Win 32 agent pdd

Résolu
jojo9166 -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,à tous
comment svp eradiquer ce trj win 32 agent pddd dans system32/sysrest.sys decouvert avec avast (à jour) et malgres une supression ou mise en quarantaine et avec un netoyage avec spybot et ad- aware peso il est toujour actif au demarage
merci
Configuration: Windows XP
Internet Explorer 6.0

28 réponses

  • 1
  • 2
  1. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    1/ Télécharge et installe Hijackthis.
    http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
    Démo en image
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Fais un scan et poste l'analyse.

    2/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

    FillPCA
    0
  2. jojo9166
     
    voila mon scan
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:20:51, on 09/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\CameraFixer.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\sysrest32.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Agnitum\Spam Terrier\asp_srv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Exalead Toolbar BHO - {04F9D268-DC1F-4BF9-AD5D-7DDCEB514294} - C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
    O3 - Toolbar: Exalead Toolbar - {8F6D9079-D956-4D31-B7CC-CE6FA3044EE5} - C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: officejet 6100.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
    0
  3. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    OK. Une partie de l'infection est repérée. Peux-tu joindre également le 2nd rapport demandé ?

    FillPCA
    0
  4. jojo9166 Messages postés 37 Statut Membre
     
    voici le N°2

    [CODE]

    2008-01-09,10:41:10

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    <WOOKIT><C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [N/A]
    <Gestionnaire Antidote.exe><C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe> [(Verified)Druide informatique inc.]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
    <Copernic Desktop Search 2><"C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray> [(Verified)Copernic Technologies Inc.]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Nero AG]
    <InCD><C:\Program Files\Ahead\InCD\InCD.exe> [Ahead Software AG]
    <WOOWATCH><C:\PROGRA~1\Wanadoo\Watch.exe> [France Télécom R&D]
    <WOOTASKBARICON><C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe> [N/A]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
    <Opware12><"C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"> [ScanSoft, Inc.]
    <Windows Defender><"C:\Program Files\Windows Defender\MSASCui.exe" -masquer> [(Verified)Microsoft Corporation]
    <REGSHAVE><C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN> [FUJI PHOTO FILM CO., LTD.]
    <OSSelectorReinstall><C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe> []
    <tsnpstd3><C:\WINDOWS\tsnpstd3.exe> []
    <TrueImageMonitor.exe><C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe> [Acronis]
    <CloneCDTray><"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"> [Elaborate Bytes AG]
    <CameraFixer><C:\WINDOWS\CameraFixer.exe> []
    <Acronis Scheduler2 Service><"C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"> [Acronis]
    <ISUSPM Startup><C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup> [InstallShield Software Corporation]
    <ISUSScheduler><"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
    <snpstd3><C:\WINDOWS\vsnpstd3.exe> [(Verified)Microsoft Windows Publisher]
    <MRT><"C:\WINDOWS\system32\MRT.exe" /R> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WIFD1F~1\MpShHook.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

    ==================================
    Startup Folders
    [officejet 6100]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\officejet 6100.lnk --> C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe [Hewlett-Packard Co.]><N>

    ==================================
    Services
    [Acronis Scheduler2 Service / AcrSch2Svc][Running/Auto Start]
    <"C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe"><Acronis>
    [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
    [avast! Antivirus / avast! Antivirus][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
    [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
    [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
    [Firebird Server - MAGIX Instance / FirebirdServerMAGIXInstance][Stopped/Manual Start]
    <C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe><MAGIX®>
    [France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]
    <C:\WINDOWS\System32\FTRTSVC.exe><France Telecom>
    [Google Updater Service / gusvc][Running/Auto Start]
    <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
    [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [InCD Helper / InCDsrv][Running/Auto Start]
    <C:\Program Files\Ahead\InCD\InCDsrv.exe><Ahead Software AG>
    [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
    <C:\WINDOWS\system32\HPZipm12.exe><HP>
    [UPnPService / UPnPService][Stopped/Manual Start]
    <C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe><Magix AG>

