help = win32: beagle-wfRésolu/Fermé

Question

Bonjour, 

j'ai été infectée par le virus win32 bEAGLE-WF
j'ai suivi plusieurs tuto m'indiquant de supprimer les fichiers infectés, j'ai fais les différents scan proposés (comme nanoscan ou a squared)
Puis j'ai utilisé les kits de désinfection de symantec et de bit defender.(j'y ai passé ma journée d'hier !)
à priori plus de trace de ce virus, mais mon pc réagit toujours comme si le virus était présent, je me demande si des fichiers système n'ont pas étés supprimés ou abîmés lors de la suppression.
y a t'il un moyen de verifier ca ?
Avast mon anti virus est toujours impossible a rétablir, il disparait a chaque essai...
autre chose il m'est et m'a été impossible d'accéder au mode sans echec depuis ce virus, lorsque j'essaye, voici le message d'erreur auquel j'ai droit :
executer: CHKDSK/F   => ( je ne sais pas comment !)
et
***STOP:0x0000007b(0xf7a1a524,0xc0000034,0x00000000,0x00000000)


merci d'avance pour votre aide précieuse, là je suis paumée et ne sais plus quoi faire...
alex

FillPCA · Answer

Bonjour,

 Télécharge ELIBAGLA en bas de cette page
http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.
Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.

Ne pas rebooter en passant par msconfig.

FillPCA

titi_alx · Answer

ok merci de ta réponse, je fais ca de suite...
à très vite ;)

titi_alx · Answer

bon je n'ai pas de chance, ca fait 10 minutes que c'est bloqué avec cette fenêtre :

http://img75.imageshack.us/img75/2460/pbfichierrh9.png

FillPCA · Answer

Re,

Arête-le et relance-le.
Si ça ne marche pas, fais ceci :
    *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

FillPCA

titi_alx · Answer

alors c'etait laborieux mais voici le rapport... il est super long....merci encore vraiment ;) ComboFix 07-10-29.1 - fabien 2007-10-29 15:41:14.1 - NTFSx86 Running from: C:\Documents and Settings\fabien\Mes documents\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\fabien\Application Data\MessengerSkinner C:\Documents and Settings\fabien\Application Data\MessengerSkinner\Userdata\languages_v2.xml C:\Documents and Settings\fabien\Application Data\MessengerSkinner\Userdata\pack1.cab C:\Program Files\messengerskinner C:\WINDOWS\pack.epk C:\WINDOWS\system32 vs2.inf C:\WINDOWS\system32 mp49.tmp C:\WINDOWS\system32 sefkhvtre.dat C:\WINDOWS\system32 sefkhvtre_nav.dat C:\WINDOWS\system32 sefkhvtre_navps.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA ((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))))))) . 2007-10-29 15:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-29 15:10 d-------- C:\Muestras 2007-10-29 02:24 d-------- C:\Program Files\RogueRemover FREE 2007-10-28 18:41 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-10-28 13:28 d-------- C:\Program Files\a-squared Free 2007-10-27 12:59 d-------- C:\Program Files\a-squared Anti-Malware 2007-10-27 12:53 d-------- C:\Program Files\Panda Security 2007-10-26 21:00 d-------- C:\Program Files\TRELLIAN 2007-10-16 13:40 d-------- C:\Documents and Settings\fabien\Application Data\Jasc 2007-10-16 13:38 d-------- C:\Program Files\Jasc Software Inc 2007-10-10 15:14 582,656 --------- C:\WINDOWS\system32\dllcache pcrt4.dll 2007-10-09 15:04 368,640 --a------ C:\WINDOWS\system32\ReWire.dll 2007-10-09 15:04 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2007-10-09 15:02 d-------- C:\Documents and Settings\fabien\Application Data\Propellerhead Software 2007-10-09 15:02 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 16:38 --------- d-----w C:\Program Files\Macrogaming 2007-10-26 22:51 --------- d-----w C:\Documents and Settings\fabien\Application Data\Azureus 2007-10-26 22:26 --------- d-----w C:\Program Files\eMule 2007-10-21 00:47 --------- d-----w C:\Program Files\Java 2007-10-20 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-20 12:01 --------- d-----w C:\Program Files\QuickTime 2007-10-10 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-10-04 21:01 --------- d-----w C:\Program Files\Azureus 2007-09-18 17:10 --------- d-----w C:\Documents and Settings\fabien\Application Data\CyberLink 2007-09-18 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2007-09-15 16:13 --------- d-----w C:\Program Files\AskTBar 2007-09-11 11:48 --------- d-----w C:\Documents and Settings\fabien\Application Data\Nero 2007-09-11 11:45 --------- d-----w C:\Program Files\Fichiers communs\Nero 2007-09-11 11:43 --------- d-----w C:\Program Files\Nero 2007-09-11 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-09-11 11:10 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-09-11 09:50 128 ----a-w C: eecmuxmkv.bat 2007-09-11 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-09-11 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-09-11 00:27 --------- d-----w C:\Program Files\Fichiers communs\BitDefender 2007-09-10 11:49 --------- d-----w C:\Program Files\inKline Global 2007-09-06 16:48 --------- d-----w C:\Program Files\HP 2007-09-06 16:48 --------- d-----w C:\Program Files\Fichiers communs\HP 2007-09-06 16:48 --------- d-----w C:\Documents and Settings\fabien\Application Data\Printer Info Cache 2007-09-06 16:48 --------- d-----w C:\Documents and Settings\fabien\Application Data\Image Zone Express 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-31 18:36 --------- d-----w C:\Program Files\Pando Networks 2007-08-28 21:03 --------- d-----w C:\Program Files\Alwil Software 2007-08-28 20:21 55,477 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-08-28 20:21 5,969 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-08-28 17:21 --------- d-----w C:\Documents and Settings\fabien\Application Data\Smart PC Solutions 2007-08-28 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-04-02 22:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 C:\WINDOWS\RTHDCPL.exe] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 13:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 13:00] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 13:00] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 18:06] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49] "EULA"="C:\APPS\PB_TB\EULALauncher.exe" [2006-09-29 13:14] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 22:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-20 13:01] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-10-13 12:53] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 23:29] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-07-17 04:06] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51] "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 11:33] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 07:21] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-04-01 01:10] "MediaDico"="d:\software\LanceMediaDICO12.exe" [2002-12-24 14:31] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-01 12:36] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 14:18] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-09-28 09:05] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 11:51] C:\Documents and Settings\fabien\Menu Démarrer\Programmes\Démarrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 23:01:50] Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24] Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-06-20 18:02:51] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-01 12:36:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" . ************************************************************************** catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-29 15:58:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-29 16:00:00 - machine was rebooted . --- E O F ---

