: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3644 name: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 3116 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Nicole domain: NICOLE-4Y7MGDGM
PID: 2416 name: C:\Program Files\Outlook Express\msimn.exe owner: Nicole domain: NICOLE-4Y7MGDGM

Startup items:
Name: SkyTel
imagepath: SkyTel.EXE
Name: NeroFilterCheck
imagepath: C:\WINDOWS\system32\NeroCheck.exe
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: iTunesHelper
imagepath: “C:\Program Files\iTunes\iTunesHelper.exe”
Name: avgnt
imagepath: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
Name: ISUSPM Startup
imagepath: C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Name: ISUSScheduler
imagepath: “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
Name: nwiz
imagepath: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: S32sys_net29
imagepath: C:\Adm\Adm.exe stw
Name: Adobe Reader Speed Launcher
imagepath: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
Name: Adobe ARM
imagepath: “C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe”
Name: TkBellExe
imagepath: “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
Name: SunJavaUpdateSched
imagepath: “C:\Program Files\Java\jre6\bin\jusched.exe”
Name: CTFMON.EXE
imagepath: C:\WINDOWS\System32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Pré-chargeur Browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Démon de cache des catégories de composant
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name:
imagepath: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\forteManager.lnk
imagepath: C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
Name:
location: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: ALG
displayname: Service de la passerelle de la couche Application
Name: AntiVirSchedulerService
displayname: Avira AntiVir Planificateur
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Audio Windows
Name: BITS
displayname: Service de transfert intelligent en arrière-plan
Name: Bonjour Service
displayname: Service Bonjour
Name: Browser Defender Update Service
displayname: Browser Defender Update Service
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: Lanceur de processus serveur DCOM
Name: Dhcp
displayname: Client DHCP
Name: Dnscache
displayname: Client DNS
Name: ERSvc
displayname: Service de rapport d’erreurs
Name: Eventlog
displayname: Journal des événements
Name: EventSystem
displayname: Système d’événements de COM+
Name: FastUserSwitchingCompatibility
displayname: Compatibilité avec le Changement rapide d’utilisateur
Name: helpsvc
displayname: Aide et support
Name: iPod Service
displayname: Service de l’iPod
Name: lanmanserver
displayname: Serveur
Name: lanmanworkstation
displayname: Station de travail
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: Assistance TCP/IP NetBIOS
Name: Netman
displayname: Connexions réseau
Name: Nla
displayname: NLA (Network Location Awareness)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug-and-Play
Name: PolicyAgent
displayname: Services IPSEC
Name: ProtectedStorage
displayname: Emplacement protégé
Name: RasMan
displayname: Gestionnaire de connexions d’accès distant
Name: RpcSs
displayname: Appel de procédure distante (RPC)
Name: SamSs
displayname: Gestionnaire de comptes de sécurité
Name: Schedule
displayname: Planificateur de tâches
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: Notification d’événement système
Name: SharedAccess
displayname: Pare-feu Windows / Partage de connexion Internet
Name: ShellHWDetection
displayname: Détection matériel noyau
Name: Spooler
displayname: Spouleur d’impression
Name: srservice
displayname: Service de restauration système
Name: SSDPSRV
displayname: Service de découvertes SSDP
Name: stisvc
displayname: Acquisition d’image Windows (WIA)
Name: TapiSrv
displayname: Téléphonie
Name: TermService
displayname: Services Terminal Server
Name: Themes
displayname: Thèmes
Name: TrkWks
displayname: Client de suivi de lien distribué
Name: upnphost
displayname: Hôte de périphérique universel Plug-and-Play
Name: W32Time
displayname: Horloge Windows
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Infrastructure de gestion Windows
Name: wscsvc
displayname: Centre de sécurité
Name: wuauserv
displayname: Mises à jour automatiques
Name: WZCSVC
displayname: Configuration automatique sans fil
analyse avec ad aware de free