Comment éradiquer Win 32: Trojan-gen {other}Résolu/Fermé

Question

Bonjour, 

depuis qq semaines je cherche à éradiquer Win 32: trojan-gen {other} ???? 
sans résultat à ce jour...

Est-ce que quelqu'un connait la "potion magique" pour faire disparaitre ce souci ? 
par avance merci

gilougalibier · Accepted Answer

Bonjour,

Voici qq données...
est-ce suffisant?

Deckard's System Scanner v20071014.68
Run by Barlet on 2008-07-26 11:07:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-07-26 09:07:22 UTC - RP1045 - Deckard's System Scanner Restore Point
80: 2008-07-25 17:45:55 UTC - RP1044 - Point de vérification système
79: 2008-07-24 15:52:45 UTC - RP1043 - Point de vérification système
78: 2008-07-23 15:10:04 UTC - RP1042 - Point de vérification système
77: 2008-07-22 14:10:03 UTC - RP1041 - Point de vérification système


-- First Restore Point -- 
1: 2008-04-27 11:53:51 UTC - RP965 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Barlet.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:29, on 26/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\Wanadoo	askbaricon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Aide mémoire\Aide mémoire.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Barlet\Local Settings\Temporary Internet Files\Content.IE5\008PELIJ\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Barlet.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://side.search.ke.voila.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~2\TOOLBA~3.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo	askbaricon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [Error Safe Free] C:\Program Files\ErrorSafe Free\uers.exe /scan
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /scan
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce59B.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce599.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce59A.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.9/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://topachat.pixawin.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: CZFMDSER.EXE - Unknown owner - C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Utilisateur anonyme · Answer

Bonjour gllougallbler,

Je te conseil Trojan Remover que tu peux trouver ici: https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/12884.html ; c'est un anti-trojan. Fait un scan puis dès qu'il te détècte ton truck clic sur disable, remove and rename puis suis le scan et voila. Bonne chance et met moi en résolut si ça t'as servi.

Bonne journée.

ep44 · Answer

Bonjour 

on va vérifier tout ça 

1/ Télécharge sur le Bureau HijackThis  

http://download.hijackthis.eu/HJTInstall.exe

* Double-clique sur dessus pour l'installer 

* Laisse le s'installer par défaut 
C:\Program Files\Trend Micro\HijackThis 

* accepte la licence 

* Ferme Hijackthis en cliquant sur la croix-rouge. 

 
2/ Télécharge sur ton Bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

http://deckard.geekstogo.com/dss.exe

* Ferme toutes les applications en cours.

* Double-clic sur comboscan.exe pour lancer l'outil.

* Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

* A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.

@+

ep44 · Answer

oui 

Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+

gilougalibier · Answer

Voici le rapport (c'est dur pour suivre, çà va vite !!!!...)

SmitFraudFix v2.331

Rapport fait à 15:04:25,78, 26/07/2008
Executé à partir de C:\Documents and Settings\Barlet\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo	askbaricon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Aide mémoire\Aide mémoire.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Barlet


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Barlet\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Barlet\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 802.11 USB Wireless LAN Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: 802.11 USB Wireless LAN Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: 802.11 USB Wireless LAN Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{19F81C6A-E512-4402-82F6-7265D84AE939}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7AA63DA8-7E37-49CB-94C8-55A08022D0B3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA984D4D-BDFE-4E18-920E-5697F3322924}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{19F81C6A-E512-4402-82F6-7265D84AE939}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7AA63DA8-7E37-49CB-94C8-55A08022D0B3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA984D4D-BDFE-4E18-920E-5697F3322924}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{19F81C6A-E512-4402-82F6-7265D84AE939}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7AA63DA8-7E37-49CB-94C8-55A08022D0B3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EA984D4D-BDFE-4E18-920E-5697F3322924}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{19F81C6A-E512-4402-82F6-7265D84AE939}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7AA63DA8-7E37-49CB-94C8-55A08022D0B3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EA984D4D-BDFE-4E18-920E-5697F3322924}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

ep44 · Answer

passe en option 2

ensuite 

Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation 
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le 
=> Ensuite va en mode sans echec 


   Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
   Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport 

@+

gilougalibier · Answer

OK,
mais petite question avant d'exécuter:

Faut t'il désactivité l'anti-virus lorsque l'on toutes ces manips ?

gilougalibier · Answer

OK, 
mais petite question avant d'exécuter: 

Faut t'il désactiviter l'anti-virus lorsque l'on procéde à toutes ces manips ?

ep44 · Answer

Non car tu es en mode sans echec 

donc pas d'antivirus pas de connexion internet etc...

gilougalibier · Answer

Excuse-moi, c'était plus long que prévu..., autre chose en même temps !

Voici le rapport :

Quel ton opinion "Docteur" ?
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 994
Windows 5.1.2600 Service Pack 3

17:07:49 26/07/2008
mbam-log-7-26-2008 (17-07-49).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 111980
Temps écoulé: 52 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barlet\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barlet\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barlet\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\WinRAR\Default.SFX (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barlet\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barlet\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barlet\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

ep44 · Answer

Très bien essaye de supprimer manuellement ceci 
ErrorSafe Free
si tu ne peux pas fait le en mode sans échec 

si toujours rien 

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Avant de lancer le téléchargement 
Clique droit sur le lien et tu choisis "enregistrer la cible du lien sous"
et tu le renomme par outil

=> /!\déconnecte toi d'internet et ferme toutes tes applications./!\

=>/!\ désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,/!\

=> Double-clic sur outil,

=> /!\Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi./!\

=> Attends que combofix ait terminé, un rapport sera créé. 

=> réactive ton parefeu, ton antivirus, la garde de ton antispyware

=> copie/colle le rapport C:\ComboFix.txt 

=> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

gilougalibier · Answer

Ok, bien reçu ton analyse, mais comment faire pour supprimer manuellement ceci 
ErrorSafe Free ....
si tu ne peux pas fait le en mode sans échec

ep44 · Answer

Oui excuse moi un grand manque de précision :(

va dans ajout et suppression de programmes et vérifie  si tu le voie et tu le désinstalle 
va aussi dans C:\Program Files\ et supprime le 

si tu ne peux pas 
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
et essaye 

sinon passe combofix

gilougalibier · Answer

Peu-tu être plus clair, ou plus précis, afin que je puisse réaliser cette étape ? :

Très bien essaye de supprimer manuellement ceci 
ErrorSafe Free 
si tu ne peux pas fait le en mode sans échec 

merci, pour ta réponse.

ep44 · Answer

Je viens de te répondre juste au dessus ;)

gilougalibier · Answer

Voici enfin le rapport ComboFix, quel est maintenant ton avis STP ? : ComboFix 08-07-25.7 - Barlet 2008-07-26 18:13:20.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.517 [GMT 2:00] Endroit: C:\Documents and Settings\Barlet\Bureau\outil.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))))))) . 2008-07-26 15:40 . 2008-07-26 15:40 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-26 15:40 . 2008-07-26 15:40 d-------- C:\Documents and Settings\Barlet\Application Data\Malwarebytes 2008-07-26 15:40 . 2008-07-26 15:40 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-26 15:40 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-26 15:40 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-26 15:04 . 2008-07-26 15:30 5,614 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-26 11:07 . 2008-07-26 11:07 d-------- C:\Deckard 2008-07-26 11:03 . 2008-07-26 11:03 d-------- C:\Program Files\Trend Micro 2008-07-26 09:55 . 2008-07-26 14:30 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-26 09:54 . 2008-07-26 09:54 d-------- C:\Program Files\Trojan Remover 2008-07-26 09:54 . 2008-07-26 09:54 d-------- C:\Documents and Settings\Barlet\Application Data\Simply Super Software 2008-07-26 09:54 . 2008-07-26 09:54 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-07-26 09:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-07-26 09:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-07-26 09:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-07-26 09:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-07-26 09:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-07-10 07:02 . 2008-07-10 07:02 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-07-09 14:00 . 2008-07-10 06:55 d-------- C:\WINDOWS\BDOSCAN8 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-26 16:21 --------- d-----w C:\Program Files\Wanadoo 2008-07-26 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-25 17:10 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-07-24 09:39 --------- d-----w C:\Documents and Settings\Barlet\Application Data\Skype 2008-07-24 09:37 --------- d-----w C:\Documents and Settings\Barlet\Application Data\skypePM 2008-07-10 05:03 --------- d-----w C:\Program Files\Orange Toolbar FR 2008-07-10 05:03 --------- d-----w C:\Program Files\Aide mémoire 2008-07-10 05:00 --------- d-----w C:\Program Files\IncrediMail 2008-07-10 04:57 --------- d-----w C:\Program Files\Google 2008-06-25 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-25 16:52 --------- d-----w C:\Program Files\Lavasoft 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-01 15:44 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-11-17 09:44 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-08-19 08:05 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880] "Orange Desktop Search"="C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" [2006-06-09 23:29 4937512] "MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2008-04-14 04:34 1695232] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 14:42 475180] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 19:54 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-08 10:08 29744] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-03 11:57 185896] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\taskbaricon.exe" [2004-10-05 17:00 61440] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-07-22 14:13 909392] "OoPDFSettingsv6.exe"="C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 11:38 460800] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\aol.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"= "%windir%\system32\sessmgr.exe"= "C:\Program Files\AOL 9.0\waol.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\IncrediMail\bin\IMApp.exe"= "C:\Program Files\IncrediMail\bin\IncMail.exe"= "C:\Program Files\IncrediMail\bin\ImpCnt.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\IncrediMail\bin\ImLc.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Magentic\bin\MgImp.exe"= "C:\Program Files\Magentic\bin\Magentic.exe"= "C:\Program Files\Magentic\bin\MgApp.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Magentic\bin\magentic_install.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56516:TCP"= 56516:TCP:Pando P2P TCP Listening Port "56516:UDP"= 56516:UDP:Pando P2P UDP Listening Port R0 MrFilter;EasyWrite Driver;C:\WINDOWS\system32\drivers\MrFilter.sys [2004-02-24 18:52] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R2 CZFMDSER.EXE;CZFMDSER.EXE;C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE [2004-01-23 09:17] R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-08 10:08] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job - s !;C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe/schedulestartBarlet,Runs 1-Click Maintenance at specified times0 [] 2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s9!:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0% [] 2008-07-25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - s !;C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe/schedulestartBarlet5Lance la maintenance en 1 clic des heures prcises0 [] 2005-09-26 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job - s!&C:\WINDOWS\system32\OOBE\oobebaln.exe/sys /r /n:1SYSTEM0 [] 2008-07-25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E4A594F-3C10-401C-8A95-97E2E93878FF}.job - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Error Safe Free - C:\Program Files\ErrorSafe Free\uers.exe HKCU-Run-ErrorSafeFree - C:\Program Files\ErrorSafe Free\uers.exe HKU-Default-RunOnce-IETI - C:\Program Files\Skype\Phone\IEPlugin\unins000.exe . ------- Supplementary Scan ------- . R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore O8 -: &Add animation to IncrediMail Style Box O8 -: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\[u]0/u2.05.0000.1105\fr-fr\msntb.dll/search.htm O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O8 -: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce53.html O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: traduire la page - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce51.html O8 -: traduire le texte sélectionné - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce52.html O9 -: { - C:\Program Files\Messenger\msmsgs.exe O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab C:\WINDOWS\Downloaded Program Files\CONFLICT.1\oscan8.inf C:\WINDOWS\bdoscandellang.ini C:\WINDOWS\bdoscandel.exe C:\WINDOWS\Downloaded Program Files\live.ini C:\WINDOWS\Downloaded Program Files\scanoptions.tsi C:\WINDOWS\Downloaded Program Files\lang.ini C:\WINDOWS\Downloaded Program Files\ipsupd.dll C:\WINDOWS\Downloaded Program Files\bdupd.dll C:\WINDOWS\Downloaded Program Files\libfn.dll C:\WINDOWS\Downloaded Program Files\bdcore.dll C:\WINDOWS\Downloaded Program Files\oscan82.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.1\live.ini C:\WINDOWS\Downloaded Program Files\CONFLICT.1\scanoptions.tsi C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lang.ini C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ipsupd.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bdupd.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\libfn.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bdcore.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\oscan8.ocx O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf C:\WINDOWS\system32\msvcp60.dll C:\WINDOWS\system32\atl.dll C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-26 18:20:34 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\FTRTSVC.exe C:\APPS\HIDSERVICE\HidService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\APPS\ABOARD\AOSD.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Aide mémoire\TrayIcon.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-26 18:27:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-26 16:26:29 Pre-Run: 146,649,325,568 octets libres Post-Run: 146,736,934,912 octets libres 240 --- E O F --- 2008-06-20 17:09:10