FillPCA · Answer

Re,

1/ Essaie de relancer Elibagla et édite son rapport.

2/     *  Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

3/ Edite aussi un rapport Hijackthis :
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse.

FillPCA

titi_alx · Answer

RAPPORT eLIBAGLA:
Mon Oct 29 15:10:49 2007
EliBagle v10.63  (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.63
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Eliminada Carpeta "%WinDir%\exefld"

	  Mon Oct 29 15:58:25 2007
EliBagle v10.63  (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\Drivers\HIDR.EXE.VIR --> Eliminado
Restaurada Clave: "SafeBoot\Minimal y Network"

	  Mon Oct 29 16:15:39 2007
EliBagle v10.63  (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Mon Oct 29 16:15:42 2007
EliBagle v10.63  (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLISTART.EXE --> Eliminado Bagle

Nº Total de Directorios:   11072
Nº Total de Ficheros:      103478
Nº de Ficheros Analizados: 13204
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados:  1



je fais les autres....

titi_alx · Answer

rapport SRENG : [CODE] 2007-10-29,16:26:38 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [Elcor Software (https://www.elcor.net/] [(Verified)Google Inc] [N/A] [Packard Bell BV] <"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized> [(Verified)"Pando Networks, Inc."] <"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] <"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher] <"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart> [(Verified)Patchou] [N/A] <"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A] [Logitech] <"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"> [Microsoft Corporation] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\CCleaner\ccleaner.exe" /AUTO> [(Verified)Piriform Ltd] <"C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"> [(Verified)Nero AG] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Nero AG] [Logitech Inc.] [Logitech Inc.] [Logitech Inc.] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)"Pando Networks, Inc."] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"> [Hewlett-Packard Company] [Fujitsu-Siemens] [(Verified)] <"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] [NEC Computers International] <"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"> [(Verified)"Adobe Systems, Incorporated"] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] <%SystemRoot%\System32 undll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== Startup Folders [Adobe Reader Synchronizer] C:\PROGRA~1\Adobe\ACROBA~2.0\Acrobat\ADOBEC~1.EXE []> [Démarrage rapide du logiciel HP Image Zone] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]> [HP Digital Imaging Monitor] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [Lancement rapide d'Adobe Acrobat] C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]> [Logitech Desktop Messenger] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]> [Adobe Gamma] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]> [TransBar] C:\WINDOWS\BRICOP~1\VISTAI~1\TransBar\TransBar.exe [AKSoftware]> ================================== Services [a-squared Anti-Malware Service / a2AntiMalware][Stopped/Auto Start] <"C:\Program Files\a-squared Anti-Malware\a2service.exe"> [a-squared Free Service / a2free][Stopped/Auto Start] [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"> [AOL Connectivity Service / AOL ACS][Running/Auto Start] [avast! iAVS4 Control Service / aswUpdSv][Stopped/Disabled] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled] [ATI Smart / ATI Smart][Stopped/Auto Start] <> [avast! Antivirus / avast! Antivirus][Stopped/Disabled] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Stopped/Disabled] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Stopped/Disabled] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [FLEXnet Licensing Service / FLEXnet Licensing Service][Running/Manual Start] <"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [iolo System Guard / IOLO_SRV][Stopped/Auto Start] [NMIndexingService / NMIndexingService][Running/Manual Start] <"C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start] [Ulead Burning Helper / UleadBurningHelper][Running/Auto Start] [USBDeviceService / USBDeviceService][Running/Auto Start] <> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><> ================================== Drivers [abp480n5 / abp480n5][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ABP480N5.SYS> [adpu160m / adpu160m][Running/Boot Start] <\SystemRoot\system32\DRIVERS\adpu160m.sys> [Aha154x / Aha154x][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aha154x.sys> [aic78u2 / aic78u2][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aic78u2.sys> [aic78xx / aic78xx][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aic78xx.sys> [AliIde / AliIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aliide.sys> [Pilote de filtre du bus AMD AGP / amdagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\amdagp.sys> [AnyDVD / AnyDVD][Running/Manual Start] [asc / asc][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc.sys> [asc3350p / asc3350p][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc3350p.sys> [asc3550 / asc3550][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc3550.sys> [ati2mtag / ati2mtag][Running/Manual Start] [BDFSDRV / BDFSDRV][Stopped/Manual Start] <\??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys> [bdpredir / bdpredir][Stopped/System Start] <\??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys> [BDRSDRV / BDRSDRV][Stopped/Auto Start] <\??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys> [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\fabien\LOCALS~1\Temp\catchme.sys> [cd20xrnt / cd20xrnt][Running/Boot Start] <\SystemRoot\system32\DRIVERS\cd20xrnt.sys> [CmdIde / CmdIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\cmdide.sys> [CO_Mon / CO_Mon][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys> [dac2w2k / dac2w2k][Running/Boot Start] <\SystemRoot\system32\DRIVERS\dac2w2k.sys> [dpti2o / dpti2o][Running/Boot Start] <\SystemRoot\system32\DRIVERS\dpti2o.sys> [dtscsi / dtscsi][Running/Manual Start] <\SystemRoot\System32\Drivers\dtscsi.sys> [ElbyCDIO Driver / ElbyCDIO][Running/System Start] [ElbyDelay / ElbyDelay][Running/Manual Start] [VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start] [FILESpy / FILESpy][Stopped/Auto Start] <\??