Impossible d'installer un antivirus??..virus? [Résolu/Fermé]

Signaler
-
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
-
Bonjour,
Voici 3 jours que je galere avec Norton.
Impossible de le lancer et il bloquait tous les logiciels.
J'ai donc reussi a le desinstaller completement et voulu installer avast plus zonealarm. Mais la encore, impossible de lancer avast. Une fois l'installation terminé, rien ne se lance et lorsqu'on le lance par le menu demarrer, un message d'erreur survient; "avast,......,n'est pas un systeme win32 valide."
Avez vous un conseil, de l'aide...

systeme d'exploitation: windows xp
Merci

161 réponses

re,
j'essayais de faire le scan avec panda mais explorer plante avant la fin du scan qui dure une plombe..


atfcleaner ne se lance pas!!!
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Inutile d'aller plus loin tant que Avenger ou combofix n'ont pas marché.
Retente Avenger avec le même script : http://www.commentcamarche.net/forum/affich 4791880 impossible d installer un antivirus virus?page=6#120
Si ça ne marche pas, je me renseigne auprès du créateur de combofix pour savoir ce qui cloche ici.

FillPCA
ok je redemarre le pc et relance avenger avec le meme script.

voici tout de meme le dernier rapport de regfix:
[CODE]

2008-02-05,14:53:09

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<NBJ><"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"> [Ahead Software AG]
<iolo Task Agent><C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe> []
<RecordNow!><; > [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<HP Software Update><C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<eabconfg.cpl><C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> []
<Apoint><C:\Program Files\Apoint2K\Apoint.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<AGRSMMSG><; AGRSMMSG.exe> [(Verified)Microsoft Windows Publisher]
<ccApp><; "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [N/A]
<dla><; C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<Easy-PrintToolBox><; C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon> [CANON INC.]
<IndexSearch><; C:\Program Files\Scansoft\PaperPort\IndexSearch.exe> []
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<nwiz><; nwiz.exe /install> [(Verified)Microsoft Windows Publisher]
<PaperPort PTD><; C:\Program Files\Scansoft\PaperPort\pptd40nt.exe> [ScanSoft, Inc.]
<Sony Ericsson PC Suite><; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> [Sony Ericsson Mobile Communications AB]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe> [Sun Microsystems, Inc.]
<Symantec NetDriver Monitor><; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer> [N/A]
<UpdateManager><; "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
<WinampAgent><; "C:\Program Files\Winamp\winampa.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[SmartUI]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SmartUI.lnk --> C:\PROGRA~1\Scansoft\PAPERP~1\SmartUI\SmartUI.exe [Scansoft, Inc.]><N>

==================================
Services
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
/ Bonjour Service[Running/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[HP WMI Interface / hpqwmi][Stopped/Disabled]
<C:\Program Files\HPQ\SHARED\HPQWMI.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Symantec Core LC / Symantec Core LC][Stopped/Disabled]
<C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe><Symantec Corporation>

