Matsya

J'ai désinstallé BitDefender depuis longtemps ! Bon, j'ai lancé Antivir en mode sans échec. Résultat : il a trouvé plusieurs troyens, ils n'ont pas le même nom que ceux trouver sous NOD32. Par contre, Antivir n'a pas réussi à supprimer les fichiers atteints, car il dit que ce sont des comptes mail. Voilà le résultat du scan d'Antivir : AntiVir PersonalEdition Classic Report file date: jeudi 6 décembre 2007 20:14 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: X Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: X Computer name: X Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: jeudi 6 décembre 2007 20:14 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'FOXIT_~1.EXE' - '1' Module(s) have been scanned Scan process 'FOXIT_~1.EXE' - '1' Module(s) have been scanned Scan process 'FOXIT_~1.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 15 processes with 15 modules were scanned Start scanning boot sectors: Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '31' files ). Starting the file scan: Begin scan in 'E:\' E:\Mes téléchargements\Preparation_Messenger.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '47bd509c.qua'! Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\X\Application Data\Thunderbird\Profiles\xe4n0s5k.default\Mail\pop.X.fr\Inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "Alan Dolan" <nikolaos.dadisman@austrocount.at>][subject: You can be young again! ][Message-ID: <01c7cf06$510bf500$a1f80651@nikolaos.dadisman>]824.mim [1] Archive type: MIME --> funny.zip [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.brk.1 [2] Archive type: ZIP --> funny.exe [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.234 --> Mailbox_[From: "Guy Juarez" <yudel.dadisman@boipara.com>][subject: Spam: Life is beautiful][Message-ID: <01c7d00b$d49ee7f0$d64394de@yudel.dadisman>]836.mim [1] Archive type: MIME --> bsaver.zip [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.brk.3 [2] Archive type: ZIP --> bsaver.scr [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.252 --> Mailbox_[Message-ID: <01c7d07a$fa9ed810$028b690c@germano.dadisman>][From: "Guadalupe Romano" <germano.dadisman@adslaktion][subject: Spam: Beauty for your]846.mim [1] Archive type: MIME --> fungame.zip [2] Archive type: ZIP --> fungame.exe [DETECTION] Is the Trojan horse TR/Ntech.A [WARNING] The file was ignored! C:\Documents and Settings\X\Application Data\Thunderbird\Profiles\xe4n0s5k.default\Mail\pop.X.fr\Junk [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "Alan Dolan" <nikolaos.dadisman@austrocount.at>][subject: You can be young again! ][Message-ID: <01c7cf06$510bf500$a1f80651@nikolaos.dadisman>]4.mim [1] Archive type: MIME --> funny.zip [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.brk.1 [2] Archive type: ZIP --> funny.exe [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.234 --> Mailbox_[From: "Guy Juarez" <yudel.dadisman@boipara.com>][subject: Spam: Life is beautiful][Message-ID: <01c7d00b$d49ee7f0$d64394de@yudel.dadisman>]6.mim [1] Archive type: MIME --> bsaver.zip [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.brk.3 [2] Archive type: ZIP --> bsaver.scr [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.252 --> Mailbox_[Message-ID: <01c7d07a$fa9ed810$028b690c@germano.dadisman>][From: "Guadalupe Romano" <germano.dadisman@adslaktion][subject: Spam: Beauty for your]14.mim [1] Archive type: MIME --> fungame.zip [2] Archive type: ZIP --> fungame.exe [DETECTION] Is the Trojan horse TR/Ntech.A [WARNING] The file was ignored! C:\Documents and Settings\X\Application Data\Thunderbird\Profiles\xe4n0s5k.default\Mail\pop.X.fr\Trash [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "Alan Dolan" <nikolaos.dadisman@austrocount.at>][subject: You can be young again! ][Message-ID: <01c7cf06$510bf500$a1f80651@nikolaos.dadisman>]106.mim [1] Archive type: MIME --> funny.zip [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.brk.1 [2] Archive type: ZIP --> funny.exe [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.234 --> Mailbox_[From: "Guy Juarez" <yudel.dadisman@boipara.com>][subject: Spam: Life is beautiful][Message-ID: <01c7d00b$d49ee7f0$d64394de@yudel.dadisman>]110.mim [1] Archive type: MIME --> bsaver.zip [DETECTION] Contains detection pattern of the dropper DR/Dldr.Agent.brk.3 [2] Archive type: ZIP --> bsaver.scr [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.252 --> Mailbox_[Message-ID: <01c7d07a$fa9ed810$028b690c@germano.dadisman>][From: "Guadalupe Romano" <germano.dadisman@adslaktion][subject: Spam: Beauty for your]118.mim [1] Archive type: MIME --> fungame.zip [2] Archive type: ZIP --> fungame.exe [DETECTION] Is the Trojan horse TR/Ntech.A [WARNING] The file was ignored! Begin scan in 'D:\' Search path D:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: jeudi 6 décembre 2007 22:42 Used time: 2:28:06 min The scan has been done completely. 6614 Scanning directories 525406 Files were scanned 15 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 525391 Files not concerned 15936 Archives were scanned 4 Warnings 1 Notes -> Je fais quoi maintenant ? -> Pourriez-vous me dire quels sont les types de logiciels et les meilleurs de leurs catégories qu'il faut avoir pour être protégé svp ? -> Auriez-vous un tutoriel pour bien configurer ZoneAlarm svp ? (Attention, la version Free) En fait, avec tous les tutoriels proposés sur le site ou sur le forum, j'avoue que je suis un peu pommé... Je ne sais plus quoi garder, quoi utiliser, à quelle fréquence, en mode normal ou sans échec, etc... ???