\C:\Program Files\Softwin\BitDefender9\filespy.sys> [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [ini910u / ini910u][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ini910u.sys> [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [IoloFilter / IoloFilter][Stopped/Boot Start] <\SystemRoot\system32\drivers\IoloFltr.sys> [Logitech USB Monitor Filter / LVUSBSta][Stopped/Manual Start] [mraid35x / mraid35x][Running/Boot Start] <\SystemRoot\system32\DRIVERS\mraid35x.sys> [Volume Adapter / pepifilter][Stopped/Manual Start] [QuickCam IM(PID_08A0) / PID_08A0][Stopped/Manual Start] [Logitech QuickCam IM(PID_PEPI) / PID_PEPI][Stopped/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [ql1080 / ql1080][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ql1080.sys> [Ql10wnt / Ql10wnt][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ql10wnt.sys> [ql12160 / ql12160][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ql12160.sys> [ql1280 / ql1280][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ql1280.sys> [REGSpy / REGSpy][Stopped/Auto Start] <\??\C:\Program Files\Softwin\BitDefender9 egspy.sys> [Secdrv / Secdrv][Stopped/Manual Start] [Filtre de bus AGP SIS / sisagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sisagp.sys> [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [Sparrow / Sparrow][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sparrow.sys> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [symc810 / symc810][Running/Boot Start] <\SystemRoot\system32\DRIVERS\symc810.sys> [symc8xx / symc8xx][Running/Boot Start] <\SystemRoot\system32\DRIVERS\symc8xx.sys> [sym_hi / sym_hi][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sym_hi.sys> [sym_u3 / sym_u3][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sym_u3.sys> [TosIde / TosIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS oside.sys> [ultra / ultra][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ultra.sys> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaidexp.sys> [viamraid / viamraid][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\viamraid.sys> [WAN Miniport (ATW) / wanatw][Running/Manual Start] [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [CInterceptor Object] {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Adobe PDF Conversion Toolbar Helper] {AE7CD045-E861-484f-8273-0445EE161910} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [CBrowserHelperObject Object] {CA6319C0-31B7-401E-A518-A07C3DB8F777} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Create Mobile Favorite] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [Create Mobile Favorite] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Real.com] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [Symantec AntiVirus scanner] {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [Symantec RuFSI Utility Class] {644E432F-49D3-41A1-8DD5-E099162EEEC5} [Image Uploader Control] {6E5E167B-1566-4316-B27F-0DDAB3484CF7} [NanoInstaller Class] {8436FE12-31DB-48BF-83BF-FE682F9160B4} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [MessengerStatsClient Class] {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [DataCtl Class] {0468C085-CA5B-11D0-AF08-00609797F0E0} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [TotalScan AV Class] {15ED5A73-5341-5241-4A43-3932018AD482} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A> [Symantec AntiVirus scanner] {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [CInterceptor Object] {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [ClickMeX Control] {4C98C782-8CC0-47DB-BD00-212A335982BB} [TotalScan Installer Class] {512FC5A1-7DE1-43F1-BC0C-371622FCB409} [NanoScanner Class] {53E00436-4CD7-4EDF-99CB-EA4D5B24B672} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Symantec RuFSI Utility Class] {644E432F-49D3-41A1-8DD5-E099162EEEC5} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [Image Uploader Control] {6E5E167B-1566-4316-B27F-0DDAB3484CF7} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [NanoInstaller Class] {8436FE12-31DB-48BF-83BF-FE682F9160B4} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Adobe PDF Conversion Toolbar Helper] {AE7CD045-E861-484F-8273-0445EE161910} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [] {B69003B3-C55E-4B48-836C-BC5946FC3B28} [CBrowserHelperObject Object] {CA6319C0-31B7-401E-A518-A07C3DB8F777} [Msxml] {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, N/A> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [Ajouter au fichier PDF existant] <63DB9-4EC0-403E-8DD8-394C54984B2C}, N/A> [Convertir en Adobe PDF] <, N/A> [Convertir la cible du lien en Adobe PDF] <, N/A> [Convertir la cible du lien en un fichier PDF existant] <, N/A> [Convertir la sélection en Adobe PDF] <, N/A> [Convertir la sélection en un fichier PDF existant] <, N/A> [Convertir les liens sélectionnés en fichier Adobe PDF] <, N/A> [Convertir les liens sélectionnés en un fichier PDF existant] <, N/A> [E&xporter vers Microsoft Excel] ================================== Running Processes [PID: 644 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 712 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4140] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 980 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1028 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1128 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1180 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1256 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1320 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 8.0.0.00] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdistRes.FRA] [, ] [C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0] [PID: 1664 / fabien][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\RACHook12.DLL] [L'Aventure MultiMedia, 1, 0, 0, 0] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll] [N/A, ] [C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll] [N/A, ] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll] [Microsoft Corporation, 5.20.1081.0] [C:\Program Files\Fichiers communs\Nero\Lib\MediaLibraryNSE.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Logitech\Video\AlbuDBps.dll] [Logitech Inc., 8.4.7.1034] [C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 3.8.0.5004] [C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 3.8.0.5004] [C:\WINDOWS\system32\LQCUI2.dll] [Logitech Inc., 8.4.7.1034] [C:\Program Files\Fichiers communs\Nero\Lib\NMHDirServices.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMDataServices.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMPluginBase.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMCoFoundation.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMFullTextExtraction.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Nero\Nero8\OnlineServices\NMInternetServices.dll] [Nero AG, 1.2.2.0] [C:\Program Files\Nero\Nero8\OnlineServices\NOSMyNeroRegistration.dll] [Nero AG, 1.2.2.0] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\a-squared Free\a2freecontmenu.dll] [Emsi Software GmbH, 3. 0. 0. 57] [C:\Program Files\a-squared Anti-Malware\a2contmenu.dll] [Emsi Software GmbH, 3. 0. 0. 