gilougalibier · Answer

Bonsoir,

STP, peux-tu me donner ton avis car je dois m'absenter une paire
d'heures...
Est-ce que j'ai réellement régler ce problème de virus ?

Merci pour ta réponse !

bonne soirée, sinon peut-être à demain, si possible. MERCI !

ep44 · Answer

as tu supprimer ce ErrorSafe 

refais un rapport Hijack stp

gilougalibier · Answer

Voilà le rapport. Quesl est ton avis STP ? :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:05, on 26/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\Wanadoo	askbaricon.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Aide mémoire\Aide mémoire.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~2\TOOLBA~3.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo	askbaricon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce52.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce50.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce51.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.9/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://topachat.pixawin.com/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: CZFMDSER.EXE - Unknown owner - C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

ep44 · Answer

Ok dit moi si tu as encore des soucis et si ton pc est long eu démarrage

gilougalibier · Answer

Ok, Bien reçu ta réponse.

En ce moment je suis en train de faire un scan complet avec l'anti-virus (AVAST)..; en cours.
Puis après un redémarrage du PC, et ensuite je te réponds...

gilougalibier · Answer

Bonjour,

Pour le redémarrage du PC aucun problème à priori...
le temps nécessaire "au démarrage" semble identique aux procédures antérieures, donc pas de souci de ce côté là !

Mais, je suis désolé de te dire, qu'après un scan complet avec l'anti virus AVAST (vers. home 4.8), le résultat est toujours de celui du départ :
34 fichiers infectés par virus : Win32 trojan-gen {other}

17 fichiers:
C:\system volume information\...\jamanminiinst.exe

17 fichiers:
C:\system volume information\...\veohminiinst.exe

avec l'impossibilité de :
- soit de les mettre en quarantaine
- soit de les supprimer

Que faire après toutes ces manips; je suis un peu démoralisé...
Que penses-tu de cette situation ?

Merci pour ta réponse.

ep44 · Answer

Bonjour 

oui je pense que c'est bon 
pour ceci

C:\system volume information\...\jamanminiinst.exe 

fait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..


ensuite refais un scan avec ton antivirus et tient moi au courant 
prend le temps aussi de lire ceci 
http://www.swl1f.net/viewtopic.php?f=14&t=59

@+

gilougalibier · Answer

Bonsoir,

Excuse-moi pour ce silence de 3 jours (reprise de job, après des vavcances...)
nous en étions restés à l'étape ci-après pour laquelle j'annonçais :

"Mais, je suis désolé de te dire, qu'après un scan complet avec l'anti virus AVAST (vers. home 4.8), le résultat est toujours de celui du départ" : 
34 fichiers infectés par virus : Win32 trojan-gen {other} 

17 fichiers: 
C:\system volume information\...\jamanminiinst.exe 

17 fichiers: 
C:\system volume information\...\veohminiinst.exe 

avec l'impossibilité de : 
- soit de les mettre en quarantaine 
- soit de les supprimer 
---------------------------------------------------------------------------------
Après avoir exécuter tes manips : désactiver & activer ...
puis un nième scan avec AVAST, j'ai eu le résultat suivant:
C:\system Volume information\....\A00000064.exe   infection: Win32 trojan-gen {Other}
C:\system Volume information\....\iEDFixC.exe.exe   infection: Win32 trojan-gen {Other}
C:\system Volume information\....\A00001077.sys   infection: Win32 trojan-gen {Other}
C:\system Volume information\....\A00002081.sys   infection: Win32 trojan-gen {Other}
C:\system Volume information\....\A00004276.sys   infection: Suela.1........

Ces 5 virus ont été supprimés par la manip suppression, après la fin du scan
(aucun problème)

derrière, un autre scan de "confirmation" pour me rassurer, dont voici le résultat:
*
* Rapport avast!
* Ce fichier est généré automatiquement
*
* Tâche utilisée 'Interface utilisateur simplifiée'
* Débuté le mardi 29 juillet 2008 23:06:48
* VPS : 080729-1, 29/07/2008
*

Fichiers infectés : 0
Total des fichiers : 783961
Total des dossiers : 9632
Taille totale : 51,1 GB

*
* Tâche terminée : mercredi 30 juillet 2008 01:54:29
* Programme était en exécution 2 heure(s), 47 minute(s), 41 seconde(s)

ensuite pour renforcer ma satisfaction d'être je pense débarrasser de ces p....... de virus,
j'ai téléchargé Avira Antivir Personnal pour voir son résultat... (en neutralisant l'action d'AVAST 4.8)

voici le résultat du scan:
Avira AntiVir Personal
Report file date: mercredi 30 juillet 2008  19:50

Scanning for 1521174 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 3)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    SN047847020093

Version information:
BUILD.DAT     : 8.1.0.326      16933 Bytes  11/07/2008 12:57:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes  26/06/2008 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes  24/06/2008 13:54:15
ANTIVIR2.VDF  : 7.0.5.174    2027008 Bytes  25/07/2008 17:48:52
ANTIVIR3.VDF  : 7.0.5.194     174080 Bytes  30/07/2008 17:48:52
Engineversion : 8.1.1.12  
AEVDF.DLL     : 8.1.0.5       102772 Bytes  09/07/2008 08:46:50
AESCRIPT.DLL  : 8.1.0.59      307579 Bytes  30/07/2008 17:48:59
AESCN.DLL     : 8.1.0.23      119156 Bytes  30/07/2008 17:48:58
AERDL.DLL     : 8.1.0.20      418165 Bytes  09/07/2008 08:46:50
AEPACK.DLL    : 8.1.2.1       364917 Bytes  30/07/2008 17:48:57
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes  30/07/2008 17:48:56
AEHEUR.DLL    : 8.1.0.44     1343863 Bytes  30/07/2008 17:48:55
AEHELP.DLL    : 8.1.0.15      115063 Bytes  09/07/2008 08:46:50
AEGEN.DLL     : 8.1.0.31      311669 Bytes  30/07/2008 17:48:54
AEEMU.DLL     : 8.1.0.6       430451 Bytes  09/07/2008 08:46:50
AECORE.DLL    : 8.1.1.7       172406 Bytes  30/07/2008 17:48:53
AEBB.DLL      : 8.1.0.1        53617 Bytes  24/04/2008 08:50:42
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:28:01
AVREP.DLL     : 8.0.0.2        98561 Bytes  30/07/2008 17:48:53
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 30 juillet 2008  19:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'Aide mémoire.exe' - '1' Module(s) have been scanned
Scan process 'TrayIcon.exe' - '1' Module(s) have been scanned
Scan process 'SyncManager.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'oonotesv65.exe' - '1' Module(s) have been scanned
Scan process 'MgApp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ooneclockv65.exe' - '1' Module(s) have been scanned
Scan process 'Voxsync.exe' - '1' Module(s) have been scanned
Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ORANGE~1.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'OoPDFSettingsv6.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'czfmdser.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
67 processes with 67 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '74' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
    [WARNING]   The file could not be opened!