==================================
Drivers
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Stopped/Manual Start]
<system32\DRIVERS\AGRSM.sys><N/A>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
<system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[avipbb / avipbb][Running/System Start]
<system32\DRIVERS\avipbb.sys><Avira GmbH>
[Pilote pour carte réseau BCM 802.11b / BCM43XX][Running/Manual Start]
<system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Stopped/Manual Start]
<System32\Drivers\btwusb.sys><WIDCOMM, Inc.>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[TI UltraMedia CardBus Controller Filter Driver / DevUpper][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\tiumflt.sys><Texas Instruments Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
<\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
<system32\drivers\drvnddm.sys><Sonic Solutions>
[eabfiltr / eabfiltr][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Company>
[eabusb / eabusb][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Company>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><GMER>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Sony Ericsson Device 039 Driver driver (WDM) / SE27bus][Stopped/Manual Start]
<system32\DRIVERS\SE27bus.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Modem Filter / SE27mdfl][Stopped/Manual Start]
<system32\DRIVERS\SE27mdfl.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Modem Driver / SE27mdm][Stopped/Manual Start]
<system32\DRIVERS\SE27mdm.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) / SE27mgmt][Stopped/Manual Start]
<system32\DRIVERS\SE27mgmt.sys><MCCI>
[Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) / se27nd5][Stopped/Manual Start]
<system32\DRIVERS\se27nd5.sys><MCCI>
[Sony Ericsson Device 039 USB WMC OBEX Interface / SE27obex][Stopped/Manual Start]
<system32\DRIVERS\SE27obex.sys><MCCI>
[Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) / se27unic][Stopped/Manual Start]
<system32\DRIVERS\se27unic.sys><MCCI>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[Pilote de périphérique SMC IrCC Miniport / SMCIRDA][Stopped/Manual Start]
<system32\DRIVERS\smcirda.sys><SMC>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
<system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssmdrv / ssmdrv][Running/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[ssrtln / ssrtln][Running/System Start]
<system32\drivers\ssrtln.sys><Sonic Solutions>
[symlcbrd / symlcbrd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[tfsnboio / tfsnboio][Running/Auto Start]
<system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
<system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
<system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
<system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
<system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
<system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
<system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
<system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
<system32\dla\tfsnudfa.sys><Sonic Solutions>
[tiumfwl / tiumfwl][Running/Manual Start]
<system32\drivers\tiumfwl.sys><Texas Instruments Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA Infrared Device Driver / VIAIRDA][Stopped/Manual Start]
<system32\DRIVERS\viairda.sys><VIA Technologies, Inc.>
[Megadrv3 / srosa][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\srosa.sys><N/A>

==================================
Browser Add-ons
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Java Plug-in]
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Microsoft Outlook]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Office Outlook]
{0006F03A-0000-0000-C000-000000000046} <C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\ScrBlock.dll, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\swdir.dll, Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Easy-WebPrint]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Reporte Class]
{4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[isInstalled Class]
{5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.5.0_06\bin\JavaWebStart.dll, Sun Microsystems, Inc.>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[ControlConexion Class]
{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
{88D969C1-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XSL Template 4.0]
{88D969C3-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML DOM Document 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
{88D969E6-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XSL Template 5.0]
{88D969E8-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Panda ActiveScan]
{96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Skype Detection Object]
{9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Microsoft Office 12 Authorization Control]
{C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, Microsoft Corporation>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll, Adobe Systems, Inc.>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
{CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Easy-WebPrint Helper]
{D5E20F5B-9DB8-4230-BA09-7B8DB43D83EE} <C:\Program Files\Canon\Easy-WebPrint\TemplateHelper.dll, >
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[Easy-WebPrint Ajouter à la liste d'impressions]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint Impression rapide]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[Easy-WebPrint Imprimer]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint Prévisualiser]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>