    ==================================
    Drivers
    [Service d'installation du pilote audio Intel(r) 82801 (WDM) / ac97intc][Running/Manual Start]
    <system32\drivers\ac97intc.sys><Intel Corporation>
    [Aspi32 / Aspi32][Running/Auto Start]
    <System32\drivers\aspi32.sys><Adaptec>
    [Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Running/Manual Start]
    <System32\DRIVERS\el90xbc5.sys><3Com Corporation>
    [IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
    <system32\DRIVERS\HPZid412.sys><HP>
    [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
    <system32\DRIVERS\HPZipr12.sys><HP>
    [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
    <system32\DRIVERS\HPZius12.sys><HP>
    [i81x / i81x][Running/Manual Start]
    <System32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
    [iAimFP0 / iAimFP0][Stopped/Manual Start]
    <System32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
    [iAimFP1 / iAimFP1][Stopped/Manual Start]
    <System32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
    [iAimFP2 / iAimFP2][Stopped/Manual Start]
    <System32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
    [iAimFP3 / iAimFP3][Stopped/Manual Start]
    <System32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
    [iAimFP4 / iAimFP4][Stopped/Manual Start]
    <System32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
    [iAimFP5 / iAimFP5][Stopped/Manual Start]
    <system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
    [iAimFP6 / iAimFP6][Stopped/Manual Start]
    <system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
    [iAimFP7 / iAimFP7][Stopped/Manual Start]
    <system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
    [iAimTV0 / iAimTV0][Stopped/Manual Start]
    <System32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
    [iAimTV1 / iAimTV1][Stopped/Manual Start]
    <System32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
    [iAimTV2 / iAimTV2][Stopped/Manual Start]
    <System32\DRIVERS\wATV03nt.sys><N/A>
    [iAimTV3 / iAimTV3][Stopped/Manual Start]
    <System32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
    [iAimTV4 / iAimTV4][Stopped/Manual Start]
    <System32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
    [iAimTV5 / iAimTV5][Stopped/Manual Start]
    <system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
    [iAimTV6 / iAimTV6][Stopped/Manual Start]
    <system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
    [InCDPass / InCDPass][Running/System Start]
    <System32\DRIVERS\InCDPass.sys><Ahead Software AG>
    [SoundTap Recorder / NCHSSVAD][Stopped/Manual Start]
    <system32\drivers\nchssvad.sys><NCH Swift Sound>
    [Pinnacle DVC 80 Audio / nuvaud2][Stopped/Manual Start]
    <system32\DRIVERS\nuvaud2.sys><Zoran Ltd.>
    [Pinnacle DVC 80 Video / NUVision][Stopped/Manual Start]
    <system32\DRIVERS\nuvvid2.sys><Zoran Ltd.>
    [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
    [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
    <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [PxHelp20 / PxHelp20][Running/Boot Start]
    <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
    [Acronis Snapshots Manager / snapman][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\snapman.sys><Acronis>
    [USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
    <system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
    [sptd / sptd][Running/Boot Start]
    <\SystemRoot\System32\Drivers\sptd.sys><N/A>
    [sysrest.sys / sysrest.sys][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\sysrest.sys><N/A>
    [Acronis TrueImage FS Filter / tifsfilter][Running/Auto Start]
    <system32\DRIVERS\tifsfilt.sys><Acronis>
    [Acronis TrueImage Backup Archive Explorer / timounter][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\timntr.sys><Acronis>
    [TVICHW32 / TVICHW32][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
    [Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
    <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

    ==================================
    Browser Add-ons
    [ExaIEHelperObject Object]
    {04F9D268-DC1F-4BF9-AD5D-7DDCEB514294} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [VMN Toolbar]
    {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL, Visicom Media Inc. >
    []
    {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [AcroIEToolbarHelper Class]
    {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
    [Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
    [&Rechercher]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
    [Orange]
    {1462651F-F4BA-4C76-A001-C4284D0FE16E} <http://www.orange.fr, N/A>
    [Adobe PDF]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
    [&Google]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [Copernic Desktop Search 2]
    {968631B6-4729-440D-9BF4-251F5593EC9A} <C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll, Copernic Technologies Inc.>
    [Exalead Toolbar]
    {8F6D9079-D956-4D31-B7CC-CE6FA3044EE5} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
    [VMN Toolbar]