End of the scan: mercredi 30 juillet 2008  21:06
Used time:  1:15:42 Hour(s)

The scan has been done completely.

   9662 Scanning directories
 430236 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 430235 Files not concerned
   8932 Archives were scanned
      5 Warnings
      0 Notes

Après une lecture de tous ces paramètres, quel est ton point de vue et ton analyse ?

de plus, que me conseilles- tu pour effacer sans problème(s) postérieur(s) les petits logiciels de manip......
qui sont sur mon bureau: 
Trojan remover, Outil.exe, Hajick this, smitfraudfix;exe, Malwarebyte' Anti-Malware, mbam-setup.exe, dss.exe...

gilougalibier · Answer

re-bonsoir ep44,

J'ai également oublié de te poser la question suivante :

- Pour "remplir" la petite lacune "d'Antivir...." qui ne scanne pas les mails, que conseilles-tu en conjuguaison à ce ligiciel, pour renforcer la protection vis à vis des courriels ???

Petite lacune d'Antivir... :
"Antivir ne scanne pas les mails "entrant" dans votre boite à lettre. 
Cependant, lors de l'ouverture de la pièce jointe, la protection en temps réel va scanner la pièce jointe et détecter ou non la présence d'un ver."--

merci pour ta réponse.

@+  gilougalibier

ep44 · Answer

Bonsoir 

oui pour Antivir je suis persuadé qu'il n'y as pas photos par rapport à Avast 
Tu parles d'une petite lacune 
je dirais que ce n'est pas une lacune car tu as une protection en temps réelle qui te bloque l'intrusion 
contrairement à avast qui une fois qu'il se met à hurler l'infection est déjà sur ton système :(
Pour ma part  j'utilise Antivir depuis quelques années et je n'ai jamais eu de soucis avec mes mails 
je pars aussi du principe que si je ne connais pas la provenance je n'ouvre pas ;)


pour le reste 

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier


ensuite refait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..



      Pense aussi à faire tes mises à jours régulièrement

      Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      Java : ==> ici => https://www.java.com/fr/download/

      Ces mises à jours sont très importantes pour la sécurité de ton PC.



      N'installe qu'un seul parefeu !!
      et bien sur qu'un antivirus

      N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

    * Tu peux aussi utiliser ces logiciels de sécurité

      Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
      Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

      Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
     Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66




    * Ensuite quelques conseils
      L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67



    * le navigateur

      Essaye le navigateur Firefox plus sur/securisé qu IE
      Firefox n'utilise pas le dangereux protocole ActiveX
    * Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
    * Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/



      Important
      Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur





    * Pour que ton pc retrouve un peu de jeunesse
    * Pense a lancer une petite défragmentation.
    * Utilise CCleaner régulièrement.==> http://www.swl1f.net/viewtopic.php?f=14&t=69

    * Gère tes services grâce a ces 2 liens
      ==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
    

      * Utilise Zeb Utility
      une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
      Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
      Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html








Et pour finir


Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

- Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).


* malwarecomplaints => https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé 