==================================
Running Processes
[PID: 744][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.5.0540.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 876][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 888][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1056][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1112][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1188][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[PID: 1236][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1360][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[PID: 1440][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\CNMLM78.DLL] [CANON INC., 1.90.2.61]
[C:\WINDOWS\system32\EBPMON24.DLL] [SEIKO EPSON CORPORATION, 1, 6, 0, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD78.DLL] [CANON INC., 1.90.2.61]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1732][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1]
[PID: 1784][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.4716]
[PID: 1824][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1848][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\BrMfWia1.dll] [Brother Industries, Ltd., 2.1.1.6 built by: WinDDK]
[C:\WINDOWS\system32\BrNetSti.dll] [Brother Industries, Ltd., 1, 8, 0, 5]
[C:\WINDOWS\system32\BrMuSNMP.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 412][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.07b]
[C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014]
[PID: 548][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000]
[PID: 560][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe] [Hewlett-Packard , 5, 0, 2, 3]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL] [Hewlett-Packard , 5, 0, 2, 3]
[PID: 620][C:\Program Files\Apoint2K\Apoint.exe] [Alps Electric Co., Ltd., 5.3.10.177]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Apoint2K\ApResFR.dll] [Alps Electric Co., Ltd., 5.4.1.9]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.2.65]
[C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.4.2.236]
[C:\Program Files\Apoint2K\EzAuto.dll] [Alps Electric Co., Ltd., 4.5.1.83]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\Apoint2K\EzLaunch.DLL] [Alps Electric Co., Ltd., 5.1.1.55]
[PID: 1000][C:\Program Files\Apoint2K\Apntex.exe] [Alps Electric Co., Ltd., 5.0.1.15]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.2.65]
[PID: 1148][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 2184][C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe] [Scansoft, Inc., 1, 0, 0, 31]
[C:\Program Files\Scansoft\PaperPort\SmartUI\psom.dll] [ScanSoft, Inc., 3.7k]
[PID: 3132][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\gdiplus.dll] [Microsoft Corporation, 5.1.3097.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032]
[C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\RssFinderRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\RssFinderRes.dll] [Microsoft Corporation, 03.01.0000.0073]
[C:\Program Files\Windows Live Toolbar\fr-fr\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\SmaMenRes.dll.mui] [Microsoft Corporation., 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0032]
[C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\rssFinder.dll] [Microsoft Corporation, 03.01.0000.0073]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.07b]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.000.248.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.000.248.1]
[C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0072]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.5825.0]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r22]
[PID: 3412][C:\Documents and Settings\utilisateur\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Documents and Settings\utilisateur\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.JS Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 548, C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 560, C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2184, C:\PROGRAM FILES\SCANSOFT\PAPERPORT\SMARTUI\SMARTUI.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
[1168] C:\WINDOWS\system32\drivers\hldrrr.exe
[1176] C:\WINDOWS\system32\wintems.exe

==================================


/CODE
voici enfin le dernier rapport d'avenger avec le dernier script:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gnsxothy

*******************

Script file located at: \??\C:\Documents and Settings\gbxbgfay.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver SROSA unloaded successfully.


File C:\WINDOWS\SYSTEM32\WINTEMS.EXE not found!
Deletion of file C:\WINDOWS\SYSTEM32\WINTEMS.EXE failed!

Could not process line:
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\BAN_LIST.TXT deleted successfully.
File C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS deleted successfully.
File C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE deleted successfully.


File C:\WINDOWS\system32\MDELK.EXE not found!
Deletion of file C:\WINDOWS\system32\MDELK.EXE failed!

Could not process line:
C:\WINDOWS\system32\MDELK.EXE
Status: 0xc0000034

File C:\Program Files\iolo\Common\Task Agent\TASK_AGENT.EXE deleted successfully.
Folder c:\WINDOWS\system32\drivers\down deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Yes !

Peux-tu éditer un rapport SREng passé APRES Avenger ? Je crois qu'on le tient.

FillPCA
genial,,,,,
alors voila le rapport de SReng,

[CODE]

2008-02-05,17:01:11

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<NBJ><"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"> [Ahead Software AG]
<drvsyskit><C:\WINDOWS\system32\drivers\hldrrr.exe> [N/A]
<iolo Task Agent><C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe> [N/A]
<german.exe><C:\WINDOWS\system32\wintems.exe> [N/A]
<RecordNow!><; > [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<HP Software Update><C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<eabconfg.cpl><C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> []
<Apoint><C:\Program Files\Apoint2K\Apoint.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<AGRSMMSG><; AGRSMMSG.exe> [(Verified)Microsoft Windows Publisher]
<ccApp><; "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [N/A]
<dla><; C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<Easy-PrintToolBox><; C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon> [CANON INC.]
<IndexSearch><; C:\Program Files\Scansoft\PaperPort\IndexSearch.exe> []
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<nwiz><; nwiz.exe /install> [(Verified)Microsoft Windows Publisher]
<PaperPort PTD><; C:\Program Files\Scansoft\PaperPort\pptd40nt.exe> [ScanSoft, Inc.]
<Sony Ericsson PC Suite><; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> [Sony Ericsson Mobile Communications AB]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe> [Sun Microsystems, Inc.]
<Symantec NetDriver Monitor><; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer> [N/A]
<UpdateManager><; "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
<WinampAgent><; "C:\Program Files\Winamp\winampa.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[SmartUI]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SmartUI.lnk --> C:\PROGRA~1\Scansoft\PAPERP~1\SmartUI\SmartUI.exe [Scansoft, Inc.]><N>

