Sujet Précédent Sujet Suivant

Win 32 agent pdd

Résolu/Fermé
jojo9166 - 9 janv. 2008 à 09:32
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 - 29 janv. 2008 à 18:01
Bonjour,à tous
comment svp eradiquer ce trj win 32 agent pddd dans system32/sysrest.sys decouvert avec avast (à jour) et malgres une supression ou mise en quarantaine et avec un netoyage avec spybot et ad- aware peso il est toujour actif au demarage
merci
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
9 janv. 2008 à 09:34
Bonjour,

1/ Télécharge et installe Hijackthis.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm


Fais un scan et poste l'analyse.

2/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
* Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
* Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
* Clique sur "smart scan".
* Clique sur le bouton "scan".
* Quand l'analyse est terminée, clique sur le bouton "save reports".
* Sauvegarde alors le rapport sur ton bureau.
* Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

FillPCA
0
Réponse 2 / 28
jojo9166
9 janv. 2008 à 10:28
voila mon scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:51, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\CameraFixer.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Agnitum\Spam Terrier\asp_srv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Exalead Toolbar BHO - {04F9D268-DC1F-4BF9-AD5D-7DDCEB514294} - C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: Exalead Toolbar - {8F6D9079-D956-4D31-B7CC-CE6FA3044EE5} - C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
0
Réponse 3 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
9 janv. 2008 à 10:40
Re,

OK. Une partie de l'infection est repérée. Peux-tu joindre également le 2nd rapport demandé ?

FillPCA
0
Réponse 4 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
9 janv. 2008 à 11:00
voici le N°2

[CODE]

2008-01-09,10:41:10

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<WOOKIT><C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [N/A]
<Gestionnaire Antidote.exe><C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe> [(Verified)Druide informatique inc.]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<Copernic Desktop Search 2><"C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray> [(Verified)Copernic Technologies Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Nero AG]
<InCD><C:\Program Files\Ahead\InCD\InCD.exe> [Ahead Software AG]
<WOOWATCH><C:\PROGRA~1\Wanadoo\Watch.exe> [France Télécom R&D]
<WOOTASKBARICON><C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe> [N/A]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<Opware12><"C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"> [ScanSoft, Inc.]
<Windows Defender><"C:\Program Files\Windows Defender\MSASCui.exe" -masquer> [(Verified)Microsoft Corporation]
<REGSHAVE><C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN> [FUJI PHOTO FILM CO., LTD.]
<OSSelectorReinstall><C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe> []
<tsnpstd3><C:\WINDOWS\tsnpstd3.exe> []
<TrueImageMonitor.exe><C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe> [Acronis]
<CloneCDTray><"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"> [Elaborate Bytes AG]
<CameraFixer><C:\WINDOWS\CameraFixer.exe> []
<Acronis Scheduler2 Service><"C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"> [Acronis]
<ISUSPM Startup><C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<snpstd3><C:\WINDOWS\vsnpstd3.exe> [(Verified)Microsoft Windows Publisher]
<MRT><"C:\WINDOWS\system32\MRT.exe" /R> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WIFD1F~1\MpShHook.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[officejet 6100]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\officejet 6100.lnk --> C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe [Hewlett-Packard Co.]><N>

==================================
Services
[Acronis Scheduler2 Service / AcrSch2Svc][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe"><Acronis>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Firebird Server - MAGIX Instance / FirebirdServerMAGIXInstance][Stopped/Manual Start]
<C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe><MAGIX®>
[France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]
<C:\WINDOWS\System32\FTRTSVC.exe><France Telecom>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InCD Helper / InCDsrv][Running/Auto Start]
<C:\Program Files\Ahead\InCD\InCDsrv.exe><Ahead Software AG>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[UPnPService / UPnPService][Stopped/Manual Start]
<C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe><Magix AG>