    {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL, Visicom Media Inc. >
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
    [LSSupCtl Class]
    {1F2F4C9E-6F09-47BC-970D-3C54734667FE} <C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll, Symantec Corporation>
    [ActiveDataInfo Class]
    {3451DEDE-631F-421C-8127-FD793AFC6CC8} <C:\WINDOWS\Downloaded Program Files\SymAData.dll, Symantec Corporation>
    [SysData Class]
    {49232000-16E4-426C-A231-62846947304B} <C:\WINDOWS\DOWNLO~1\SysInfo.dll, Hewlett-Packard>
    [MUWebControl Class]
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
    [Oberon Flash Game Host]
    {D0C0F75C-683A-4390-A791-1ACFD5599AB8} <C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll, Oberon Media, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
    [Driver Agent ActiveX Control]
    {E8F628B5-259A-4734-97EE-BA914D7BE941} <C:\WINDOWS\Downloaded Program Files\driveragent.ocx, Touchstone Software Corp>
    [Google Script Object]
    {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [Microsoft Office Template and Media Control]
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\PROGRA~1\MICROS~2\OFFICE11\IEAWSDC.DLL, >
    [ExaIEHelperObject Object]
    {04F9D268-DC1F-4BF9-AD5D-7DDCEB514294} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [Web Browser Applet Control]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
    [CEnroll Class]
    {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\System32\xenroll.dll, Microsoft Corporation>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
    [Windows Media Player]
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
    [&Google]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [DHTML Edit Control Safe for Scripting for IE5]
    {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
    [Tabular Data Control]
    {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\System32\tdc.ocx, Microsoft Corporation>
    [Microsoft Office Control]
    {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
    [Adobe PDF]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
    [XML Document]
    {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
    [SysData Class]
    {49232000-16E4-426C-A231-62846947304B} <C:\WINDOWS\DOWNLO~1\SysInfo.dll, Hewlett-Packard>
    [VMN Toolbar]
    {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL, Visicom Media Inc. >
    []
    {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
    [Shell Name Space]
    {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
    [PSFormX Control]
    {56393399-041A-4650-94C7-13DFCB1F4665} <C:\WINDOWS\DOWNLO~1\PESTSC~1.OCX, Visicom Media>
    [Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [MUWebControl Class]
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
    [Active Desktop Mover]
    {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
    [Navigateur Web Microsoft]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
    [XML DOM Document 4.0]
    {88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
    [Exalead Toolbar]
    {8F6D9079-D956-4D31-B7CC-CE6FA3044EE5} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
    [Copernic Desktop Search 2]
    {968631B6-4729-440D-9BF4-251F5593EC9A} <C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll, Copernic Technologies Inc.>
    [LogData Class]
    {A526A2C7-723E-4081-BF70-A7A9913E8C4A} <C:\WINDOWS\DOWNLO~1\LogInfo.dll, Hewlett-Packard>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [Microsoft Scriptlet Component]
    {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation>
    [AcroIEToolbarHelper Class]
    {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
    [Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
    [SearchAssistantOC]
    {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
    [OWSClientMiscApis Class]
    {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
    [OWSBrowserUI Class]
    {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
    [OWSDiscussionServers Class]
    {BDEADEB7-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
    [Adobe Acrobat Control for ActiveX]
    {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx, Adobe Systems Incorporated>
    [AUDIO__MID Moniker Class]
    {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [AUDIO__WAV Moniker Class]
    {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_WMV Moniker Class]
    {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [Oberon Flash Game Host]
    {D0C0F75C-683A-4390-A791-1ACFD5599AB8} <C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll, Oberon Media, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
    [Google Updater Class]
    {D6A5A215-FBF3-45E5-ABF8-22FF50916184} <C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll, Google>
    [Driver Agent ActiveX Control]
    {E8F628B5-259A-4734-97EE-BA914D7BE941} <C:\WINDOWS\Downloaded Program Files\driveragent.ocx, Touchstone Software Corp>
    [JScript Language]
    {F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <C:\WINDOWS\System32\jscript.dll, Microsoft Corporation>
    [E&xporter vers Microsoft Excel]
    <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