* Tuto => http://www.malekal.com/malwarecomplaints.html

@+

gilougalibier · Answer

Bonsoir, jusqu'à aujourd'hui, le temps me manquait pour te répondre de façon consciencieuse et précise... j'ai bien lu tous les conseils indicatifs et les recommandations pertinentes de ta part... j'ai bien apprécié !... Après toute cette lecture, et une application stricte de tes recommandations, j'ai considéré terminé cet épisode désagréable de virus: Win 32:Trojan-gen{other} après plusieurs jours que j'ai trouvé longs...et stressants... Enfin !!! la case formatage du disque dur est tout de même évitée...OUF ! Voici les résultats de mes 2 derbiers scans : Avira antivir Avira AntiVir Personal Report file date: mercredi 6 août 2008 19:43 Scanning for 1537643 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: SN047847020093 Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 04/08/2008 17:46:28 ANTIVIR3.VDF : 7.0.5.222 97280 Bytes 06/08/2008 17:30:20 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 17:30:23 AESCN.DLL : 8.1.0.23 119156 Bytes 30/07/2008 17:48:58 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 30/07/2008 17:48:57 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 30/07/2008 17:48:56 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 17:30:22 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50 AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 17:30:21 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 17:58:45 AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 17:58:44 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 17:58:42 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 6 août 2008 19:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'agentsvr.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'SFOLMONI.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'SyncManager.exe' - '1' Module(s) have been scanned Scan process 'Aide mémoire.exe' - '1' Module(s) have been scanned Scan process 'TrayIcon.exe' - '1' Module(s) have been scanned Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned Scan process 'oonotesv65.exe' - '1' Module(s) have been scanned Scan process 'MgApp.exe' - '1' Module(s) have been scanned Scan process 'ooneclockv65.exe' - '1' Module(s) have been scanned Scan process 'Voxsync.exe' - '1' Module(s) have been scanned Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'OrangeDesktopSearch.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned Scan process 'OoPDFSettingsv6.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned Scan process 'SFAgent.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'LogiTray.exe' - '1' Module(s) have been scanned Scan process 'AOSD.EXE' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned Scan process 'SoundMan.exe' - '1' Module(s) have been scanned Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned Scan process 'PCMService.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'CLSched.exe' - '1' Module(s) have been scanned Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned Scan process 'sfus.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'HidService.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'czfmdser.exe' - '1' Module(s) have been scanned Scan process 'CLMLService.exe' - '1' Module(s) have been scanned Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 77 processes with 77 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '74' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: mercredi 6 août 2008 20:57 Used time: 1:14:10 Hour(s) The scan has been done completely. 9657 Scanning directories 435275 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 435274 Files not concerned 8956 Archives were scanned 5 Warnings 0 Notes et, spywareterminator: Logfile of Spyware Terminator v2.3.0.481 (db:2.008.005.001) Scan Time: 06/08/2008 06:00:24 length: 1775 s Platform: WXP (5.1.0.2600) User: Admin Boot Mode: Normal Scan type: Full_Spyware_Scan Scanned Objects: 151646 (Critical:0) Filter: No System items, No Safe items, No Invalid items Running Processes Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe sched.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe avguard.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe AOLacsd.exe [America Online, Inc.] : C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe CLCapSvc.exe : C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe CLMLServer.exe [Cyberlink] : C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe CLMLService.exe [Cyberlink] : C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe czfmdser.exe : C:\Program Files\FDD + FMD Combo Reader\czfmdser.exe FTRTSVC.exe [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe HIDSERVICE.exe : C:\APPS\HIDSERVICE\HIDSERVICE.exe Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe sfus.exe [SPAMfighter ApS] : C:\Program Files\SPAMfighter\sfus.exe CLSched.exe : C:\APPS\Powercinema\Kernel\TV\CLSched.exe atiptaxx.exe [ATI Technologies, Inc.] : C:\ATI Technologies\ATI Control Panel\atiptaxx.exe PCMService.exe [CyberLink Corp.] : C:\Apps\Powercinema\PCMService.exe ABoard.exe [NEC Computers International] : C:\apps\ABoard\ABoard.exe AOSD.exe [NEC Computers International] : C:\apps\ABoard\AOSD.exe OpwareSE4.exe [ScanSoft, Inc.] : C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe avgnt.exe [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe SFAgent.exe [SPAMfighter ApS] : C:\Program Files\SPAMfighter\SFAgent.exe OoPDFSettingsv6.exe [ISSENDIS] : C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe FxSvr2.exe [Logitech Inc.] : C:\Program Files\Logitech\Video\FxSvr2.exe OrangeDesktopSearch.exe [France Telecom SA] : C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe Voxsync.exe [Voxmobili] : C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe ooneclockv65.exe [ISSENDIS] : C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe oonotesv65.exe [ISSENDIS] : C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe TrayIcon.exe : C:\Program Files\Aide mémoire\TrayIcon.exe GestionnaireInternet.exe [France Télécom R&D] : C:\Program Files\Wanadoo\GestionnaireInternet.exe Aide mémoire.exe : C:\Program Files\Aide mémoire\Aide mémoire.exe SyncManager.exe : C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe iPodService.exe [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe ComComp.exe [France Télécom R&D] : C:\Program Files\Wanadoo\ComComp.exe Toaster.exe [France Telecom R&D] : C:\Program Files\Wanadoo\Toaster.exe Inactivity.exe : C:\Program Files\Wanadoo\Inactivity.exe PollingModule.exe : C:\Program Files\Wanadoo\PollingModule.exe AlertModule.exe : C:\WINDOWS\system32\AlertModule\AlertModule.exe Watch.exe [France Télécom R&D] : C:\Program Files\Wanadoo\Watch.exe avcenter.exe [Avira GmbH] : C:\Program Files\avira\antivir personaledition classic\avcenter.exe OUTLOOK.EXE [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE Internet Settings R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327 R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain = R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName = BHO 02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll 02 - BHO: Orange Desktop Search - {8B95F0FA-4BDF-48EA-8B67-0B76A78D5F93} - [France Telecom SA] : C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearchIntegration857.dll 02 - BHO: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - [Copernic Inc.] : C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll Toolbars 03 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll 03 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - [Copernic Inc.] : C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll StartUps 04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOKIT : : C:\Program Files\Wanadoo\Shell.exe 04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Orange Desktop Search : [France Telecom SA] : C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe 04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Magentic : : C:\Program Files\Magentic\bin\Magentic.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ATIPTA : [ATI Technologies, Inc.] : C:\ATI Technologies\ATI Control Panel\atiptaxx.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PCMService : [CyberLink Corp.] : C:\Apps\Powercinema\PCMService.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ACTIVBOARD : [NEC Computers International] : C:\apps\ABoard\ABoard.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WOOWATCH : [France Télécom R&D] : C:\Program Files\Wanadoo\Watch.