==================================
Drivers
[Service d'installation du pilote audio Intel(r) 82801 (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Aspi32 / Aspi32][Running/Auto Start]
<System32\drivers\aspi32.sys><Adaptec>
[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Running/Manual Start]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[i81x / i81x][Running/Manual Start]
<System32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
<System32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
<System32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
<System32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
<System32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
<System32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5][Stopped/Manual Start]
<system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6][Stopped/Manual Start]
<system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7][Stopped/Manual Start]
<system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
<System32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
<System32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV2 / iAimTV2][Stopped/Manual Start]
<System32\DRIVERS\wATV03nt.sys><N/A>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
<System32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
<System32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5][Stopped/Manual Start]
<system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6][Stopped/Manual Start]
<system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[InCDPass / InCDPass][Running/System Start]
<System32\DRIVERS\InCDPass.sys><Ahead Software AG>
[SoundTap Recorder / NCHSSVAD][Stopped/Manual Start]
<system32\drivers\nchssvad.sys><NCH Swift Sound>
[Pinnacle DVC 80 Audio / nuvaud2][Stopped/Manual Start]
<system32\DRIVERS\nuvaud2.sys><Zoran Ltd.>
[Pinnacle DVC 80 Video / NUVision][Stopped/Manual Start]
<system32\DRIVERS\nuvvid2.sys><Zoran Ltd.>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Acronis Snapshots Manager / snapman][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\snapman.sys><Acronis>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
<system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sysrest.sys / sysrest.sys][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\sysrest.sys><N/A>
[Acronis TrueImage FS Filter / tifsfilter][Running/Auto Start]
<system32\DRIVERS\tifsfilt.sys><Acronis>
[Acronis TrueImage Backup Archive Explorer / timounter][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\timntr.sys><Acronis>
[TVICHW32 / TVICHW32][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[ExaIEHelperObject Object]
{04F9D268-DC1F-4BF9-AD5D-7DDCEB514294} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[VMN Toolbar]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL, Visicom Media Inc. >
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Orange]
{1462651F-F4BA-4C76-A001-C4284D0FE16E} <http://www.orange.fr, N/A>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Copernic Desktop Search 2]
{968631B6-4729-440D-9BF4-251F5593EC9A} <C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll, Copernic Technologies Inc.>
[Exalead Toolbar]
{8F6D9079-D956-4D31-B7CC-CE6FA3044EE5} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
[VMN Toolbar]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL, Visicom Media Inc. >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[LSSupCtl Class]
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} <C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll, Symantec Corporation>
[ActiveDataInfo Class]
{3451DEDE-631F-421C-8127-FD793AFC6CC8} <C:\WINDOWS\Downloaded Program Files\SymAData.dll, Symantec Corporation>
[SysData Class]
{49232000-16E4-426C-A231-62846947304B} <C:\WINDOWS\DOWNLO~1\SysInfo.dll, Hewlett-Packard>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Oberon Flash Game Host]
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} <C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll, Oberon Media, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Driver Agent ActiveX Control]
{E8F628B5-259A-4734-97EE-BA914D7BE941} <C:\WINDOWS\Downloaded Program Files\driveragent.ocx, Touchstone Software Corp>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Office Template and Media Control]
{02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\PROGRA~1\MICROS~2\OFFICE11\IEAWSDC.DLL, >
[ExaIEHelperObject Object]
{04F9D268-DC1F-4BF9-AD5D-7DDCEB514294} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[CEnroll Class]
{127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\System32\xenroll.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\System32\tdc.ocx, Microsoft Corporation>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[SysData Class]
{49232000-16E4-426C-A231-62846947304B} <C:\WINDOWS\DOWNLO~1\SysInfo.dll, Hewlett-Packard>
[VMN Toolbar]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} <C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL, Visicom Media Inc. >
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[PSFormX Control]
{56393399-041A-4650-94C7-13DFCB1F4665} <C:\WINDOWS\DOWNLO~1\PESTSC~1.OCX, Visicom Media>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Exalead Toolbar]