==================================
Services
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
/ Bonjour Service[Running/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[HP WMI Interface / hpqwmi][Stopped/Disabled]
<C:\Program Files\HPQ\SHARED\HPQWMI.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Symantec Core LC / Symantec Core LC][Stopped/Disabled]
<C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe><Symantec Corporation>

==================================
Drivers
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Stopped/Manual Start]
<system32\DRIVERS\AGRSM.sys><N/A>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
<system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[avipbb / avipbb][Running/System Start]
<system32\DRIVERS\avipbb.sys><Avira GmbH>
[Pilote pour carte réseau BCM 802.11b / BCM43XX][Running/Manual Start]
<system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Stopped/Manual Start]
<System32\Drivers\btwusb.sys><WIDCOMM, Inc.>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[TI UltraMedia CardBus Controller Filter Driver / DevUpper][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\tiumflt.sys><Texas Instruments Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
<\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
<system32\drivers\drvnddm.sys><Sonic Solutions>
[eabfiltr / eabfiltr][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Company>
[eabusb / eabusb][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Company>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><GMER>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[SDTHOOK / SDTHOOK][Stopped/Manual Start]
<System32\DRIVERS\SDTHOOK.sys><Panda Software>
[Sony Ericsson Device 039 Driver driver (WDM) / SE27bus][Stopped/Manual Start]
<system32\DRIVERS\SE27bus.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Modem Filter / SE27mdfl][Stopped/Manual Start]
<system32\DRIVERS\SE27mdfl.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Modem Driver / SE27mdm][Stopped/Manual Start]
<system32\DRIVERS\SE27mdm.sys><MCCI>
[Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) / SE27mgmt][Stopped/Manual Start]
<system32\DRIVERS\SE27mgmt.sys><MCCI>
[Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) / se27nd5][Stopped/Manual Start]
<system32\DRIVERS\se27nd5.sys><MCCI>
[Sony Ericsson Device 039 USB WMC OBEX Interface / SE27obex][Stopped/Manual Start]
<system32\DRIVERS\SE27obex.sys><MCCI>
[Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) / se27unic][Stopped/Manual Start]
<system32\DRIVERS\se27unic.sys><MCCI>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[Pilote de périphérique SMC IrCC Miniport / SMCIRDA][Stopped/Manual Start]
<system32\DRIVERS\smcirda.sys><SMC>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sscdbhk5 / sscdbhk5][Running/System Start]
<system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssmdrv / ssmdrv][Running/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[ssrtln / ssrtln][Running/System Start]
<system32\drivers\ssrtln.sys><Sonic Solutions>
[symlcbrd / symlcbrd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[tfsnboio / tfsnboio][Running/Auto Start]
<system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
<system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
<system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
<system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
<system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
<system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
<system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
<system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
<system32\dla\tfsnudfa.sys><Sonic Solutions>
[tiumfwl / tiumfwl][Running/Manual Start]
<system32\drivers\tiumfwl.sys><Texas Instruments Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA Infrared Device Driver / VIAIRDA][Stopped/Manual Start]
<system32\DRIVERS\viairda.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Java Plug-in]
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Microsoft Outlook]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Office Outlook]
{0006F03A-0000-0000-C000-000000000046} <C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\ScrBlock.dll, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\swdir.dll, Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Easy-WebPrint]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Reporte Class]
{4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[isInstalled Class]
{5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.5.0_06\bin\JavaWebStart.dll, Sun Microsystems, Inc.>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[ControlConexion Class]
{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
{88D969C1-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XSL Template 4.0]
{88D969C3-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML DOM Document 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
{88D969E6-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XSL Template 5.0]
{88D969E8-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Panda ActiveScan]
{96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Skype Detection Object]
{9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Microsoft Office 12 Authorization Control]
{C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, Microsoft Corporation>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll, Adobe Systems, Inc.>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
{CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Easy-WebPrint Helper]
{D5E20F5B-9DB8-4230-BA09-7B8DB43D83EE} <C:\Program Files\Canon\Easy-WebPrint\TemplateHelper.dll, >
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[Easy-WebPrint Ajouter à la liste d'impressions]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint Impression rapide]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[Easy-WebPrint Imprimer]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint Prévisualiser]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>