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SSBkgdUpdate : [Scansoft, Inc.] : C:\Program Files\Fichiers communs\SCANSOFT SHARED\SSBKGDUPDATE\SSBKGDUPDATE.EXE 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, OpwareSE4 : [ScanSoft, Inc.] : C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BOOT : [ISSENDIS] : C:\Program Files\ISSENDIS\ISSENDIS WEBUPDATE V6\ISSENDISWEBUPDATEV6.EXE 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgnt : [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SPAMfighter Agent : [SPAMfighter ApS] : C:\Program Files\SPAMfighter\SFAgent.exe 04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, OoPDFSettingsv6.exe : [ISSENDIS] : C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe 04 - Startup: %STARTUP%\Aide mémoire.lnk : C:\Program Files\Aide mémoire\TrayIcon.exe 04 - Startup: %STARTUPALL%\Logiciel de Synchronisation Orange.lnk [Voxmobili] : C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe 04 - Startup: %STARTUPALL%\OFFICE One Clock v6.5.lnk [ISSENDIS] : C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe 04 - Startup: %STARTUPALL%\OFFICE One Notes v6.5.lnk [ISSENDIS] : C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe Explorer Bars Orange Desktop Search - {8B95F0FA-4BDF-48EA-8B67-0B76A78D5F93} - [France Telecom SA] : C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearchIntegration857.dll barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - [Copernic Inc.] : C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll Shell Extensions RecordNow! SendToExt - {DEE12703-6333-4D4E-8F34-738C4DCC2E04} - : C:\Apps\RecordNow\shlext.dll RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer pshell.dll OFFICE One PDF Manager v6 - {192A2665-957E-4870-99D1-08F5CD082551} - : C:\WINDOWS\system32\OoPdfManagerPopup.dll OFFICE One Zip v6 - {77E7AAFA-76D1-4798-859D-DB0B9DFFEAA9} - : C:\WINDOWS\system32\OoneZipPopup.dll WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR arext.dll Roxio DragToDisc Shell Extension - {5E44E225-A408-11CF-B581-008029601108} - [Roxio] : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll Data Caching Shell Extension - {03FF3962-D823-11D4-97F0-009027769C61} - : C:\WINDOWS\system32\FlashShl.dll Mes photos Logitech - {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} - [Logitech Inc.] : C:\Program Files\Logitech\Video\Namespc2.dll Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL TuneUp Theme Extension - {44440D00-FF19-4AFC-B765-9A0970567D97} - [TuneUp Software GmbH] : C:\WINDOWS\system32\uxtuneup.dll TuneUp Shredder Shell Extension - {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} - [TuneUp Software GmbH] : C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Inc.] : C:\Program Files\iTunes\iTunesMiniPlayer.dll Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll Protocol Handler Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [Skype Technologies] : C:\Program Files\Fichiers communs\Skype\Skype4COM.dll Services 23 - [Philips Semiconductors GmbH] : C:\WINDOWS\system32\DRIVERS\3xHybrid.sys 23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 23 - [America Online, Inc.] : C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe 23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe 23 - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 23 - [Avira GmbH] : C:\WINDOWS\system32\DRIVERS\avipbb.sys 23 - : C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe 23 - : C:\APPS\Powercinema\Kernel\TV\CLSched.exe 23 - [Cyberlink] : C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe 23 - : C:\Program Files\FDD + FMD Combo Reader\czfmdser.exe 23 - [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe 23 - : C:\APPS\HIDSERVICE\HIDSERVICE.exe 23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys 23 - [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe 23 - [Logitech Inc.] : C:\WINDOWS\system32\drivers\lvusbsta.sys 23 - [Printing Communications Assoc., Inc. (PCAUSA)] : C:\WINDOWS\system32\PCANDIS5.SYS 23 - [Logitech Inc.] : C:\WINDOWS\system32\DRIVERS\LVCM.sys 23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys 23 - [Silicon Integrated Systems Corp.] : C:\WINDOWS\system32\DRIVERS\sis163u.sys 23 - [SPAMfighter ApS] : C:\Program Files\SPAMfighter\sfus.exe 23 - [Avira GmbH] : C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 23 - [Trend Micro Inc.] : C:\WINDOWS\system32\drivers mcomm.sys 23 - [Promise Technology, Inc.] : C:\WINDOWS\system32\DRIVERS\ultra.sys 23 - [America Online, Inc.] : C:\WINDOWS\system32\DRIVERS\wanatw4.sys Winlogon Notify HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll IE URL Search Hooks - {{AEEC3B59-CA98-4EBA-A140-57B94E283583}} - [Copernic Inc.] : C:\Program Files\Orange Toolbar FR\ToolbarIntegration250.dll Search Class - {{08C06D61-F1F3-4799-86F8-BE1A89362C85}} - : C:\Program Files\Wanadoo\SearchPageURL.dll Advanced Files Report %SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for NT, W2K and W9X] MD5=62733C611488FAB76DEB1E66C96A443F SIZE=61440 %SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for WindowsNT and Windows9X] MD5=BBA22521D24625C7A7B8D57FB20A812E SIZE=405504 %SYSDIR%\Ati2edxx.dll [ATI Technologies, Inc.] [ATI External Device Utility] MD5=24DCA3ABCC5E6C37330CA8659D0F763D SIZE=40960 %SYSDIR%\uxtuneup.dll [TuneUp Software GmbH] [TuneUp Utilities] MD5=50D17F64567E477503A089B12EEBCE38 SIZE=24072 %SYSDIR%\pdfcmnnt.dll MD5=1574DD9D409F2DC45CF82C22B99164A4 SIZE=116224 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sched.exe [Avira GmbH] [AntiVir Workstation] MD5=9773E0650E0BAB7AE161D2A0ECC7678A SIZE=68865 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\schedr.dll [Avira GmbH] [AntiVir Workstation] MD5=EFBABD350FA0E4804CD98CE6FFE98743 SIZE=7937 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avevtlog.dll [Avira GmbH] [AntiVir Workstation] MD5=61DBB2959632400D4D7E397EBBCEB88F SIZE=119041 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\sqlite3.dll [SQLite Database] MD5=A467ACDA6C73AE3F8DBC6B94602921B5 SIZE=339968 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avguard.exe [Avira GmbH] [AntiVir Workstation] MD5=C17761C7381E028EBCA071944A97EB3E SIZE=149761 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\guardmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=FD1A14DE29EC44ED90CB2BE560B3707A SIZE=46337 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL [Avira GmbH] [AntiVir Workstation] MD5=BF8228DD8B40E0BA612CE75CC3A9818C SIZE=38657 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL [Avira GmbH] [AntiVir Workstation] MD5=8DC92F512184DBC0A0FA0117BE55BC55 SIZE=28929 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL [Avira GmbH] MD5=7769B062FBEB74A07D47509B4140383A SIZE=124161 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avipc.dll [Avira GmbH] [AntiVir Workstation] MD5=922EE25E719104E6D0E166451118E9F4 SIZE=73985 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aecore.dll [Avira GmbH] [AVCORE] MD5=362C15749B2BA559E64D508935E3146C SIZE=172406 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aevdf.dll [Avira GmbH] [AVVDF] MD5=C9FFFD5005F4FE7131DF6128E98E3A6A SIZE=102772 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescript.dll [Avira GmbH] [AVSCRIPT] MD5=E60765E4AA56B7CF7D1E68A9657F246F SIZE=311675 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aescn.dll [Avira GmbH] [AVSCN] MD5=F519C10B10D73B2B6B75CFEBC5096236 SIZE=119156 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aerdl.dll [Avira GmbH] [AVRDL] MD5=352C02CD46F42A12635297AB0AA7BFC6 SIZE=418165 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aepack.dll [Avira GmbH] [AVPACK] MD5=BC3A6DDC19C4511CA2C37F0938EB8853 SIZE=364917 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\unacev2.dll [ACE Compression Software] [UNACE - freeware ACE extraction component] MD5=DE02C4D04088B69E64ECC30A3D9E22E5 SIZE=77312 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeoffice.dll [Avira GmbH] [AVOFFICE] MD5=66468C976D362FECC51A4640C1C877F2 SIZE=192891 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeheur.dll [Avira GmbH] [AVHEUR] MD5=D4F5D5D1A72F7E09F360804196E6D317 SIZE=1343863 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aehelp.dll [Avira GmbH] [AVHELP] MD5=83BAC707A4B7682201A1EB9766B54CEB SIZE=115063 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aegen.dll [Avira GmbH] [AVGEN] MD5=3C02AF8B0264DEF4751FDE16A37E1416 SIZE=315765 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aeemu.dll [Avira GmbH] [AVEMU] MD5=87A6C6E3993D3A635F8E7152FC6D1907 SIZE=430452 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\aebb.dll [Avira GmbH] [AVBB] MD5=BBAD1D9B0694F5E8FE2ACB85283CC5FE SIZE=53617 %COMMONFILES%\AOL\ACS\AOLacsd.exe [America Online, Inc.] [AOL Connectivity Service] MD5=E13406F701A9B2A7513CD6798A40CECB SIZE=1135728 %SystemDiskRoot%\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [CLCapSvc Module] MD5=4921CB1FAE6978D44A91D0D65D93FA57 SIZE=221266 %SystemDiskRoot%\Apps\Powercinema\Kernel\TV\CLCapEngine.dll [CLCapEngine Dynamic Link Library] MD5=5F3B24A44D8F77F3A1E4CD8903F77475 SIZE=184408 %SystemDiskRoot%\Apps\Powercinema\Kernel\TV\PCMRRec4.dll [CyberLink Corp.] [CyberLink CLRec4.1] MD5=E4FBC6AF5AF43F9B1C9708798547D2F8 SIZE=2351173 %SystemDiskRoot%\Apps\Powercinema\Kernel\TV\CLCapSvcps.dll MD5=77767C82FDFA9CA018F30B23974DF94E SIZE=28672 %PROGRAMFILES%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [Cyberlink] [Cyberlink Media Library Server] MD5=BC2DDAF478AAF92F237FB52E35EB53D6 SIZE=61440 %PROGRAMFILES%\CyberLink\Shared Files\CLML_NTService\CLMLService.exe [Cyberlink] [Cyberlink MediaLibrary NT Service] MD5=C0E569681F74A0C1E5FBEBF914509BF0 SIZE=737381 %SystemDiskRoot%\Apps\Powercinema\Kernel\HomeNetWorking\CLNetMedia.dll [CLNetMedia Module] MD5=DEA8CA9F4B7355F765E883BF3002D06C SIZE=229458 %PROGRAMFILES%\FDD + FMD Combo Reader\czfmdser.exe MD5=2F01B43A151C72136B6DF5C8D65026F3 SIZE=28672 %SYSDIR%\FTRTSVC.exe [France Telecom] [FTRTSVC NT Service] MD5=D1261099E03EEE90976EA19002995B89 SIZE=40960 %SYSDIR%\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=A690AE7F4418401815CE3D73D60B8C6F SIZE=36864 %SystemDiskRoot%\APPS\HIDSERVICE\HIDSERVICE.exe