{8F6D9079-D956-4D31-B7CC-CE6FA3044EE5} <C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll, Exalead>
[Copernic Desktop Search 2]
{968631B6-4729-440D-9BF4-251F5593EC9A} <C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll, Copernic Technologies Inc.>
[LogData Class]
{A526A2C7-723E-4081-BF70-A7A9913E8C4A} <C:\WINDOWS\DOWNLO~1\LogInfo.dll, Hewlett-Packard>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSDiscussionServers Class]
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Oberon Flash Game Host]
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} <C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll, Oberon Media, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Google Updater Class]
{D6A5A215-FBF3-45E5-ABF8-22FF50916184} <C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll, Google>
[Driver Agent ActiveX Control]
{E8F628B5-259A-4734-97EE-BA914D7BE941} <C:\WINDOWS\Downloaded Program Files\driveragent.ocx, Touchstone Software Corp>
[JScript Language]
{F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <C:\WINDOWS\System32\jscript.dll, Microsoft Corporation>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 528 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\relog_ap.dll] [Acronis, 1,0,0,8]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SYSTEM][C:\Program Files\Windows Defender\MsMpEng.exe] [Microsoft Corporation, 1.1.1593.0]
[C:\Program Files\Windows Defender\MpSvc.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\Program Files\Windows Defender\MpClient.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{21A6C461-22D6-41A3-A569-F7DA68CA58D2}\mpengine.dll] [Microsoft Corporation, 1.1.3109.0]
[C:\Program Files\Windows Defender\mprtplug.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\Program Files\Windows Defender\MpAsDesc.dll] [Microsoft Corporation, 1.1.1593.0]
[PID: 1208 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1228 / SYSTEM][C:\Program Files\Ahead\InCD\InCDsrv.exe] [Ahead Software AG, 4, 2, 2, 3]
[C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17]
[C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software AG, 4, 2, 2, 3]
[PID: 1384 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1548 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1588 / georges][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\PROGRA~1\WIFD1F~1\MpShHook.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 1.1.1.1]
[C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software AG, 4, 2, 2, 3]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.fra] [Adobe Systems Inc., 6.0.0.2003110300\0]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\AcShlExt.dll] [UP-Vision Computergraphik GmbH, 1, 0, 0, 1]
[PID: 1684 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1740 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1872 / georges][C:\Program Files\Ahead\InCD\InCD.exe] [Ahead Software AG, 4, 2, 2, 3]
[C:\Program Files\Ahead\InCD\InCDapi.dll] [Ahead Software AG, 4, 2, 2, 3]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17]
[C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software AG, 4, 2, 2, 3]
[PID: 1904 / georges][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 1924 / georges][C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe] [ScanSoft, Inc., 12.0]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 1940 / georges][C:\PROGRA~1\Wanadoo\TaskBarIcon.exe] [France Télécom R&D, 5.9 (1)]
[C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
[C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
[C:\PROGRA~1\Wanadoo\StyleIHM.dll] [France Télécom R&D, 11.0 (0)]
[c:\progra~1\wanadoo\skin\default\main\ResourceStyle.dll] [, 5.9]
[C:\PROGRA~1\Wanadoo\WooIHMF.dll] [France Télécom R&D, 5.9 (509)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 1984 / georges][C:\Program Files\Windows Defender\MSASCui.exe] [Microsoft Corporation, 1.1.1593.0]
[C:\Program Files\Windows Defender\MpClient.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\Program Files\Windows Defender\MsMpRes.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\Program Files\Windows Defender\MpRtMon.DLL] [Microsoft Corporation, 1.1.1593.0]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 372 / georges][C:\WINDOWS\tsnpstd3.exe] [, 1, 1, 3, 6]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 400 / georges][C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe] [Acronis, 9,0,0,2375]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 424 / georges][C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe] [Acronis, 1,0,0,216]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 432 / georges][C:\WINDOWS\CameraFixer.exe] [, 1, 0, 0, 7]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 664 / georges][C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 20, 100, 1123]
[PID: 552 / georges][C:\WINDOWS\vsnpstd3.exe] [, 1, 0, 5, 0]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 684 / georges][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 892 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 6.0.000]
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.FRA] [, ]
[C:\WINDOWS\system32\hpzlnt07.dll] [HP, 2,140,0,0]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