    ==================================
    Running Processes
    [PID: 528 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\relog_ap.dll] [Acronis, 1,0,0,8]
    [PID: 940 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1048 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1168 / SYSTEM][C:\Program Files\Windows Defender\MsMpEng.exe] [Microsoft Corporation, 1.1.1593.0]
    [C:\Program Files\Windows Defender\MpSvc.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\Program Files\Windows Defender\MpClient.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{21A6C461-22D6-41A3-A569-F7DA68CA58D2}\mpengine.dll] [Microsoft Corporation, 1.1.3109.0]
    [C:\Program Files\Windows Defender\mprtplug.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\Program Files\Windows Defender\MpAsDesc.dll] [Microsoft Corporation, 1.1.1593.0]
    [PID: 1208 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [PID: 1228 / SYSTEM][C:\Program Files\Ahead\InCD\InCDsrv.exe] [Ahead Software AG, 4, 2, 2, 3]
    [C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17]
    [C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software AG, 4, 2, 2, 3]
    [PID: 1384 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1548 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1588 / georges][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\PROGRA~1\WIFD1F~1\MpShHook.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 1.1.1.1]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software AG, 4, 2, 2, 3]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.fra] [Adobe Systems Inc., 6.0.0.2003110300\0]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\AcShlExt.dll] [UP-Vision Computergraphik GmbH, 1, 0, 0, 1]
    [PID: 1684 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 1740 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 1872 / georges][C:\Program Files\Ahead\InCD\InCD.exe] [Ahead Software AG, 4, 2, 2, 3]
    [C:\Program Files\Ahead\InCD\InCDapi.dll] [Ahead Software AG, 4, 2, 2, 3]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17]
    [C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software AG, 4, 2, 2, 3]
    [PID: 1904 / georges][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 1924 / georges][C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe] [ScanSoft, Inc., 12.0]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 1940 / georges][C:\PROGRA~1\Wanadoo\TaskBarIcon.exe] [France Télécom R&D, 5.9 (1)]
    [C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
    [C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
    [C:\PROGRA~1\Wanadoo\StyleIHM.dll] [France Télécom R&D, 11.0 (0)]
    [c:\progra~1\wanadoo\skin\default\main\ResourceStyle.dll] [, 5.9]
    [C:\PROGRA~1\Wanadoo\WooIHMF.dll] [France Télécom R&D, 5.9 (509)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 1984 / georges][C:\Program Files\Windows Defender\MSASCui.exe] [Microsoft Corporation, 1.1.1593.0]
    [C:\Program Files\Windows Defender\MpClient.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\Program Files\Windows Defender\MsMpRes.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\Program Files\Windows Defender\MpRtMon.DLL] [Microsoft Corporation, 1.1.1593.0]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 372 / georges][C:\WINDOWS\tsnpstd3.exe] [, 1, 1, 3, 6]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\WINDOWS\system32\msdmo.dll] [, ]
    [PID: 400 / georges][C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe] [Acronis, 9,0,0,2375]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 424 / georges][C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe] [Acronis, 1,0,0,216]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 432 / georges][C:\WINDOWS\CameraFixer.exe] [, 1, 0, 0, 7]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 664 / georges][C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 20, 100, 1123]
    [PID: 552 / georges][C:\WINDOWS\vsnpstd3.exe] [, 1, 0, 5, 0]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 684 / georges][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 892 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 6.0.000]
    [C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.FRA] [, ]
    [C:\WINDOWS\system32\hpzlnt07.dll] [HP, 2,140,0,0]
    [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
    [PID: 1156 / georges][C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe] [Druide informatique inc., Antidote Prisme v6]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 1260 / georges][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\WINDOWS\system32\msdmo.dll] [, ]
    [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 1276 / georges][C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe] [Copernic Technologies Inc., 2.0.2.2526]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Copernic Desktop Search 2\IndexingComponents.dll] [Copernic Technologies Inc., DESKTOPSEARCH 2.0 ENG]
    [C:\PROGRA~1\COPERN~1\APPLIC~1.DLL] [Copernic Technologies Inc., 2.0.2.2526]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 1420 / georges][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe] [Hewlett-Packard Co., 4.2.0.020]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 4.2.0.127]
    [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll] [Hewlett-Packard Co., 4.2.0.020]
    [PID: 1580 / georges][C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe] [France Télécom R&D, 5.9 (3)]
    [C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
    [C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
    [C:\PROGRA~1\Wanadoo\StyleIHM.dll] [France Télécom R&D, 11.0 (0)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\PROGRA~1\Wanadoo\WooIHMF.dll] [France Télécom R&D, 5.9 (509)]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [c:\progra~1\wanadoo\skin\default\main\ResourceStyle.dll] [, 5.9]
    [C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
    [C:\PROGRA~1\Wanadoo\DetectComponent.dll] [, 5.8 (10)]
    [C:\PROGRA~1\Wanadoo\SynchroDll.dll] [, 11.0 (21)]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [PID: 1620 / georges][C:\PROGRA~1\Wanadoo\ComComp.exe] [France Télécom R&D, 11b.0 (8)]
    [C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
    [C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
    [C:\PROGRA~1\Wanadoo\WLANManager.dll] [France Télécom R&D, 11b.0 (18)]
    [C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
    [C:\PROGRA~1\Wanadoo\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
    [C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.55]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\PROGRA~1\Wanadoo\GestAppFT.dll] [France Télécom R&D, 10.0 (227)]
    [C:\PROGRA~1\Wanadoo\ModifFT.dll] [France Télécom R&D, 10.0 (40)]