==================================
Running Processes
[PID: 740][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.5.0540.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 872][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 884][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1052][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1108][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1188][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1248][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1408][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[PID: 1732][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\CNMLM78.DLL] [CANON INC., 1.90.2.61]
[C:\WINDOWS\system32\EBPMON24.DLL] [SEIKO EPSON CORPORATION, 1, 6, 0, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD78.DLL] [CANON INC., 1.90.2.61]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 220][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1]
[PID: 304][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.4716]
[PID: 380][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 452][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\BrMfWia1.dll] [Brother Industries, Ltd., 2.1.1.6 built by: WinDDK]
[C:\WINDOWS\system32\BrNetSti.dll] [Brother Industries, Ltd., 1, 8, 0, 5]
[C:\WINDOWS\system32\BrMuSNMP.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 128][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\gdiplus.dll] [Microsoft Corporation, 5.1.3097.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll] [Microsoft Corporation, 5.20.1072.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.07b]
[C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[PID: 1280][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000]
[PID: 1296][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe] [Hewlett-Packard , 5, 0, 2, 3]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL] [Hewlett-Packard , 5, 0, 2, 3]
[PID: 1360][C:\Program Files\Apoint2K\Apoint.exe] [Alps Electric Co., Ltd., 5.3.10.177]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Apoint2K\ApResFR.dll] [Alps Electric Co., Ltd., 5.4.1.9]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.2.65]
[C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.4.2.236]
[C:\Program Files\Apoint2K\EzAuto.dll] [Alps Electric Co., Ltd., 4.5.1.83]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\Apoint2K\EzLaunch.DLL] [Alps Electric Co., Ltd., 5.1.1.55]
[PID: 1640][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1644][C:\Program Files\Apoint2K\Apntex.exe] [Alps Electric Co., Ltd., 5.0.1.15]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.2.65]
[PID: 1900][C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe] [Scansoft, Inc., 1, 0, 0, 31]
[C:\Program Files\Scansoft\PaperPort\SmartUI\psom.dll] [ScanSoft, Inc., 3.7k]
[PID: 184][C:\Program Files\Outlook Express\msimn.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\Messenger\msgsc.dll] [Microsoft Corporation, 4.7.2009]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 460][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.2009]
[C:\Program Files\Messenger\MSGSLANG.DLL] [Microsoft Corporation, 4.7.2009]
[C:\PROGRA~1\MESSEN~1\rtcimsp.dll] [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Messenger\msgsc.dll] [Microsoft Corporation, 4.7.2009]
[PID: 448][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\gdiplus.dll] [Microsoft Corporation, 5.1.3097.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032]
[C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\RssFinderRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\RssFinderRes.dll] [Microsoft Corporation, 03.01.0000.0073]
[C:\Program Files\Windows Live Toolbar\fr-fr\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\SmaMenRes.dll.mui] [Microsoft Corporation., 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\fr-fr\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0032]
[C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\rssFinder.dll] [Microsoft Corporation, 03.01.0000.0073]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.07b]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.000.248.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.000.248.1]
[C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0072]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.5825.0]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r22]
[PID: 1464][C:\Documents and Settings\utilisateur\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Documents and Settings\utilisateur\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.JS Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1280, C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1296, C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1900, C:\PROGRAM FILES\SCANSOFT\PAPERPORT\SMARTUI\SMARTUI.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


/CODE
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Le driver pourri a disparu. C'est une bonne nouvelle.