MD5=69202C049779AE09470370F163363F13 SIZE=49152 %PROGRAMFILES%\ScanSoft\OmniPageSE4.0\OpHookSE4.dll [ScanSoft, Inc.] [OmniPage] MD5=B7FA1EBCBA2F4718F9171A766A27A457 SIZE=135168 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\OrangeDesktopSearchIntegration857.dll [France Telecom SA] [Orange Desktop Search] MD5=472FD8E3F55E47A1ACBF4F8E67017621 SIZE=1399080 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\OrangeDesktopSearchSystem857.dll [France Telecom SA] [Orange Desktop Search] MD5=4BBA491D2FAA60C43FF16B81DEF1DC78 SIZE=11560 %PROGRAMFILES%\Wanadoo\Inactivity.dll [Bibliothèque de liaison dynamique Inactivity] MD5=01516C007C86B7C1FCB31D2CD119FF12 SIZE=28672 %PROGRAMFILES%\SPAMfighter\Clients\Outlook Express\SFOE0001.dll [SPAMfighter ApS] [SPAMfighter for Outlook Express] MD5=8DCB8D4FD40C5B32CE55D7222722DCC6 SIZE=471688 %COMMONFILES%\Adobe\Acrobat\ActiveX\PDFShell.FRA [Adobe Systems, Inc.] [Adobe PDF Shell Extension] MD5=17C964594AC92EE0B67D9EA08F8A8FD0 SIZE=311296 %PROGRAMFILES%\SPAMfighter\sfus.exe [SPAMfighter ApS] [SPAMfighter] MD5=C7133455D184DCE0902558CDDE4AE935 SIZE=184968 %PROGRAMFILES%\SPAMfighter\sfsg.dll [SPAMfighter Client Suite] MD5=0C9DB4AEDE2E63B870DC39A5ACE29352 SIZE=539072 %PROGRAMFILES%\SPAMfighter\sfse.dll [SPAMfighter Client Suite] MD5=A72DBC5A44EE69F8DB95BA775B1FD6B9 SIZE=1972680 %SystemDiskRoot%\APPS\Powercinema\Kernel\TV\CLSched.exe [CLSched Module] MD5=BFB1A491B7CFAFBD35220537EEE92760 SIZE=110672 %SystemDiskRoot%\Apps\Powercinema\Kernel\TV\CLSchMgr.dll [CLSchMgr Dynamic Link Library] MD5=80E46A58D428B6CDEF0D100A9780456F SIZE=61522 %SystemDiskRoot%\ATI Technologies\ATI Control Panel\atipdsxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=AC0ADAAADFA2B18CB439EBC7BD362AB5 SIZE=258048 %SystemDiskRoot%\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA [ATI Technologies, Inc.] [ATI Desktop Component] MD5=CC00B5FB2D1407FB5E99CB8388753F83 SIZE=159744 %SystemDiskRoot%\ATI Technologies\ATI Control Panel\atipdxxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=945DB9A302D0AC49CE914F8EA664718B SIZE=73728 %SystemDiskRoot%\Apps\Powercinema\helper.dll [CyberLink Corp.] [CyberLink Helper] MD5=2AC2C4AC49668B8C1ABDC1FD151006DA SIZE=61440 %SystemDiskRoot%\Apps\Powercinema\Kernel\common\CLRCEngine3.dll [CyberLink Corp.] [Cyberlink PowerCinema] MD5=D0CDC03606B3A3C85ACFF47FE64288FD SIZE=45200 %SystemDiskRoot%\Apps\Powercinema\Kernel\TV\CLCapX.dll [Cyberlink] [Cyberlink CLCapX] MD5=4ABDF44DE6CA71E901CFFC713F3C8539 SIZE=176206 %SystemDiskRoot%\apps\ABoard\AHook.dll [NEC Computers International] [ActivHook Dynamic Link Library] MD5=C7BA367161A56BD7A80CA5FBD654D359 SIZE=53248 %SYSDIR%\lvmaenum.dll [Logitech Inc.] [Logitech QuickCam] MD5=68117BF63279094C974881102B740CB7 SIZE=258048 %SYSDIR%\lvcomcx.dll [Logitech Inc.] [Logitech QuickCam] MD5=A8C8F8EFE7DA315F116526F1EE46A29B SIZE=77824 %PROGRAMFILES%\Logitech\Video\QCUI2.dll [Logitech Inc.] [Logitech QuickCam] MD5=21CCCB3BF3BAA9B4D1171BC600BDE6B3 SIZE=466944 %PROGRAMFILES%\Logitech\Video\LTWVC12n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=3C7B1E2C0E0C54FE99852F18B3DC8445 SIZE=856064 %PROGRAMFILES%\Logitech\Video\LTFIL12n.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=2D50FD2FC9B7BD4360229B5A5DB1E572 SIZE=131072 %PROGRAMFILES%\Logitech\Video\LTKRN12n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=E09877BA179E67F465DD6EAB44684A19 SIZE=406016 %PROGRAMFILES%\Logitech\Video\LQCUI2.dll [Logitech Inc.] [Logitech QuickCam] MD5=0689C5550A9C733B59452E75850D1449 SIZE=90112 %PROGRAMFILES%\Logitech\Video\LLogTray.dll [Logitech Inc.] [Logitech QuickCam] MD5=FF3C2B3E32F78BE1CA8CD59E13FF4607 SIZE=90112 %PROGRAMFILES%\Logitech\Video\LTDIS12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=70319E2275E78D7D91FA9A8EF34F48FA SIZE=259072 %PROGRAMFILES%\Logitech\Video\LTIMG12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=54240AFF9562BB1BC88BD1BBED29C865 SIZE=164864 %PROGRAMFILES%\Logitech\Video\LTEFX12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=C6DC5023661EE122A296E9D0931AB163 SIZE=207872 %PROGRAMFILES%\Logitech\Video\LFFAX12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9981617DC7BD61AFC8A01E0C2429559D SIZE=78336 %PROGRAMFILES%\Logitech\Video\LFCMP12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=F61EC05FB1B10F088A8BC33C09987C67 SIZE=328704 %PROGRAMFILES%\Logitech\Video\LFTIF12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9181BF08AE5C2B0A2094944B753A6004 SIZE=141312 %PROGRAMFILES%\Logitech\Video\LFBMP12N.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=747B156D7ADAFA031B3BF816D87E1A6D SIZE=30720 %PROGRAMFILES%\Logitech\Video\FXSvrps.dll [Logitech Inc.] [Logitech QuickCam] MD5=96A04B2305C99D1B2FD48A23173E04F3 SIZE=8192 %SystemDiskRoot%\apps\ABoard\AOSD.exe [NEC Computers International] [ActivOSD Application] MD5=66C31EC9B966A1D5FFC726A53DC1A137 SIZE=69632 %PROGRAMFILES%\Google\Google Desktop Search\GoogleServices.DLL [Google] [Google Desktop] MD5=88C09AFE4FD58A036FA3C5680C5DBF2A SIZE=1990656 %PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopCommon.dll [Google] [Google Desktop] MD5=830E29ABDB00FB9E06E8720C2A04F2D9 SIZE=200704 %PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopResources_fr.dll [Google] [Google Desktop] MD5=6790F3E904D795B88E63824EC8FB13AC SIZE=572416 %PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopAPI2.dll [Google] [Google Desktop] MD5=19998E7B13F7E1A881D2F329C7AB4EC6 SIZE=500224 %PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopHyper.dll [Google] [Google Desktop] MD5=08A589999BB7B9F36003E697273A4DE3 SIZE=135168 %PROGRAMFILES%\Google\Google Desktop Search\gzlib.dll MD5=B9001F27A147F1D375EB5AE9EE0D3CEC SIZE=34816 %PROGRAMFILES%\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL [Apple Inc.] [iTunes] MD5=54D9CE6F1B8C1C4AA63FF55A19D2A14D SIZE=43520 %PROGRAMFILES%\iTunes\iTunesHelper.Resources\iTunesHelper.DLL [Apple Inc.] [iTunes] MD5=6FA5E7952567AA233705D71272596371 SIZE=42496 %PROGRAMFILES%\QuickTime\QTSystem\QuickTime.qts [Apple Inc.] [QuickTime] MD5=8FDDED9036E5848FB9DFDB013B6BA763 SIZE=16994304 %PROGRAMFILES%\QuickTime\QTSystem\CoreVideo.qtx [Apple Computer, Inc.] [QuickTime] MD5=6DE553A20FD5A61563BC06BFEE1899CF SIZE=323584 %PROGRAMFILES%\QuickTime\QTSystem\QuickTime3GPP.qtx [Apple Inc.] [QuickTime] MD5=EA1DD7C909987887133F5F569A192A94 SIZE=352256 %PROGRAMFILES%\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx [Apple Inc.] [QuickTime] MD5=1383073F5B581E59A2AD734209833CA7 SIZE=507904 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeAudioSupport.qtx [Apple Inc.] [QuickTime] MD5=75B8068765BF8008F929C775E7CB76AD SIZE=2641920 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeAuthoring.qtx [Apple Inc.] [QuickTime] MD5=25AEBC69A35FFA146416735DC5CBA5A4 SIZE=1982464 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeCapture.qtx [Apple Inc.] [QuickTime] MD5=9ED245925715892D32B3986B23D7CD93 SIZE=319488 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeEffects.qtx [Apple Inc.] [QuickTime] MD5=B506AB443F0A62BB7D2E07F50AF59288 SIZE=577536 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeEssentials.qtx [Apple Inc.] [QuickTime] MD5=C14864897C419CA56C1D0FC790A44670 SIZE=323584 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeH264.qtx [Apple Inc.] [QuickTime] MD5=1CF9A8E98315FB371F34F2B1C121FC29 SIZE=3506176 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeImage.qtx [Apple Inc.] [QuickTime] MD5=FCE5F4D47BCAF6459E8CCCA1E3A54334 SIZE=978944 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeInternetExtras.qtx [Apple Inc.] [QuickTime] MD5=19B99985D931945308CA70340056F97E SIZE=937984 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG.qtx [Apple Inc.] [QuickTime] MD5=5719585229872257D8CC968C391AB84D SIZE=462848 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG4.qtx [Apple Inc.] [QuickTime] MD5=0FE59052F84B4F3B469799F3DCBE0B03 SIZE=348160 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx [Apple Inc.] [QuickTime] MD5=161D148EFB375E9CE07DE62788429CDF SIZE=581632 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeMusic.qtx [Apple Inc.] [QuickTime] MD5=F24FF9E836D3F6287D963E5B6EB8BF28 SIZE=507904 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeQD3D.qtx [Apple Inc.] [QuickTime] MD5=19E1E52AE547AD1884D0BBF09DF6D32C SIZE=241664 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreaming.qtx [Apple Inc.] [QuickTime] MD5=403ED9817BAC519823FF8088539D0256 SIZE=872448 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx [Apple Inc.] [QuickTime] MD5=D9F53993EC1F0C7648EAA5B35142755E SIZE=356352 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx [Apple Inc.] [QuickTime] MD5=A0C7D0BC8DD6D7CB4278A4F45C4A1553 SIZE=163840 %PROGRAMFILES%\QuickTime\QTSystem\QuickTimeVR.qtx [Apple Inc.] [QuickTime] MD5=B3021EA0A9DABC616270352770CF41EF SIZE=876544 %COMMONFILES%\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll [Apple Inc.] [iTunesMobileDevice] MD5=2A2920D0EF665A6CCE0DA9C9AAC85777 SIZE=1110016 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\cclib.dll [Avira GmbH] [AntiVir Workstation] MD5=B56778E0CEB656EE14F7E69573CC5D19 SIZE=160001 %PROGRAMFILES%\avira\antivir personaledition classic\ccgen.dll [Avira GmbH] [AntiVir Workstation] MD5=AFFEC62925CF3779CF776CA4B534124E SIZE=270593 %PROGRAMFILES%\avira\antivir personaledition classic\ccgenrc.dll [Avira GmbH] [AntiVir