    [C:\PROGRA~1\Wanadoo\PMStub.dll] [, 11.0 (3)]
    [C:\PROGRA~1\Wanadoo\PhoneManager.dll] [, 10, 0, 0, 0]
    [C:\PROGRA~1\Wanadoo\DetectComponent.dll] [, 5.8 (10)]
    [C:\PROGRA~1\Wanadoo\NDIS_Gen.dll] [France Télécom R&D, 11b.0 (19)]
    [PID: 1660 / georges][C:\PROGRA~1\Wanadoo\Toaster.exe] [France Telecom R&D, 1, 0, 0, 1]
    [C:\PROGRA~1\Wanadoo\StyleIHM.dll] [France Télécom R&D, 11.0 (0)]
    [C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
    [C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
    [c:\progra~1\wanadoo\skin\default\main\ResourceStyle.dll] [, 5.9]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 1672 / georges][C:\PROGRA~1\Wanadoo\Inactivity.exe] [, 1, 0, 0, 1]
    [C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
    [C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 1596 / georges][C:\PROGRA~1\Wanadoo\PollingModule.exe] [, 1, 0, 0, 1]
    [C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
    [C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
    [C:\PROGRA~1\Wanadoo\SynchroDll.dll] [, 11.0 (21)]
    [C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
    [PID: 2064 / georges][C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE] [, 1, 0, 0, 1]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [PID: 2096 / SYSTEM][C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe] [Acronis, 1,0,0,216]
    [PID: 2184 / SYSTEM][C:\WINDOWS\System32\FTRTSVC.exe] [France Telecom, 11.0 (4)]
    [C:\WINDOWS\System32\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
    [PID: 2240 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
    [PID: 2280 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
    [PID: 2440 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\hpgwiamd.dll] [Hewlett-Packard, 3.2.1.309]
    [C:\WINDOWS\system32\hpotscl.dll] [, 1, 0, 0,309]
    [PID: 3120 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 3264 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 3608 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 3932 / georges][C:\PROGRA~1\Wanadoo\Watch.exe] [France Télécom R&D, 11.0 (2)]
    [C:\PROGRA~1\Wanadoo\ModifFT.dll] [France Télécom R&D, 10.0 (40)]
    [C:\PROGRA~1\Wanadoo\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
    [C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
    [PID: 1788 / georges][C:\Program Files\Agnitum\Spam Terrier\asp_srv.exe] [Agnitum LTD, 0, 90, 1422, 7524]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Agnitum\Spam Terrier\op_gui.dll] [Agnitum LTD, 0, 90, 1422, 7524]
    [PID: 3308 / georges][C:\Program Files\Trend Micro\HijackThis\HijackThis.exe] [Trend Micro Inc., 2.00.0002]
    [C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\VB6FR.DLL] [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 316 / georges][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 1864 / georges][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll] [N/A, ]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL] [Microsoft Corporation, 3.00.8449]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.FRA] [N/A, ]
    [C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll] [Exalead, 1, 0, 0, 402]
    [C:\Program Files\Exalead\Exalead Toolbar\exa_Core.dll] [N/A, ]
    [C:\Program Files\Exalead\Exalead Toolbar\exa_Application.dll] [N/A, ]
    [C:\Program Files\Exalead\Exalead Toolbar\exa_Gui.dll] [N/A, ]
    [C:\Program Files\Exalead\Exalead Toolbar\exa_Network.dll] [N/A, ]
    [C:\Program Files\Exalead\Exalead Toolbar\ATL80.DLL] [Microsoft Corporation, 8.00.50727.42]
    [C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL] [Visicom Media Inc. , 5.0.1.226]
    [c:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1601, 4978]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\PDM.DLL] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 1.1.1.1]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\WIFD1F~1\MpOAv.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\PROGRA~1\WIFD1F~1\MpShHook.dll] [Microsoft Corporation, 1.1.1593.0]
    [PID: 2636 / georges][C:\Program Files\Outlook Express\msimn.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Agnitum\Spam Terrier\oe_mydb.dll] [Agnitum LTD, 0, 90, 1422, 7524]
    [C:\Program Files\Agnitum\Spam Terrier\oe_mail.dll] [Agnitum LTD, 0, 90, 1422, 7524]
    [C:\Program Files\Agnitum\Spam Terrier\op_gui.dll] [Agnitum LTD, 0, 90, 1422, 7524]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [C:\PROGRA~1\WIFD1F~1\MpShHook.dll] [Microsoft Corporation, 1.1.1593.0]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 2660 / georges][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 3164 / georges][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [PID: 1404 / georges][C:\Documents and Settings\georges\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
    [C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
    [C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
    [C:\Documents and Settings\georges\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1872, C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\SCANSOFT\OMNIPAGEPRO12.0\OPWARE12.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1940, C:\PROGRA~1\WANADOO\TASKBARICON.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 372, C:\WINDOWS\TSNPSTD3.EXE]
    Special Privilege Enabled: SeDebugPrivilege [PID = 400, C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 400, C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 424, C:\PROGRAM FILES\FICHIERS COMMUNS\ACRONIS\SCHEDULE2\SCHEDHLP.EXE]
    Special Privilege Enabled: SeDebugPrivilege [PID = 432, C:\WINDOWS\CAMERAFIXER.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 432, C:\WINDOWS\CAMERAFIXER.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 664, C:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1420, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1580, C:\PROGRA~1\WANADOO\GESTIONNAIREINTERNET.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1620, C:\PROGRA~1\WANADOO\COMCOMP.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1660, C:\PROGRA~1\WANADOO\TOASTER.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1672, C:\PROGRA~1\WANADOO\INACTIVITY.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1596, C:\PROGRA~1\WANADOO\POLLINGMODULE.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2064, C:\WINDOWS\SYSTEM32\ALERTM~1\ALERTM~1.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3932, C:\PROGRA~1\WANADOO\WATCH.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1788, C:\PROGRAM FILES\AGNITUM\SPAM TERRIER\ASP_SRV.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3308, C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3164, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