1/ Supprime ceci : C:\Infosat.txt
Supprime aussi Elibagla du bureau.

2/ * Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\german.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iolo Task Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drvsyskit


* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ On repasse Elibagla avec la dernière version : http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Télécharge Elibagla en bas de cette page sur ton Bureau. Pour cela, clique sur "Descargar Elibagla",
* Lance-le de préférence en mode sans échec, ou en mode normal si le mode sans échec ne fonctionne pas.
* Bagle peut bloquer le mode sans échec, donc il ne faut absolument pas forcer le mode sans échec en passant par MSconfig. Cela peut provoquer un redémarrage en boucles du PC.
* Patiente pendant la durée du Scan.
* Copie-colle le contenu du rapport qui doit se trouver ici : C:\Infosat.txt

4/ Edite le rapport OTMoveIt, le rapport Elibagla et un rapport avec le logiciel PCA. Après cette étape, on essaie de faire un scan en ligne.

FillPCA
tres bien,
voiuci le rapport otmovit2

File/Folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\german.exe not found.
File/Folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iolo Task Agent not found.
File/Folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drvsyskit not found.

OTMoveIt2 v1.0.17 log created on 02052008_173332
rapport elibagla:


Tue Feb 05 17:40:11 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Feb 05 17:40:13 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0157812.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158811.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158813.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158814.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158854.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158856.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158857.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158978.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158980.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158985.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158986.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0159023.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0159094.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0159095.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0159096.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 9732
Nº Total de Ficheros: 109665
Nº de Ficheros Analizados: 10569
Nº de Ficheros Infectados: 15
Nº de Ficheros Limpiados: 15
et enfin le rapport PCA:

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :05/02/2008 17:52:10
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\utilisateur\Bureau\pca\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.lelanchonopticiens.com/
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = https://www8.hp.com/fr/fr/home.html
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
02 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [HP Software Update] - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\RUN: [eabconfg.cpl] - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
04 - HKLM\..\RUN: [Cpqset] - C:\Program Files\HPQ\Default Settings\cpqset.exe
04 - HKLM\..\RUN: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [QuickTime Task] - ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [AGRSMMSG] - ; AGRSMMSG.exe
04 - HKLM\..\RUN: [ccApp] - ; "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
04 - HKLM\..\RUN: [dla] - ; C:\WINDOWS\system32\dla\tfswctrl.exe
04 - HKLM\..\RUN: [Easy-PrintToolBox] - ; C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
04 - HKLM\..\RUN: [IndexSearch] - ; C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
04 - HKLM\..\RUN: [NeroFilterCheck] - ; C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RUN: [nwiz] - ; nwiz.exe /install
04 - HKLM\..\RUN: [PaperPort PTD] - ; C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
04 - HKLM\..\RUN: [Sony Ericsson PC Suite] - ; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
04 - HKLM\..\RUN: [SunJavaUpdateSched] - ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
04 - HKLM\..\RUN: [Symantec NetDriver Monitor] - ; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
04 - HKLM\..\RUN: [UpdateManager] - ; "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
04 - HKLM\..\RUN: [WinampAgent] - ; "C:\Program Files\Winamp\winampa.exe"
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [msnmsgr] - ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [NBJ] - "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
04 - HKLU\..\RUN: [iolo Task Agent] - C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
04 - HKLU\..\RUN: [RecordNow!] - ;
04 - HKLM\..\RunServices: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLM\..\RunServices: [msnmsgr] - ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLM\..\RunServices: [NBJ] - "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
04 - HKLM\..\RunServices: [iolo Task Agent] - C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
04 - HKLM\..\RunServices: [RecordNow!] - ;
04 - HKLU\..\RunServices: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RunServices: [msnmsgr] - ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RunServices: [NBJ] - "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
04 - HKLU\..\RunServices: [iolo Task Agent] - C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
04 - HKLU\..\RunServices: [RecordNow!] - ;
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-21-546559406-1312304047-969333872-1006\..\RUN: [ctfmon.exe] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-21-546559406-1312304047-969333872-1006\..\RUN: [msnmsgr] - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
04 - HKUS\S-1-5-21-546559406-1312304047-969333872-1006\..\RUN: [NBJ] - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
04 - HKUS\S-1-5-21-546559406-1312304047-969333872-1006\..\RUN: [iolo Task Agent] - C:\Program Files\HPQ\Default Settings\cpqset.exe
04 - HKUS\S-1-5-21-546559406-1312304047-969333872-1006\..\RUN: [RecordNow!] - C:\Program Files\Apoint2K\Apoint.exe
04 - Global Startup: SmartUI.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SmartUI.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
08 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
08 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
08 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
08 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
09 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra 'Tools' menuitem: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
09 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
//O10 - Pirates de Winsock
O10 - fichier inconnu - winsock lsp : mdnsNSP - C:\Program Files\Bonjour\mdnsNSP.dll
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : CKAVWebScan Object - {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF : MSN Photo Upload Tool - {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
O16 - DPF : MUWebControl Class - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - C:\WINDOWS\system32\muweb.dll
O16 - DPF : - {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF : ActiveScan Installer Class - {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - C:\WINDOWS\Downloaded Program Files\asinst.dll
O16 - DPF : Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
O21 - SSODL: UPnP Tray Monitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## - "C:\Program Files\Bonjour\mDNSResponder.exe"
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [FLEXnet Licensing Service] - "C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
O23 - Service: [HP WMI Interface] - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [NVIDIA Driver Helper Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Microsoft Office Diagnostics Service] - "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [SoundMAX Agent Service] - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{CCD2610B-D819-4AF5-B6B3-0BCDD3ECB8B6}
O23 - Service: [Symantec Core LC] - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