56] [C:\Program Files\WinRAR arext.dll] [N/A, ] [C:\Program Files\Pando Networks\Pando\PandoShellExt.dll] [Pando Networks, 1.5.0.0] [C:\Program Files\Pando Networks\Pando\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll] [Nero AG, 3, 0, 1, 0] [C:\Program Files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll] [Nero AG, 0,4,0, 101] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1043, 0] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 8.0.5.2006102200\0] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.fra] [Adobe Systems Inc., 8.0.5.2006102200\0] [C:\Program Files\TweakRAM\shell_ext.dll] [N/A, ] [C:\WINDOWS\system32\CmdLineExt.dll] [Sony DADC Austria AG., 1,1,221,0] [PID: 520 / fabien][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.3760] [PID: 448 / fabien][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 408 / fabien][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.6.6] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 388 / fabien][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.7.1036] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036] [PID: 636 / fabien][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.4.7.1034] [C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.4.7.1034] [C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.4.7.1034] [C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.4.7.1034] [C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.020] [C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036] [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.7.1034] [PID: 676 / fabien][C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe] [HP, 2.335.5.0] [C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3212.dll] [HP, 2.335.5.0] [PID: 528 / fabien][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Company, 5, 0, 0, 0] [PID: 612 / fabien][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2715.2765 (xpsp(wmbla).050928-2135)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 696 / fabien][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.03.0.0] [C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.03.0.0] [C:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12] [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.0.6.0] [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.12.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images rgmount.dll] [GENERIC, 1.11.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0] [PID: 856 / fabien][C:\apps\ABoard\ABoard.exe] [NEC Computers International, 1, 2, 0, 0] [C:\apps\ABoard\AHook.dll] [NEC Computers International, 1, 1, 3, 0] [PID: 564 / fabien][C:\apps\ABoard\AOSD.exe] [NEC Computers International, 1, 2, 0, 0] [PID: 1072 / fabien][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe] [Adobe Systems Inc., 8.0.0.2006102200] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.fra] [Adobe Systems Inc., 8.0.0.0] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll] [Macrovision Europe Ltd., 11.03.005] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll] [Adobe Systems Inc., 1, 6, 0, 8] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll] [Adobe Systems Incorporated, 2,0,0,37] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll] [Adobe Systems Incorporated, 2,0,0,37] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll] [Adobe Systems Incorporated, 1,0,0] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU] [Adobe Systems Inc., 8.0.0.0] [PID: 1080 / fabien][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3] [PID: 1348 / fabien][C:\APPS\SMP\SmpSys.exe] [Packard Bell BV, 1.0.0.0] [PID: 1476 / fabien][C:\Program Files\Pando Networks\Pando\Pando.exe] [Pando Networks, 1,8,1,1] [C:\Program Files\Pando Networks\Pando\libnspr4.dll] [Netscape Communications Corporation, 4.6.5] [C:\Program Files\Pando Networks\Pando\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Pando Networks\Pando\libplc4.dll] [Netscape Communications Corporation, 4.6.5] [C:\Program Files\Pando Networks\Pando\BugSplat.dll] [BugSplat, LLC, 3, 1, 0, 1] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Pando Networks\Pando ss3.dll] [Mozilla Foundation, 3.11.5] [C:\Program Files\Pando Networks\Pando\softokn3.dll] [Mozilla Foundation, 3.11.4] [C:\Program Files\Pando Networks\Pando\libplds4.dll] [Netscape Communications Corporation, 4.6.5] [C:\Program Files\Pando Networks\Pando\ssl3.dll] [Mozilla Foundation, 3.11.5] [C:\Program Files\Pando Networks\Pando\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Pando Networks\Pando\smime3.dll] [Mozilla Foundation, 3.11.5] [C:\WINDOWS\system32\Mapi32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\Program Files\Pando Networks\Pando\freebl3.dll] [Mozilla Foundation, 3.11.4] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [PID: 1460 / fabien][C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.5.1238.0601] [C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1238.0601] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1238.0601] [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ] [C:\Program Files\Windows Live\Messenger\msgslang.8.5.1238.0601.dll] [Microsoft Corporation, 8.5.1238.0601] [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1238.0601] [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276] [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1238.0601] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1238.0601] [C:\WINDOWS\RACHook12.DLL] [L'Aventure MultiMedia, 1, 0, 0, 0] [PID: 1108 / fabien][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [PID: 1844 / fabien][C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe] [Logitech, 1.4.50] [C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\backWeb.dll] [BackWeb Technologies Inc., Version 6.1.4 (Build 68R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll] [N/A, ] [C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwsec.dll] [BackWeb, Version 6.1.4 (Build 68R)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\PROGRA~1\Logitech\DESKTO~1\8876480\614~1.68-\program\EN\ClientRC.dll] [BackWeb Technologies Inc., Version 6.1.4 (Build 68R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll] [N/A, ] [C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWfiles.dll] [, Version 6.1.4 (Build 68R)] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll] [N/A, ] [C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwscriptext.dll] [, Version 6.1.4 (Build 68R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll] [Logitech, 1.4.50] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1860 / fabien][C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE] [Microsoft Corporation, 3.8.0.5004] [C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 3.8.0.5004] [C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 3.8.0.5004] [C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll] [Microsoft Corporation, 3.8.0.5004] [PID: 1908 / fabien][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1996 / fabien][d:\software\MediaDICO12.EXE] [L'Aventure Multimedia, 2.1.0.0] [C:\WINDOWS\MediaDico12Dll.Dll] [L'Aventure Multimedia, 1.3.2.1] [C:\WINDOWS\RACHook12.DLL] [L'Aventure MultiMedia, 1, 0, 0, 0] [d:\software\Index.DLL] [L'Aventure Multimédia, 1.3.0.0] [PID: 1864 / fabien][C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll] [Nero AG, 0,4,0, 101] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingServicePS.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMDataServices.dll] [Nero AG, 3.0.4.0] [PID: 212 / fabien][d:\software\Rac12.EXE] [L'Aventure Multimedia, 1, 0, 0, 0] [C:\WINDOWS\MediaR12.dll] [Structu Rise, 2, 0, 0, 0] [C:\WINDOWS\RACHook12.DLL] [L'Aventure MultiMedia, 1, 0, 0, 0] [PID: 336 / fabien][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 45.4.157.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 45.4.157.000] [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 45.4.157.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 45.4.157.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 45.4.157.000] [C:\PROGRA~1\HP\DIGITA~1\bin\hpqmif08.dll] [Hewlett-Packard Co., 45.4.158.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 47.0.1.000] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpoSTD08.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 45.4.157.000] [C:\Program Files\HP\Digital Imaging\bin\hpoSTD08.rsc] [Hewlett-Packard Co., 47.0.1.000] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 45.4.157.000] [C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll] [Hewlett-Packard Co., 45.4.158.000] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\Program Files\HP\Digital Imaging\bin\hpodev08.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpodeb08.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hposcn08.dll] [Hewlett-Packard Co., 47.0.1.000] [C:\Program Files\HP\Digital Imaging\bin\hpoSCN08.rsc] [Hewlett-Packard Co., 47.0.1.000] [PID: 1112 / SYSTEM][C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe] [America Online, Inc., 2.0.20.1.FR.213 ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 1852 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\system32\sbe.dll] [, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 2068 / fabien][C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe] [Hewlett-Packard Co., 045.004.157.000] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2407] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly ativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2276ce91\mscorlib.dll] [N/A, ] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\assembly ativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bfce6474\system.windows.forms.dll] [N/A, ] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2407] [c:\windows\assembly ativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4d437bcc\system.dll] [N/A, ] [c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\assembly ativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7cc601c7\system.drawing.dll] [N/A, ] [c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\program files\hp\digital imaging\bin\fr\hpqgalry.resources.dll] [ , 45.4.81.0] [c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] [ , 3.0.0.0] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 45.4.157.000] [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032] [c:\windows\assembly ativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ec0558a1\system.xml.dll] [N/A, ] [c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll] [LEAD Technologies, Inc., 13.0.0.89] [c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll] [LEAD Technologies, Inc., 13.0.0.89] [C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll] [LEAD Technologies, Inc., 13.0.0.098] [c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqtray.resources.dll] [ , 45.4.64.0] [c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll] [LEAD Technologies, Inc., 13.0.0.89] [c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll] [LEAD Technologies, Inc., 13.0.0.89] [c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqfmrsc.resources.dll] [ , 45.4.64.0] [c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll] [ , 1.0.0.0] [C:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll] [Hewlett-Packard Co., 45.4.157.000] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\DOCUME~1\fabien\LOCALS~1\Temp\IadHide4.dll] [BackWeb, Version 6.1.4 (Build 68R)] [c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll] [Microsoft Corporation, 1.1.4322.573] [c:\program files\hp\digital imaging\bin\hpqmirsc.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\program files\hp\digital imaging\bin\fr\hpqmirsc.resources.dll] [ , 45.4.64.0] [c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll] [LEAD Technologies, Inc., 13.0.0.89] [c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll] [LEAD Technologies, Inc., 13.0.0.89] [c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqcmctl.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcmctl.resources.dll] [ , 45.4.81.0] [c:\windows\assembly\gac\hpqccrsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqccrsc.resources.dll] [ , 45.4.64.0] [c:\windows\assembly\gac\hpqietpz.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqietpz.resources.dll] [ , 45.4.116.0] [c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll] [ , 1.0.0.0] [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll] [ , 3.0.0.0] [c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcprsc.resources.dll] [ , 45.4.64.0] [c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll] [Hewlett-Packard Co., 045.004.157.000] [c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqisrtb.resources.dll] [Hewlett-Packard Co., 45.4.157.0] [c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll] [Hewlett-Packard Co., 045.004.157.000] [PID: 2160 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 2240 / fabien][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.4.7.1034] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.7.1036] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.7.1036] [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.7.1034] [PID: 2428 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2448 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2464 / SYSTEM][C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 4] [PID: 2592 / SYSTEM][C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe] [, 1, 0, 0, 1] [PID: 2712 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)] [C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)] [PID: 3952 / SYSTEM][C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingServicePS.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\NMLogCxx.dll] [Nero AG, 3.0.4.0] [C:\Program Files\Fichiers communs\Nero\Lib\log4cxx.dll] [N/A, ] [C:\Program Files\Fichiers communs\Nero\Lib\NMDataServices.dll] [Nero AG, 3.0.4.0] [PID: 3992 / SYSTEM][C:

titi_alx · Answer

voila le dernier...... ca va t'a pas mal à la tête ????

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:26, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
d:\software\MediaDICO12.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
d:\software\Rac12.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\fabien\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lms.7speaking.com/index2.cfm?path=bas&thread=0&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MediaDico] d:\software\LanceMediaDICO12.exe Lancement
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7911C0-1D17-41C7-8B1A-AAFC1C95DBC8}: NameServer = 86.64.145.141 84.103.237.141
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\Program Files\a-squared Free\a2service.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

FillPCA · Answer

Re,

1/ Installe Hijackthis dans un répertoire dédié comme C:\Hijackthis par exemple puis ouvre ce programme. Coche ces lignes :
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) 
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) 

Clique sur fix/réparer.

2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

3/     *  Fais un scan en ligne en cliquant ici : https://www.bitdefender.com/toolbox/
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

4/ Edite le rapport AVGantispyware et le rapport bit defender.

FillPCA

titi_alx · Answer

AVG NE DETECTE AUCUN PROBLEME....
je lance bitdefender ...

titi_alx · Answer

impossible de lancer bitdefender voici la fenêtre ou je suis bloquée:
http://img267.imageshack.us/img267/5029/pbbitdefendrg4.png

FillPCA · Answer

Re,

    *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

Edite ce rapport.

FillPCA

titi_alx · Answer

voila le rapport :
KASPERSKY ONLINE SCANNER REPORT
 Monday, October 29, 2007 6:12:56 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 29/10/2007
 Kaspersky Anti-Virus database records: 448306
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - Critical Areas:
	C:\WINDOWS
	C:\DOCUME~1\fabien\LOCALS~1\Temp\

Scan Statistics:
	Total number of scanned objects: 27874
	Number of viruses found: 0
	Number of infected objects: 0
	Number of suspicious objects: 0
	Duration of the scan process: 00:19:00

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\$_hpcst$.hpc	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{77D2EBA1-59FD-4B38-B2FB-BF49223E9CD2}.crmlog	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9DFA266B-452F-4AB3-A7C8-662EB30A5D45}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\ACEEvent.evt	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\DEFAULT	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\Media Ce.evt	Object is locked	skipped
C:\WINDOWS\system32\config\ODiag.evt	Object is locked	skipped
C:\WINDOWS\system32\config\OSession.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SOFTWARE	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SYSTEM	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\dtscsi.sys	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd2381.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
C:\DOCUME~1\fabien\LOCALS~1\Temp\hpodvd09.log	Object is locked	skipped
C:\DOCUME~1\fabien\LOCALS~1\Temp\Perflib_Perfdata_fcc.dat	Object is locked	skipped
C:\DOCUME~1\fabien\LOCALS~1\Temp\~DFCB82.tmp	Object is locked	skipped

Scan process completed.

FillPCA · Answer

Re,

Tu as scanné la zone critique. J'aurais nettement préfé un scan du PC (my computer), bien plus complet.

FillPCA

titi_alx · Answer

ARF pardon, lol, j'ai du riper.... je recommence chef ;)

titi_alx · Answer

le scan est en route et tu avais raison d'insister car il a déjà trouvé 1 virus...
vraiment merci ... t'assure !

titi_alx · Answer

o k c'est fait, il trouve encore des vilains fichiers...:

 KASPERSKY ONLINE SCANNER REPORT
 Monday, October 29, 2007 9:53:23 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 29/10/2007
 Kaspersky Anti-Virus database records: 448345
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\
	J:\
	K:\

Scan Statistics:
	Total number of scanned objects: 112789
	Number of viruses found: 3
	Number of infected objects: 7
	Number of suspicious objects: 0
	Duration of the scan process: 02:52:00