    ==================================
    API HOOK
    N/A

    ==================================
    Hidden Process
    N/A

    ==================================

    [/CODE]
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    OK.

    1/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    2/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
    o afficher les fichiers et dossiers cachés,
    o décocher "masquer les extensions des fichiers dont le type est connu",
    o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

    3/ * Peux-tu tester ceci : C:\WINDOWS\tsnpstd3.exe
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

    4/ Edite aussi un nouveau rapport Hijackthis.

    FillPCA
    0
  7. jojo9166 Messages postés 37 Statut Membre
     
    ComboFix 08-01-09.2 - georges 2008-01-09 11:44:47.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.134 [GMT 1:00]Running from: C:\Documents and Settings\georges\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\georges\Application Data\install.dat
    C:\WINDOWS\system32\config\47780984.Evt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_ASC3550P
    -------\asc3550p

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-09 11:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-09 10:29 . 2008-01-09 10:29 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-01-09 10:24 . 2008-01-09 10:24 1,355 --a------ C:\WINDOWS\imsins.BAK
    2008-01-08 12:21 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-01-08 12:21 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-01-08 12:21 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-01-08 12:21 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-01-08 12:21 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-07 11:37 . 2007-03-12 10:01 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-06 13:17 . 1997-06-11 18:01 30,208 --a------ C:\WINDOWS\system32\WNASPI2K.BAK
    2008-01-06 13:17 . 2002-05-06 11:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
    2008-01-06 13:17 . 2001-04-19 17:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
    2008-01-06 13:17 . 1999-10-22 16:58 4,030 --a------ C:\WINDOWS\system\WINASPI.BAK
    2008-01-06 01:48 . 2008-01-06 01:48 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-01-06 01:19 . 2008-01-06 01:20 <REP> d-------- C:\Program Files\Everest 3 Ultime Edition
    2008-01-06 00:43 . 2008-01-06 00:43 <REP> d-------- C:\Program Files\avast
    2008-01-06 00:37 . 2008-01-09 12:10 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-05 20:38 . 2006-05-26 15:40 61,440 --a------ C:\WINDOWS\system32\vsnpx32.dll
    2008-01-03 11:16 . 2001-04-24 15:22 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
    2008-01-03 11:16 . 2001-06-11 19:03 98,304 --a------ C:\WINDOWS\system32\HLBButton6.ocx
    2008-01-03 11:16 . 2007-09-05 21:56 40,960 --a------ C:\WINDOWS\system32\LedCommon.dll
    2007-12-29 16:11 . 2007-12-29 16:12 <REP> d-------- C:\Program Files\Paint.NET
    2007-12-28 17:41 . 2007-12-28 17:41 <REP> d-------- C:\Documents and Settings\georges\Application Data\CA
    2007-12-28 14:00 . 2008-01-09 09:11 320 --a------ C:\WINDOWS\system32\winupdate.dat
    2007-12-27 10:57 . 2007-12-27 10:57 <REP> dr-h----- C:\Documents and Settings\georges\Application Data\SecuROM
    2007-12-27 10:57 . 2007-12-27 10:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-17 18:23 . 2007-12-17 18:25 <REP> d-------- C:\Documents and Settings\georges\Application Data\BonkEnc
    2007-12-17 18:22 . 2007-12-17 18:23 <REP> d-------- C:\Program Files\BonkEnc
    2007-12-12 15:08 . 2007-12-12 15:08 <REP> d-------- C:\Documents and Settings\georges\Application Data\Talkback
    2007-12-12 15:07 . 2008-01-04 07:55 <REP> d-------- C:\Program Files\Mozilla Sunbird
    2007-12-11 10:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\X-Fonter
    2007-12-11 09:55 . 2007-12-11 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avery
    2007-12-09 20:42 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
    2007-12-09 20:42 . 1998-06-01 14:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
    2007-12-09 20:42 . 1998-06-01 14:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
    2007-12-09 20:42 . 1999-09-09 22:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
    2007-12-09 20:42 . 1999-06-07 18:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
    2007-12-09 20:42 . 1999-09-09 22:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
    2007-12-09 20:42 . 1999-09-30 19:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
    2007-12-09 20:42 . 1999-04-26 20:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
    2007-12-09 20:42 . 1998-05-05 11:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-09 11:11 --------- d-----w C:\Program Files\Wanadoo
    2008-01-09 10:39 --------- d-----w C:\Documents and Settings\georges\Application Data\vmntoolbar
    2008-01-09 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-08 11:34 --------- d-----w C:\Program Files\Ahead
    2008-01-08 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-05 19:38 --------- d-----w C:\Program Files\Fichiers communs\snpstd3
    2007-12-31 15:25 --------- d-----w C:\Documents and Settings\georges\Application Data\Ahead
    2007-12-29 15:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-29 15:56 --------- d-----w C:\Program Files\Mindscape
    2007-12-09 19:38 --------- d-----w C:\Program Files\Micro Application
    2007-12-09 18:12 830 ---ha-w C:\Documents and Settings\georges\hpothb07.dat
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-12-02 18:34 --------- d-----w C:\Documents and Settings\georges\Application Data\gtk-2.0
    2007-11-30 15:41 659 ---ha-w C:\hpothb07.dat
    2007-11-30 10:39 --------- d-----w C:\Program Files\Google
    2007-11-22 11:54 --------- d-----w C:\Documents and Settings\georges\Application Data\TomTom
    2007-11-22 11:53 --------- d-----w C:\Program Files\TomTom HOME 2
    2007-11-22 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
    2007-11-22 11:52 --------- d-----w C:\Program Files\TomTom HOME
    2007-11-15 09:29 --------- d-----w C:\Program Files\Trend Micro
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-11 22:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    2007-11-11 22:43 --------- d-----w C:\Program Files\Anuman Interactive
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    1995-09-20 15:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .
    [color=red]Files Infected - Win32.Agent.zb[/color]
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04F9D268-DC1F-4BF9-AD5D-7DDCEB514294}]
    2006-12-21 09:45 200704 --a------ C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {968631B6-4729-440D-9BF4-251F5593EC9A}
    {8F6D9079-D956-4D31-B7CC-CE6FA3044EE5}
    {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}

    [HKEY_CLASSES_ROOT\clsid\{8f6d9079-d956-4d31-b7cc-ce6fa3044ee5}]
    [HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6C8E73C2-21F8-4A83-BEFC-5130AB2D971C}]
    [HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{8F6D9079-D956-4D31-B7CC-CE6FA3044EE5}"= C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll [2006-12-21 09:45 200704]

    [HKEY_CLASSES_ROOT\clsid\{8f6d9079-d956-4d31-b7cc-ce6fa3044ee5}]
    [HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6C8E73C2-21F8-4A83-BEFC-5130AB2D971C}]
    [HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 16:12 386752]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2006-12-08 16:58 1546544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-24 17:41 1294446]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49 49152]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
    "OSSelectorReinstall"="C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe" [2006-04-19 19:36 1281425]
    "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-09-26 09:13 270336]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-03-02 20:00 1009003]
    "CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
    "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-12-05 14:18 20480]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-03-02 20:00 118784]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
    S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 11:55]
    S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []
    S3 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-06-18 09:44:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173694717.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
    "2008-01-09 10:44:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173695991.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
    "2008-01-09 11:13:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 12:11:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-09 12:14:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-09 11:13:59
    .
    2008-01-09 09:29:54 --- E O F ---
    0
  8. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    1/ Les barres d'outils sont souvent controversées. Je te conseille de supprimer via ajout/suppression des programmes les barres d'outils VMN et Exalead.