1/ Peux-tu ré-ouvrir PCA. Coche ces éléments :
04 - HKLU\..\RUN: [iolo Task Agent] - C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
04 - HKLU\..\RunServices: [iolo Task Agent] - C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe


Clique sur "réparer les éléments sélectionnés.

2/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

3/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

4/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Panda (ou Kaspersky si Panda plante).
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite le rapport AVGantispyware et le rapport antivirus.

FillPCA
bonjour,
on va sur le bon chemin.....

voici le rapport de AVGantispy:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 11:30:28 06/02/2008

+ Résultat de l'analyse:



C:\Program Files\Everest Poker\cstart-tmp.exe -> Adware.Casino : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0150657.dll -> Adware.MioroTool : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0150654.exe -> Adware.SpywareRem : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\utilisateur\Bureau\EliBaglA.exe -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0149640.exe -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP794\A0160009.exe -> Heuristic.Win32.AVKiller : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\utilisateur\Cookies\utilisateur@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\utilisateur\Cookies\utilisateur@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\utilisateur\Cookies\utilisateur@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128480.exe -> Trojan.Pakes.bwy : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128484.exe -> Trojan.Pakes.bwy : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport
re,
J'essaye de terminer le scan avec penda ou kapersky mais explorer plante avant a fin.
c'est en plus tres long...
voila un bout du rapport de kapersky;

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 06, 2008 4:33:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 510516
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
I:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 10115
Number of viruses found: 3
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 00:07:06