Infected Object Name / Virus Name / Last Action
C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE/300.exe	Infected: Trojan-Spy.Win32.Delf.wh	skipped
C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE	SetupSpecialist: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\history.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\key3.db	Object is locked	skipped
C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\fabien\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\fabien\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Ahead\Nero Home\bl.db	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Ahead\Nero Home\is2.db	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Mozilla\Firefox\Profiles\x9qr5kxj.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Pando\Pando Files\cert\key3.db	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Application Data\Pando\Pando Files\pando.log	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Historique\History.IE5\MSHist012007102920071030\index.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Temp\hpodvd09.log	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Temp\Perflib_Perfdata_fcc.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Temp\~DFCB82.tmp	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	skipped
C:\Documents and Settings\fabien\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\fabien\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\fabien
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\chandir.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\chandir.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\chn.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\chn.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\D0000000.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\inuse.txt	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\L0000004.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\main.log	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_die.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_die.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_dnd.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_dnd.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_ext.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_ext.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_rcv.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\prs_rcv.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\storydb.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\fabien\Data\storydb.idx	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1\A0000065.exe	Infected: Trojan-Downloader.Win32.Bagle.fc	skipped
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1\change.log	Object is locked	skipped
C:\WINDOWS\$_hpcst$.hpc	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{77D2EBA1-59FD-4B38-B2FB-BF49223E9CD2}.crmlog	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9DFA266B-452F-4AB3-A7C8-662EB30A5D45}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\ACEEvent.evt	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\DEFAULT	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\Media Ce.evt	Object is locked	skipped
C:\WINDOWS\system32\config\ODiag.evt	Object is locked	skipped
C:\WINDOWS\system32\config\OSession.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SOFTWARE	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SYSTEM	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\dtscsi.sys	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd2381.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\Download\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH
ero8-fdb.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm	skipped
D:\Download\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH
ero8-fdb.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm	skipped
D:\Download\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH
ero8-fdb.iso/Toolbar.exe	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm	skipped
D:\Download\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH
ero8-fdb.iso	ISO image: infected - 3	skipped
D:\Software\Anglais-Francais\AF_AFFI.DAT	Object is locked	skipped
D:\Software\Anglais-Francais\AF_affi.IDX	Object is locked	skipped