    2/ * Sélectionne le texte suivant :

    Driver::
    sysrest.sys

    Registry::
    [HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sysrest32.exe"=-
    [-HKEY_CLASSES_ROOT \CLSID\{E8F628B5-259A-4734-97EE-BA914D7BE941}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E8F628B5-259A-4734-97EE-BA914D7BE941}]

    File::
    C:\WINDOWS\system32\sysrest32.exe
    C:\WINDOWS\system32\sysrest.sys

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Edite aussi un nouveau rapport Hijackthis.

    FillPCA
    0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    pour suivre (SReng, merci FillPCA)
    0
  10. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour Lyonnais92
    0
  11. jojo9166 Messages postés 37 Statut Membre
     
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    FileAdvisor - - -
    Fortinet - - -
    F-Prot - - -
    F-Secure - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - -
    Prevx1 - - Heuristic: Suspicious File With Bad Parent Associations
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - -
    Information additionnelle
    MD5: 7c9eee928a16baef23d73f23a0cd0850
    0
  12. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    OK. As-tu vu ma réponse de 12 h 33 ?

    FillPCA
    0
  13. jojo9166 Messages postés 37 Statut Membre
     
    bonjour
    comme etant partie hier apres midi je n'ai pu faire toutes les manips ce qui y a etait fait hier soir tard
    merci tout est rentrée dans l'ordre
    question ce trojan que faisait il ou quelle fonction il avait?
    encore une fois votre utilité est reconnue
    0
  14. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    J'aurais souhaité avoir les rapports demandés. Ce n'est peut-être pas encore terminé.

    FillPCA
    0
  15. jojo9166 Messages postés 37 Statut Membre
     
    ComboFix 08-01-09.2 - georges 2008-01-09 23:09:30.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.153 [GMT 1:00]
    Running from: C:\Documents and Settings\georges\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\georges\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\sysrest.sys
    C:\WINDOWS\system32\sysrest32.exe
    .