Workstation] MD5=58DA316F458B8A17A3C7216E1794956E SIZE=17665 %PROGRAMFILES%\avira\antivir personaledition classic\ccguard.dll [Avira GmbH] [AntiVir Workstation] MD5=2CB68354DCFFB53151A8152EAECE3612 SIZE=213249 %PROGRAMFILES%\avira\antivir personaledition classic\ccgrdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=B8357197B0D864D67D9FD9C5043E3456 SIZE=20225 %PROGRAMFILES%\avira\antivir personaledition classic\ccupdate.dll [Avira GmbH] [AntiVir Workstation] MD5=5364855ACDCCCFC8B64DE64946657FB0 SIZE=110849 %PROGRAMFILES%\avira\antivir personaledition classic\ccupdrc.dll [Avira GmbH] [AntiVir Workstation] MD5=AF87BFE66DF01B07FB4F4FC4B3AD3129 SIZE=12545 %PROGRAMFILES%\avira\antivir personaledition classic\cclic.dll [Avira GmbH] [AntiVir Workstation] MD5=97108140E1D381108C3216BC15E739E1 SIZE=53505 %PROGRAMFILES%\avira\antivir personaledition classic\cclicrc.dll [Avira GmbH] [AntiVir Workstation] MD5=208A14217848520CB3DFFB5AD9DAB82E SIZE=5889 %PROGRAMFILES%\avira\antivir personaledition classic\ccmsg.dll [Avira GmbH] [AntiVir Workstation] MD5=2DC1EC49D108D3CDA9F94BF256E42B90 SIZE=155905 %PROGRAMFILES%\SPAMfighter\LazyMail.dll [SPAMfighter ApS] MD5=D8FD305E1B8DA6E143AB44CD402933DF SIZE=414344 %PROGRAMFILES%\SPAMfighter\Core.dll [SPAMfighter ApS] [SPAMfighter Client Suite] MD5=C64FE48E7C67F4FFBA6F8C1BEB3AF8FE SIZE=922248 %SYSDIR%\cdintf.dll [Amyuni Technologies https://www.amyuni.com/] [Amyuni Common Driver Interface] MD5=C07271CD2E7DF912874026E10C803F7D SIZE=360448 %SYSDIR%\spool\DRIVERS\W32X86\2\pdfui209.dll [Amyuni Technologies https://www.amyuni.com/] [Amyuni PDF Converter"] MD5=E75A54633EF5EE792DF696774A862932 SIZE=102624 %PROGRAMFILES%\Logitech\Video\FxSvr2.exe [Logitech Inc.] [Logitech QuickCam] MD5=70B68620C41C40580886B808FD7265DA SIZE=192512 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\DesktopSearchBTree200.dll [Copernic Technologies Inc.] [Copernic Desktop Search] MD5=9F5C4A0DC0E5C8EF747CB24F90AFA7F6 SIZE=38458 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLBTree170.dll [Copernic Technologies Inc.] [Copernic BTree Library] MD5=E9872EADA71955565AA5721A1E7EC7DA SIZE=66560 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLMem170.dll [Copernic Technologies Inc.] [Copernic Memory Library] MD5=408C0A5840F80D68CD0660B589C55DFF SIZE=13870 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLBase170.dll [Copernic Technologies Inc.] [Copernic Generic Library] MD5=891C7BFD72D7C78AC10CB5521E65ABF1 SIZE=79407 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLFile170.dll [Copernic Technologies Inc.] [Copernic File Library] MD5=A5BB3C927FE0D1A45D584893AA1CE1A2 SIZE=163840 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGL170.dll [Copernic Technologies Inc.] [Copernic Generic Library] MD5=3B635D47B27AC6F6FB29AB9FB189A701 SIZE=224768 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLCharset170.dll [Copernic Technologies Inc.] [Copernic Charset Library] MD5=CEFA49B5DBF7D2E71A7DB831BED25578 SIZE=68096 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\ConvertersLib110.dll [Copernic Technologies Inc.] [Copernic Conversion Library] MD5=FAA45E7BA59F33FAE34FDEA758CFF242 SIZE=650240 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLCompression170.dll [Copernic Technologies Inc.] [Copernic Compression Library] MD5=5F702021036342CBB2F2654DE92FA7CD SIZE=79360 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLParser170.dll [Copernic Technologies Inc.] [Copernic Parser Library] MD5=3E4B3D8BDFC57A018692F6057E54E765 SIZE=71680 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLEncoding170.dll [Copernic Technologies Inc.] [Copernic Encoding Library] MD5=2D5DDFCE4C2352978F5B623856FBC119 SIZE=79360 %PROGRAMFILES%\Orange HSS\Orange Desktop Search\CGL\CGLDetection170.dll [Copernic Technologies Inc.] [Copernic Detection Library] MD5=45306D4088E966A3DC3E90901C30985C SIZE=137728 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [Voxmobili] [Desktop Companion] MD5=0C1ECB0C7A3B9A77B90ED753D15AFEDC SIZE=684032 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VSPLib.dll MD5=43152BD5F208AEF3659A9EEFA7A83A36 SIZE=143360 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VLWLib.dll MD5=10101D4115E2B0BDD6CFD0D0388C0E39 SIZE=147456 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VoxLibEncrypt.dll MD5=D565243B5C319E3D64962A414FC13A06 SIZE=90112 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\ToolkitN.dll MD5=0CBA8E901CCCD1445B6557E83E5F1B8B SIZE=151552 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VoxLib.dll MD5=071882F86E446CB47F3E5D4A381ADA98 SIZE=192512 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\SyncManagerApi.dll MD5=1C850E663DA348C5B459CC338F140A67 SIZE=90112 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VoxsyncRes.dll MD5=63A39918A7334501105E3BEE76503871 SIZE=23552 %PROGRAMFILES%\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [ISSENDIS] MD5=A83D567A562466B3D87825416F4CE54C SIZE=257536 %PROGRAMFILES%\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [ISSENDIS] [ISSENDIS] MD5=B72AA4CBF4679DAE4F7DA61D47F92D84 SIZE=559104 %PROGRAMFILES%\Google\Google Updater\2.2.1111.1511\ci.dll [Google] [Google Updater] MD5=AFA2FABACAE985E71C288AAEC476C287 SIZE=877056 %PROGRAMFILES%\Aide mémoire\TrayIcon.exe MD5=095AB6EAC61948B7EE52E4268AA66325 SIZE=34816 %PROGRAMFILES%\Wanadoo\GestionnaireInternet.exe [France Télécom R&D] [Kit de Connexion et de Services] MD5=5D17C66B5620142A06B7391BE20C0476 SIZE=819200 %PROGRAMFILES%\Wanadoo\OutilsFT.dll [France Télécom R&D] [Kit Wanadoo] MD5=F0AD5EF11EF655967F3C0A88DF01D5F3 SIZE=24576 %PROGRAMFILES%\Wanadoo\StyleIHM.dll [France Télécom R&D] [Kit Générique - France Télécom R&D.] MD5=CF37736CBAD53E318A683DCA8E669887 SIZE=626688 %PROGRAMFILES%\Wanadoo\WooIHMF.dll [France Télécom R&D] [Gestionnaire Internet] MD5=FF91F43C73ABF326C4203D3E9C478E72 SIZE=282624 %PROGRAMFILES%\Wanadoo\skin\Default\main\ResourceStyle.dll [Kit Wanadoo] MD5=6D66B152B9BC974B9EA979B1306EDE02 SIZE=1855488 %SYSDIR%\AlertModule\AlertClient.dll [AlertClient Module] MD5=42893D43DB574778E05AE85C2120984F SIZE=36864 %PROGRAMFILES%\Wanadoo\DetectComponent.dll [Bibliothèque de liaison dynamique DetectComponent] MD5=7C0DCEDC849C2780D246977B026AB2E6 SIZE=90112 %PROGRAMFILES%\Wanadoo\SynchroDll.dll [Bibliothèque de liaison dynamique SynchroDll] MD5=57F451645CA64B2A3792A1B2F7629724 SIZE=53248 %PROGRAMFILES%\Aide mémoire\Aide mémoire.exe MD5=987A28FBF0EE471BB1116988F5B3105D SIZE=34816 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\SyncManager.exe MD5=4DB5EF10E97F3443A8A3675B8A0227F2 SIZE=139264 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\SyncEngine.dll MD5=0F8270CB18A114071D61A2607313139B SIZE=143360 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\HttpLib.dll MD5=38E0AA9F5116A7175D91EA6521AC700F SIZE=94208 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VoxCoLib.dll MD5=2E6A41EABA7F6DCFAB55A7866D3FCA70 SIZE=139264 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\CoOutlookNotes11.dll MD5=61FFCFCDED64ED64F3B78DBBDBDF2EB7 SIZE=196608 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\OutlookDb11.dll MD5=D8163EE1EFE773F14D9DB09093720E5A SIZE=212992 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\UIOutlook11.dll MD5=FDA9D6623D5883E2D0242B1C3F349F6F SIZE=290816 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\UtOutlook11.dll MD5=DE491641A05EE0AD2C9C0ED40739E27F SIZE=139264 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\CoOutlookTasks11.dll MD5=E33A23C2823C4F4B37FAAB92179D84BF SIZE=208896 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\CoOutlookEvents11.dll MD5=B6E17ABAA70CACB38B32B2758B6891A8 SIZE=225280 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\CoOutlookContacts11.dll MD5=87E7EDDAAE9BA85611118CE5C2AC3BAB SIZE=245760 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VoxParserUtil.dll MD5=9C98BB0619191AB6F45F0C07A2A091CF SIZE=94208 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\CoAddressBook.dll MD5=AFD52004536AF9BBA761DE13470FAEA4 SIZE=208896 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\UIAddressBook.dll MD5=FE019FF352949DDB53480821042FDA3B SIZE=258048 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\UtAddressBook.dll MD5=79207BFF606CD1B71EC11E87183F59EF SIZE=65536 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\CoCheckUpdate.dll MD5=43F3E18066BFD9366E5FE9A2635F2366 SIZE=77824 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\CoScheduler.dll MD5=5618D3794174DD26A437F5F378AABA67 SIZE=73728 %PROGRAMFILES%\Orange\Logiciel de Synchronisation Orange\VoxSyncMLParser.dll MD5=4DBC83D60E3727562FA17136D17C481D SIZE=139264 %PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=34D5B46AF7295A5496945F2C769175C3 SIZE=504104 %PROGRAMFILES%\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL [Apple Inc.] [iTunes] MD5=6EB204CD1C646D4D99D130A58D73392F SIZE=43520 %PROGRAMFILES%\iPod\bin\iPodService.Resources\iPodService.DLL [Apple Inc.] [iTunes] MD5=2E2633C4F9C1BD4802DE840D516DA368 SIZE=42496 %PROGRAMFILES%\Wanadoo\ComComp.exe [France Télécom R&D] [Kit de Connexion et de Services] MD5=5D589D0436C4C2D285B3418E79E78A21 SIZE=249856 %PROGRAMFILES%\Wanadoo\WLANManager.dll [France Télécom R&D] [WLANManager] MD5=3984A309960D2173D241CB07CEDABB12 SIZE=90112 %PROGRAMFILES%\Wanadoo\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=A690AE7F4418401815CE3D73D60B8C6F