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-02.02.2008-17.47.02,26.zip/avenger/down/66015.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-02.02.2008-17.47.02,26.zip/avenger/HLDRRR.EXE Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\avenger\backup-02.02.2008-17.47.02,26.zip/avenger/SROSA.SYS Infected: Trojan-Downloader.Win32.Bagle.iq skipped
C:\avenger\backup-02.02.2008-17.47.02,26.zip ZIP: infected - 3 skipped
C:\avenger\backup-04.02.2008-15.09.55,62.zip/avenger/HLDRRR.EXE Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\avenger\backup-04.02.2008-15.09.55,62.zip/avenger/HLDRRR.EXE-ren-462 Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\avenger\backup-04.02.2008-15.09.55,62.zip/avenger/SROSA.SYS Infected: Trojan-Downloader.Win32.Bagle.iq skipped
C:\avenger\backup-04.02.2008-15.09.55,62.zip/avenger/SROSA.SYS-ren-439 Infected: Trojan-Downloader.Win32.Bagle.iq skipped
C:\avenger\backup-04.02.2008-15.09.55,62.zip ZIP: infected - 4 skipped
C:\avenger\backup-05.02.2008-10.36.00,12.zip/avenger/HLDRRR.EXE Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\avenger\backup-05.02.2008-10.36.00,12.zip/avenger/HLDRRR.EXE-ren-466 Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\avenger\backup-05.02.2008-10.36.00,12.zip/avenger/SROSA.SYS Infected: Trojan-Downloader.Win32.Bagle.iq skipped
C:\avenger\backup-05.02.2008-10.36.00,12.zip/avenger/SROSA.SYS-ren-442 Infected: Trojan-Downloader.Win32.Bagle.iq skipped
C:\avenger\backup-05.02.2008-10.36.00,12.zip ZIP: infected - 4 skipped
C:\avenger\backup.zip/avenger/HLDRRR.EXE Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\avenger\backup.zip/avenger/SROSA.SYS Infected: Trojan-Downloader.Win32.Bagle.iq skipped
C:\avenger\backup.zip/avenger/TASK_AGENT.EXE Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\avenger\backup.zip ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\utilisateur\Cookies\index.dat Object is locked skipped

Scan was interrupted by user!
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Les scan sont en effet très longs, mais c'est nécessaire.

Si ça ne marche pas, fais ceci : http://www.spywareinfo.dk/download/mwav.exe
Étape 1:
Télécharge eScan Antivirus Toolkit ici. Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2:
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).

4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.

Ne pas lancer le scan tout de suite !

Étape 3:
Redémarre en mode Sans Échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur


Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.

Edite ce rapport.

FillPCA
bonjour,
merci pour cette manip bien plus efficace...
Apres une nuit de travil pour le pc, voici le rapport de kapersky:

File C:\Program Files\UltraVNC\vnchooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.c. No Action Taken.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP789\A0120218.exe infected by "Trojan-Downloader.Win32.Bagle.bp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP789\A0120220.exe infected by "Email-Worm.Win32.Bagle.hr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP789\A0120221.exe infected by "Email-Worm.Win32.Bagle.hr" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128356.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128358.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128372.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128440.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128482.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128491.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128495.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128499.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128501.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128511.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128525.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP791\A0128558.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146648.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146807.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146980.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146981.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146987.exe infected by "Trojan.Win32.Pakes.bwy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146991.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146993.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0146997.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0147000.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0147005.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0147006.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0147026.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0153835.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0153841.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0153849.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0153850.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0153886.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0155867.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158979.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0158981.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP793\A0159022.exe infected by "Trojan-PSW.Win32.Agent.xd" Virus. Action Taken: File Deleted.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Le rapport est-il entier ?
Comment le pc e porte. S'il n'y a queça, c'est fini ce soir, quand je rentre du boulot.

FillPCA
re,
oui le rapport est en entier. (enfin je crois, j'ai coller tout ce que contenait la fenetre virus log)
Mais je peux egalement poster le rapport contenu dans le fichier mwav.log, fichier un peu plus gros et peut etre plus complet.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

OK. Peux-tu me dire comment le pc se comporte ?

FillPCA
Le pc se comporte normalement d'autant que le mode sans echec a reussi a demarer pour le scan d'hier.
Par contre, je n'ai pas encore essayé d'installer un nouveau logiciel antivirus. Je voulais installer avast et zone alarm, mais j'attends de tes nouvelles avant de lancer quoique ce soit. Car l'essentiel du probleme venait du fait de ne pas pouvoir lancer un .exe. Hors cela a l'air d'etre resolu.