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-09 11:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-09 10:29 . 2008-01-09 10:29 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-01-09 10:24 . 2008-01-09 10:24 1,355 --a------ C:\WINDOWS\imsins.BAK
    2008-01-08 12:21 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-01-08 12:21 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-01-08 12:21 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-01-08 12:21 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-01-08 12:21 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-07 11:37 . 2007-03-12 10:01 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-06 13:17 . 1997-06-11 18:01 30,208 --a------ C:\WINDOWS\system32\WNASPI2K.BAK
    2008-01-06 13:17 . 2002-05-06 11:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
    2008-01-06 13:17 . 2001-04-19 17:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
    2008-01-06 13:17 . 1999-10-22 16:58 4,030 --a------ C:\WINDOWS\system\WINASPI.BAK
    2008-01-06 01:48 . 2008-01-06 01:48 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-01-06 01:19 . 2008-01-06 01:20 <REP> d-------- C:\Program Files\Everest 3 Ultime Edition
    2008-01-06 00:43 . 2008-01-06 00:43 <REP> d-------- C:\Program Files\avast
    2008-01-06 00:37 . 2008-01-09 23:16 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-01-05 20:38 . 2006-05-26 15:40 61,440 --a------ C:\WINDOWS\system32\vsnpx32.dll
    2008-01-03 11:16 . 2001-04-24 15:22 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
    2008-01-03 11:16 . 2001-06-11 19:03 98,304 --a------ C:\WINDOWS\system32\HLBButton6.ocx
    2008-01-03 11:16 . 2007-09-05 21:56 40,960 --a------ C:\WINDOWS\system32\LedCommon.dll
    2007-12-29 16:11 . 2007-12-29 16:12 <REP> d-------- C:\Program Files\Paint.NET
    2007-12-28 17:41 . 2007-12-28 17:41 <REP> d-------- C:\Documents and Settings\georges\Application Data\CA
    2007-12-28 14:00 . 2008-01-09 09:11 320 --a------ C:\WINDOWS\system32\winupdate.dat
    2007-12-27 10:57 . 2007-12-27 10:57 <REP> dr-h----- C:\Documents and Settings\georges\Application Data\SecuROM
    2007-12-27 10:57 . 2007-12-27 10:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-17 18:23 . 2007-12-17 18:25 <REP> d-------- C:\Documents and Settings\georges\Application Data\BonkEnc
    2007-12-17 18:22 . 2007-12-17 18:23 <REP> d-------- C:\Program Files\BonkEnc
    2007-12-12 15:08 . 2007-12-12 15:08 <REP> d-------- C:\Documents and Settings\georges\Application Data\Talkback
    2007-12-12 15:07 . 2008-01-04 07:55 <REP> d-------- C:\Program Files\Mozilla Sunbird
    2007-12-11 10:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\X-Fonter
    2007-12-11 09:55 . 2007-12-11 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avery
    2007-12-09 20:42 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
    2007-12-09 20:42 . 1998-06-01 14:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
    2007-12-09 20:42 . 1998-06-01 14:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
    2007-12-09 20:42 . 1999-09-09 22:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
    2007-12-09 20:42 . 1999-06-07 18:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
    2007-12-09 20:42 . 1999-09-09 22:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
    2007-12-09 20:42 . 1999-09-30 19:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
    2007-12-09 20:42 . 1999-04-26 20:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
    2007-12-09 20:42 . 1998-05-05 11:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-09 22:17 --------- d-----w C:\Program Files\Wanadoo
    2008-01-09 22:00 --------- d-----w C:\Program Files\vmntoolbar
    2008-01-09 21:49 --------- d-----w C:\Documents and Settings\georges\Application Data\vmntoolbar
    2008-01-09 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-08 11:34 --------- d-----w C:\Program Files\Ahead
    2008-01-08 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-05 19:38 --------- d-----w C:\Program Files\Fichiers communs\snpstd3
    2007-12-31 15:25 --------- d-----w C:\Documents and Settings\georges\Application Data\Ahead
    2007-12-29 15:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-29 15:56 --------- d-----w C:\Program Files\Mindscape
    2007-12-09 19:38 --------- d-----w C:\Program Files\Micro Application
    2007-12-09 18:12 830 ---ha-w C:\Documents and Settings\georges\hpothb07.dat
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-02 18:34 --------- d-----w C:\Documents and Settings\georges\Application Data\gtk-2.0
    2007-11-30 15:41 659 ---ha-w C:\hpothb07.dat
    2007-11-30 10:39 --------- d-----w C:\Program Files\Google
    2007-11-22 11:54 --------- d-----w C:\Documents and Settings\georges\Application Data\TomTom
    2007-11-22 11:53 --------- d-----w C:\Program Files\TomTom HOME 2
    2007-11-22 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
    2007-11-22 11:52 --------- d-----w C:\Program Files\TomTom HOME
    2007-11-15 09:29 --------- d-----w C:\Program Files\Trend Micro
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-11 22:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    2007-11-11 22:43 --------- d-----w C:\Program Files\Anuman Interactive
    1995-09-20 15:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-09_12.13.05.72 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-09 10:42:51 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-09 22:09:12 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-09 10:42:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-09 22:09:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-09 10:42:57 5,849,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-01-09 22:09:12 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-09 10:42:58 73,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-09 22:09:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    - 2008-01-09 10:42:59 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    + 2008-01-09 22:09:13 5,849,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    - 2008-01-09 10:42:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-09 22:09:13 73,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-09 22:15:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 16:12 386752]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2006-12-08 16:58 1546544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-24 17:41 1294446]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49 49152]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
    "OSSelectorReinstall"="C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe" [2006-04-19 19:36 1281425]
    "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-09-26 09:13 270336]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-03-02 20:00 1009003]
    "CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
    "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-12-05 14:18 20480]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-03-02 20:00 118784]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
    S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 11:55]
    S3 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-06-18 09:44:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173694717.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    "2008-01-09 10:44:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173695991.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
    "2008-01-09 22:19:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************
    rapport 1
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 23:16:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-09 23:20:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-09 22:19:46
    ComboFix2.txt 2008-01-09 11:14:08
    .
    2008-01-09 09:29:54 --- E O F ---
    0
  16. jojo9166 Messages postés 37 Statut Membre
     
    rapport 2
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:35:09, on 10/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\vsnpstd3.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: officejet 6100.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
    0
  17. jojo9166 Messages postés 37 Statut Membre
     
    rebonjour
    avec toutes mes excuse pour FillPCA je croyait qu'il n'en voulait pas
    une question depuis les manip nero ( officiel de chez officiel avec mise à jour) est passer en anglais est ce normal?
    autre question deja posé dans mon messge precedent que faisait comme action ce trojan?
    encore une fois merci
    0
  18. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Je n'ai que 2 min mais je regarde tout cela ce soir.

    FillPCA
    0
  19. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Tu as quelques indications sur cette vérole ici : http://www.prevx.com/filenames/1427900198371137922-0/SYSREST32.EXE.html#cooliris

    1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

    Ouvre Ccleaner, clique sur "lancer le nettoyage".

    2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
    Tu l'installes.
    Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
    Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

    4/ Edite le rapport AVGantispyware et le rapport Kaspersky.

    5/ Ton antivirus Avast se lance-t-il au démaarage ? Il n'apparait pas en 04.

    FillPCA
    0
  20. jojo9166 Messages postés 37 Statut Membre
     
    bonjour
    une question puisque j'ai avast doit je obligatoirement instaler l'antivirus comme il me le demande car en ligne il ne genere aucun rapport
    0
  21. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Non, aucun antivirus ne doit être installé. A la fin du scan, tu as la possibilité d'enregistrer le rapport au format texte. C'est ce qu'il me faut.

    FillPCA
    0
  • 1
  • 2