SIZE=36864 %SYSDIR%\W32N50.dll [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=A725BD088F906F29A619E392DA179AEC SIZE=81920 %PROGRAMFILES%\Wanadoo\GestAppFT.dll [France Télécom R&D] [Kit de Connexion et de Services] MD5=5E1EF37D7CF6658F453B7CFA268DBEE2 SIZE=151552 %PROGRAMFILES%\Wanadoo\ModifFT.dll [France Télécom R&D] [Kit Wanadoo] MD5=B5674B52F1B2026947DC6EF0248F089C SIZE=53248 %PROGRAMFILES%\Wanadoo\PMStub.dll [Bibliothèque de liaison dynamique PMStub] MD5=74D2A4D769D31151E1971AD2FCBCFFDA SIZE=36864 %PROGRAMFILES%\Wanadoo\PhoneManager.dll [Bibliothèque de liaison dynamique PhoneManager] MD5=FC02BFFAC618F14B9446FF371F92CADC SIZE=188416 %PROGRAMFILES%\Wanadoo\NDIS_Gen.dll [France Télécom R&D] [NDIS_Gen] MD5=9F436877B3566DB2302FC685AADADB0C SIZE=90112 %PROGRAMFILES%\Wanadoo\wpa_stub.dll MD5=47BCB6507501D6691D9D13C75D27636D SIZE=98304 %PROGRAMFILES%\Wanadoo\Toaster.exe [France Telecom R&D] [Application Toaster] MD5=C2D1BD2B433571ECEC29924ACE5D7C62 SIZE=69632 %PROGRAMFILES%\Wanadoo\Inactivity.exe [Application Inactivity] MD5=5F6DBF75D05462EED92B42376E89D9FE SIZE=32768 %PROGRAMFILES%\Wanadoo\PollingModule.exe [Application PollingModule] MD5=EDF02F58940FD56C12357D150F5397C0 SIZE=69632 %SYSDIR%\AlertModule\AlertModule.exe [Application AlertModule] MD5=68E404DB5525373FE0554ED2607F0C82 SIZE=45056 %PROGRAMFILES%\avira\antivir personaledition classic\avcenter.exe [Avira GmbH] [AntiVir Workstation] MD5=E348D619E668D5519DCCE1917A4D451F SIZE=356609 %PROGRAMFILES%\avira\antivir personaledition classic\cctpc.dll [Avira GmbH] [AntiVir Workstation] MD5=0AE05194A242BD520AAD60BD4D4C5C6A SIZE=246017 %PROGRAMFILES%\avira\antivir personaledition classic\ccmainrc.dll [Avira GmbH] [AntiVir Workstation] MD5=8C38D2726D44C62F0EC4B343F9B83AFD SIZE=20737 %PROGRAMFILES%\avira\antivir personaledition classic\ccprofil.dll [Avira GmbH] [AntiVir Workstation] MD5=820FA2CA6B8531A732752977F34D7C08 SIZE=258305 %PROGRAMFILES%\avira\antivir personaledition classic\ccscanrc.dll [Avira GmbH] [AntiVir Workstation] MD5=487D6B2566B1996EF44D06AE1CDF0CDC SIZE=23297 %PROGRAMFILES%\avira\antivir personaledition classic\ccquamgr.dll [Avira GmbH] [AntiVir Workstation] MD5=7BF1194693046BEAAB45CD09ACBE385F SIZE=217345 %PROGRAMFILES%\avira\antivir personaledition classic\ccquarc.dll [Avira GmbH] [AntiVir Workstation] MD5=037756A27AF171F661B5DD89CD10A4AB SIZE=16129 %PROGRAMFILES%\avira\antivir personaledition classic\ccsched.dll [Avira GmbH] [AntiVir Workstation] MD5=32D9B1E7DB4F5E9E2CDA7EABFB7A3BD8 SIZE=151809 %PROGRAMFILES%\avira\antivir personaledition classic\ccscherc.dll [Avira GmbH] [AntiVir Workstation] MD5=9D3C2F4F55FC8CC4F037CE639C9A1D0F SIZE=18177 %PROGRAMFILES%\avira\antivir personaledition classic\ccreport.dll [Avira GmbH] [AntiVir Workstation] MD5=876F468456B86536FAA8EA08FAED1B83 SIZE=131329 %PROGRAMFILES%\avira\antivir personaledition classic\ccreporc.dll [Avira GmbH] [AntiVir Workstation] MD5=4A2847A62F67EAF249EFF53D5A108851 SIZE=12033 %PROGRAMFILES%\avira\antivir personaledition classic\ccev.dll [Avira GmbH] [AntiVir Workstation] MD5=504C86DE54F557EC92D4415AD9955DA0 SIZE=147713 %PROGRAMFILES%\avira\antivir personaledition classic\ccevrc.dll [Avira GmbH] [AntiVir Workstation] MD5=53A9057980393EF848250073DC17ACBC SIZE=13057 %PROGRAMFILES%\avira\antivir personaledition classic\updlibrc.dll [Avira GmbH] [AntiVir Workstation] MD5=3F2FEA5C7F0B59BD5129608BA1A4352A SIZE=23809 %PROGRAMFILES%\avira\antivir personaledition classic\avscan.dll [Avira GmbH] [AntiVir Workstation] MD5=7D98963349233C87ECE10E66FD34C3BA SIZE=40705 %PROGRAMFILES%\Microsoft Office\OFFICE11\OUTLOOK.EXE [Microsoft Corporation] [Microsoft Office Outlook] MD5=8219160C141B505AB5C112F73405C348 SIZE=199688 %PROGRAMFILES%\SPAMfighter\Clients\Outlook\SFOLTOOL.dll [Dmitry Streblechenko] [Outlook Redemption] MD5=6C5772CAC36319186E3ABC71931EF1D6 SIZE=1857160 %PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopOffice.dll [Google] [Google Desktop] MD5=F52DFCF3DAE952B14EB8E5360BFC25BD SIZE=204288 %PROGRAMFILES%\iTunes\iTunesOutlookAddIn.dll [Apple Inc.] [iTunes] MD5=7E14791C7A35E3CC418F7FCE5EBBDBD3 SIZE=232960 %PROGRAMFILES%\SPAMfighter\Clients\Outlook\SFOL0000.dll [SPAMfighter ApS - SPAMfighter.com] [SPAMfighter for Outlook] MD5=48B3CB122F13412A75152E1E031893A8 SIZE=676496 %PROGRAMFILES%\Windows Live Toolbar\msntb.dll [Microsoft Corporation] [Windows Live Toolbar] MD5=CEE1BE1DA21300208D07FBEAE9EA2B51 SIZE=546320 deskpan.dll %SystemDiskRoot%\Apps\RecordNow\shlext.dll [RecordNow!] MD5=449FAEFE093CEEF36FDCC3D920AE437A SIZE=73728 %PROGRAMFILES%\Real\RealPlayer pshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=60E2733856671FB24D386A4D0C976285 SIZE=54848 %SYSDIR%\OoPdfManagerPopup.dll MD5=2AB8AD2300645626B282F040C8880BB7 SIZE=606720 %SYSDIR%\OoneZipPopup.dll MD5=FB0B4207490C2FB2D533ED44F61DD69A SIZE=452608 %PROGRAMFILES%\WinRAR arext.dll MD5=3552CBED461D5309E86B640AD40C7F3E SIZE=120832 %PROGRAMFILES%\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll [Roxio] [Drag-to-Disc] MD5=83AD06AE624CEAD5EB4BC2A42CDEE656 SIZE=262144 %SYSDIR%\FlashShl.dll MD5=7A8F58D5C44EC6DCAC18152C20C11B6A SIZE=155648 %PROGRAMFILES%\Logitech\Video\Namespc2.dll [Logitech Inc.] [Logitech QuickCam] MD5=2263BE04A864489E2828A9C4A1EAA5E1 SIZE=135168 %PROGRAMFILES%\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=E79956F4AEC40921F1766C76F015C7AD SIZE=33152 %PROGRAMFILES%\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=C027689A05E6B67018DF7614A27C6894 SIZE=236416 %PROGRAMFILES%\TuneUp Utilities 2006\SDShelEx-win32.dll [TuneUp Software GmbH] [TuneUp Utilities] MD5=D95A34B46B0998B1343198939B98CB13 SIZE=25608 %PROGRAMFILES%\iTunes\iTunesMiniPlayer.dll [Apple Inc.] [iTunes] MD5=F078744C697AD650D5B0EF85E8C875DA SIZE=132392 %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH] [AntiVir Workstation] MD5=09B3D3F6AD9744417574676E5A2836EE SIZE=65793 %SYSDIR%\DRIVERS\3xHybrid.sys [Philips Semiconductors GmbH] [Philips Semiconductors 3xHybrid] MD5=53C2589BD342534A50E869F20C6AC2B9 SIZE=799744 %SYSDIR%\svchost.exe -k netsvcs %PROGRAMFILES%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [Avira GmbH] [AntiVir Workstation] MD5=509BB9F79F7986CB0D4D7A7BEF35C6D5 SIZE=52032 %SYSDIR%\DRIVERS\avipbb.sys [Avira GmbH] MD5=C132C2F16A99C0EAD91C600BB81A31F0 SIZE=75072 %SYSDIR%\svchost -k DcomLaunch %SYSDIR%\svchost.exe -k NetworkService %SYSDIR%\drivers\RtkHDAud.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab)] MD5=F9E1B4A0E0EFB1CC59F3A8954701CBC7 SIZE=2257920 %SYSDIR%\svchost.exe -k LocalService %SYSDIR%\drivers\lvusbsta.sys [Logitech Inc.] [Logitech QuickCam] MD5=C5EFBD05A5195402121711A6EBBB271F SIZE=22016 %SYSDIR%\PCANDIS5.SYS [Printing Communications Assoc., Inc. (PCAUSA)] [PCAUSA Rawether for Windows] MD5=2F9806B52CB3748B1E49222744B28E3C SIZE=17134 %SYSDIR%\DRIVERS\LVCM.sys [Logitech Inc.] [Logitech QuickCam] MD5=9A155D31B8E52F41B258282092CC93A7 SIZE=1317152 %SYSDIR%\svchost -k rpcss %SYSDIR%\DRIVERS\Rtlnic51.sys [Realtek Semiconductor Corporation] [Realtek RTL8139/810x/8169/8110 all in one NDIS Driver] MD5=31C3EBB3A71FE56B8109BFB4ED20AE69 SIZE=69504 %SYSDIR%\DRIVERS\sis163u.sys [Silicon Integrated Systems Corp.] [NDIS 5.1 NIC Driver] MD5=7C36050A7B2CE88D2E3749D3714A06D2 SIZE=215552 %SYSDIR%\DRIVERS\ssmdrv.sys [Avira GmbH] MD5=3D2829FDE1C52FC64DA5413889CE4DEE SIZE=28352 %SYSDIR%\svchost.exe -k imgsvc %SYSDIR%\drivers mcomm.sys [Trend Micro Inc.] [ActiveClean] MD5=7BC118435392E58579CDA2E6617F2658 SIZE=94480 %SYSDIR%\DRIVERS\ultra.sys [Promise Technology, Inc.] [Gestionnaire de miniport ULTRA66 de Promise pour Windows NT] MD5=1B698A51CD528D8DA4FFAED66DFC51B9 SIZE=36736 %SYSDIR%\DRIVERS\wanatw4.sys [America Online, Inc.] [Wan Miniport (ATW)] MD5=0A716C08CB13C3A8F4F51E882DBF7416 SIZE=33588 %COMMONFILES%\Microsoft Shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=AA2204BD7F9FBFAA09EF15C212A67D69 SIZE=7255384 %COMMONFILES%\Skype\Skype4COM.dll [Skype Technologies] [Skype4COM] MD5=2F7520EFE75CA986F9E41B53162B7144 SIZE=1942864 %PROGRAMFILES%\Orange Toolbar FR\ToolbarIntegration250.dll [Copernic Inc.] [Copernic Toolbar] MD5=66CA10D7EA4303A6B9EAB077E9C41879 SIZE=2304512 %PROGRAMFILES%\Wanadoo\SearchPageURL.dll [SearchPageURL Module] MD5=4AF0DECA1AC2C25009E15A3D7377503F SIZE=57344 %SYSDIR%\pxdrv.dll [Sonic Solutions] [Px] MD5=E76098CCDD108943919EC1D729256EEE SIZE=477944 End of Report Quel est STP ton point de vue final ?? Merci encore pour ton analyse, tes compétences techniques et ton dévouement mis au service d'internautes "un peu pommés" devant de tels problèmes !!! "Si tous les gars du monde..." je vois que cela fonctionne encore, BRAVO, et à nouveau grand merci ! NB: Concernant la déclaration de ma plainte sur malwarecomplaints, existe t'il un explicatif proche de la langue française, car je n'ai pas tout compris...?

ep44 · Answer

Bonsoir 

Pour tes rapports c'est ok
pour mon point de vue final et je dirais que si ton PC tourne bien ce n'est que bonheur ;)
Pour malwarescomplaints, je t'ai donné ce tuto 
http://www.malekal.com/malwarecomplaints.html


Bye ;)

centi123 · Answer

mois aussi j'ai eu ce probleme j'avait avast et je l'ai virer puis j'ai instaler AVIRA c'est tout simple pour virer avast si tu l'a prend ce lienhttps://www.avast.com/fr-fr/uninstall-utility bonne chance

Comment éradiquer Win 32: Trojan-gen {other}

29 réponses

Discussions similaires

Newsletters