D:\Software\Anglais-Francais\af_entALL.IDX	Object is locked	skipped
D:\Software\Anglais-Francais\AF_entlis.idx	Object is locked	skipped
D:\Software\Citations\cit_affi.DAT	Object is locked	skipped
D:\Software\Citations\cit_affi.IDX	Object is locked	skipped
D:\Software\Citations\cit_ent1.IDX	Object is locked	skipped
D:\Software\Citations\cit_ent2.IDX	Object is locked	skipped
D:\Software\Conjugaison\CJ_COMPO.DAT	Object is locked	skipped
D:\Software\Conjugaison\CJ_COMPO.IDX	Object is locked	skipped
D:\Software\Conjugaison\cj_ent.IDX	Object is locked	skipped
D:\Software\Conjugaison\CJ_IMPER.DAT	Object is locked	skipped
D:\Software\Conjugaison\CJ_IMPER.IDX	Object is locked	skipped
D:\Software\Conjugaison\cj_info.DAT	Object is locked	skipped
D:\Software\Conjugaison\cj_info.IDX	Object is locked	skipped
D:\Software\Conjugaison\CJ_PART.DAT	Object is locked	skipped
D:\Software\Conjugaison\CJ_PART.IDX	Object is locked	skipped
D:\Software\Conjugaison\CJ_SIMPL.DAT	Object is locked	skipped
D:\Software\Conjugaison\CJ_SIMPL.IDX	Object is locked	skipped
D:\Software\Definition\def_affi.DAT	Object is locked	skipped
D:\Software\Definition\def_affi.IDX	Object is locked	skipped
D:\Software\Definition\def_entALL.IDX	Object is locked	skipped
D:\Software\Definition\def_entlis.Idx	Object is locked	skipped
D:\Software\Francais-Anglais\fa_affi.DAT	Object is locked	skipped
D:\Software\Francais-Anglais\fa_affi.IDX	Object is locked	skipped
D:\Software\Francais-Anglais\fa_entALL.IDX	Object is locked	skipped
D:\Software\Francais-Anglais\fa_entlis.IDX	Object is locked	skipped
D:\Software\Maximots\Maximots.ind	Object is locked	skipped
D:\Software\Style\sty_affi.DAT	Object is locked	skipped
D:\Software\Style\sty_affi.IDX	Object is locked	skipped
D:\Software\Style\sty_entall.IDX	Object is locked	skipped
D:\Software\Style\sty_entlis.IDX	Object is locked	skipped
D:\Software\Synonymes\syn_AFFI.DAT	Object is locked	skipped
D:\Software\Synonymes\syn_AFFI.IDX	Object is locked	skipped
D:\Software\Synonymes\syn_entall.IDX	Object is locked	skipped
D:\Software\Synonymes\syn_entlis.IDX	Object is locked	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1\change.log	Object is locked	skipped

Scan process completed.

FillPCA · Answer

Re,

1/ 
    *  Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE
D:\Download\Nero.8.Ultra.Edition.v.8.0.3.0.MULTiLANGUAGE-FiCKDiEBiATCH
ero8-fdb.iso
C:\Muestras

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Tu dois désactiver puis réactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur appliquer>OK.
Décoche cette case, clique sur appliquer>OK et redémarre le PC.

3/ Comment le pc se porte-t-il ? Sinon, on passe à la dernière étape.

FillPCA

titi_alx · Answer

je viens de faire otmoveit, mon pc fonctionne tres bien depuis les dernières manips,
j'attaque le 2/ à tout de suite !
et franchement merci, je ne sais quoi dire ! MERCI

FillPCA · Answer

Re,

OK. Je regarde tout ça demain. La couette m'appelle !

FillPCA

titi_alx · Answer

ok ... je suis de retour et serais là demain, merci encore pour ton aideet le temps que tu m'as accordé, le pc refonctionne très bien mais je me doute que nous n'avons pas fini...
pourras tu me dire aussi ce que tu me conseilles en anti virus....
bonne nuit à toi !

FillPCA · Answer

Bonsoir,

Pour moi, c'est propre. 

    *  Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

Tu peux supprimer tous les programmes sauf Ccleaner et AVGantispyware.
En antivirus gratuit, Antivir est très bon mais en anglais.

Ceci étant dit, bagle s'attrape par p2p, donc il faut commencer par arrêter cela, sinon, tu seras toujours infecté, même si tu optes pour Kaspersky.

Il te faut aussi un pare-feu. C'est même essentiel. Tu peux suivre ce lien : http://perso.orange.fr/Le-site-de-Fill/S%E9curit%E9/Logiciels%20de%20protection.html

Si tu n'as plus de problème, tu peux marquer le sujet comme "résolu".

Bon surf !

FillPCA

titi_alx · Answer

merci encore pour tout le temps que tu y as passé ;)
ca a l'air de bien fonctionner je vais installer tout ce que tu m'indiques et etre vigilante ! 
merci....

FillPCA · Answer

Bonjour,

Content d'avoir pu t'aider.

Bon surf !

FillPCA

Help => win32: beagle-wf

25 réponses

Discussions similaires

Newsletters