Je sais, mais il aurait du le noter dans son rapport, c'est ça que je voulais dire. Apparemment, il n'y a pas grand monde à le connaitre... Trop tard... Mais au niveau de l'usage d'Internet avant désinfection, c'est dangereux ? Quel fichier ? Niveau comportement, je crois être "exemplaire", je fais très (!) attention. Malheureusement, je suis assez exposé, vu que je dois travailler avec des gens (et sur un réseau) peu ou pas sécurisés. Ok. On fait ça dans le même topic ?

Comment se fait-il que HijackThis n'ait lui non plus rien vu ?! Vous connaissez le troyen qui a infesté mes deux PC ? Si oui, quelle est son action ? En attendant d'avoir tout désinfecté, dois-je prendre des mesures particulières ? Qu'entends-tu par "tu devras désactiver ton NOD32 durant le pré-nettoyage" ? Est-ce que ça veut dire qu'une fois le mode sans échec lancé, je devrais le désactiver ou dois-je le faire avant le passage au mode sans échec ? Enfin, les logiciels que j'ai cité dans mon premier post et qui s'occupent de la sécurité, sont-ils assez fiables ? Parce-que je ne m'explique par pourquoi ils n'ont rien vu... J'utilise quoi pour dégager ça ?

Bonjour, Aujourd'hui, en lançant Thunderbird sur mon portable, il s'est lancé et s'est tout de suite éteint (j'avais aussi remarquer depuis quelques temps qu'il "ramait" et AdAware s'est mis à planter quand je lançais une analyse). J'ai donc soupçonné quelque chose de louche, j'ai donc lancé NOD32. Il a donc trouvé un troyen : BAT/Passer.R. Seulement, il n'arrive pas à supprimer ce truc. Chose bizarre, j'ai la même chose sur mon PC fixe, mais dans un des autres dossiers Mail\localhost de Thunderbird... Dernier point curieux, NOD32 a laissé passé ce truc sans me prévenir... Voici quelques précisions au cas où, j'utilise : - Firefox - Thunderbird - NOD32 - ZoneAlarm - a² - Spybot - Ad-Aware 2007 Je ne sais pas quoi faire, on m'a conseillé de lancé HijackThis, mais je ne sais pas décodé le résultat, le voilà : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:12:25, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SkyTel.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\A-SQUA~1\a2service.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.faststone.org/ThankYou.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [bDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [Anniversaire] C:\Program Files\Anniversaire\AlerteAnniversaire.exe O4 - HKLM\..\Run: [eCarteBleue-LPV-P1] "C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD VISA\ECB.exe" /dontopenmycards O4 - HKLM\..\Run: [eCarteBleue-CDE-P3] G:\Caisse d'Epargne\ECB-CDE.exe /dontopenmycards O4 - HKLM\..\Run: [m6] C:\Program Files\M6Video\M6video.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe" O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRA~1\A-SQUA~1\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11330 bytes Merci par avance pour votre aide ! @++ -MATSYA-