[PID: 1156 / georges][C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe] [Druide informatique inc., Antidote Prisme v6]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 1260 / georges][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 1276 / georges][C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe] [Copernic Technologies Inc., 2.0.2.2526]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Copernic Desktop Search 2\IndexingComponents.dll] [Copernic Technologies Inc., DESKTOPSEARCH 2.0 ENG]
[C:\PROGRA~1\COPERN~1\APPLIC~1.DLL] [Copernic Technologies Inc., 2.0.2.2526]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 1420 / georges][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe] [Hewlett-Packard Co., 4.2.0.020]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 4.2.0.127]
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll] [Hewlett-Packard Co., 4.2.0.020]
[PID: 1580 / georges][C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe] [France Télécom R&D, 5.9 (3)]
[C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
[C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
[C:\PROGRA~1\Wanadoo\StyleIHM.dll] [France Télécom R&D, 11.0 (0)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\PROGRA~1\Wanadoo\WooIHMF.dll] [France Télécom R&D, 5.9 (509)]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[c:\progra~1\wanadoo\skin\default\main\ResourceStyle.dll] [, 5.9]
[C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
[C:\PROGRA~1\Wanadoo\DetectComponent.dll] [, 5.8 (10)]
[C:\PROGRA~1\Wanadoo\SynchroDll.dll] [, 11.0 (21)]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[PID: 1620 / georges][C:\PROGRA~1\Wanadoo\ComComp.exe] [France Télécom R&D, 11b.0 (8)]
[C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
[C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
[C:\PROGRA~1\Wanadoo\WLANManager.dll] [France Télécom R&D, 11b.0 (18)]
[C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\PROGRA~1\Wanadoo\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
[C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.55]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\PROGRA~1\Wanadoo\GestAppFT.dll] [France Télécom R&D, 10.0 (227)]
[C:\PROGRA~1\Wanadoo\ModifFT.dll] [France Télécom R&D, 10.0 (40)]
[C:\PROGRA~1\Wanadoo\PMStub.dll] [, 11.0 (3)]
[C:\PROGRA~1\Wanadoo\PhoneManager.dll] [, 10, 0, 0, 0]
[C:\PROGRA~1\Wanadoo\DetectComponent.dll] [, 5.8 (10)]
[C:\PROGRA~1\Wanadoo\NDIS_Gen.dll] [France Télécom R&D, 11b.0 (19)]
[PID: 1660 / georges][C:\PROGRA~1\Wanadoo\Toaster.exe] [France Telecom R&D, 1, 0, 0, 1]
[C:\PROGRA~1\Wanadoo\StyleIHM.dll] [France Télécom R&D, 11.0 (0)]
[C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
[C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
[c:\progra~1\wanadoo\skin\default\main\ResourceStyle.dll] [, 5.9]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 1672 / georges][C:\PROGRA~1\Wanadoo\Inactivity.exe] [, 1, 0, 0, 1]
[C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
[C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 1596 / georges][C:\PROGRA~1\Wanadoo\PollingModule.exe] [, 1, 0, 0, 1]
[C:\PROGRA~1\Wanadoo\OutilsFT.dll] [France Télécom R&D, 5.4 (36)]
[C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
[C:\PROGRA~1\Wanadoo\SynchroDll.dll] [, 11.0 (21)]
[C:\PROGRA~1\Wanadoo\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\WINDOWS\System32\ALERTM~1\ALERTC~1.DLL] [, 1, 0, 0, 1]
[PID: 2064 / georges][C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE] [, 1, 0, 0, 1]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[PID: 2096 / SYSTEM][C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe] [Acronis, 1,0,0,216]
[PID: 2184 / SYSTEM][C:\WINDOWS\System32\FTRTSVC.exe] [France Telecom, 11.0 (4)]
[C:\WINDOWS\System32\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
[PID: 2240 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
[PID: 2280 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
[PID: 2440 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpgwiamd.dll] [Hewlett-Packard, 3.2.1.309]
[C:\WINDOWS\system32\hpotscl.dll] [, 1, 0, 0,309]
[PID: 3120 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 3264 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 3608 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3932 / georges][C:\PROGRA~1\Wanadoo\Watch.exe] [France Télécom R&D, 11.0 (2)]
[C:\PROGRA~1\Wanadoo\ModifFT.dll] [France Télécom R&D, 10.0 (40)]
[C:\PROGRA~1\Wanadoo\IfHelper.dll] [France Télécom R&D, 11b.0 (3)]
[C:\PROGRA~1\Wanadoo\MFC42.DLL] [Microsoft Corporation, 6.00.8168.0]
[PID: 1788 / georges][C:\Program Files\Agnitum\Spam Terrier\asp_srv.exe] [Agnitum LTD, 0, 90, 1422, 7524]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Agnitum\Spam Terrier\op_gui.dll] [Agnitum LTD, 0, 90, 1422, 7524]
[PID: 3308 / georges][C:\Program Files\Trend Micro\HijackThis\HijackThis.exe] [Trend Micro Inc., 2.00.0002]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
[C:\WINDOWS\system32\VB6FR.DLL] [Microsoft Corporation, 6.00.8988]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 316 / georges][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 1864 / georges][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL] [Microsoft Corporation, 3.00.8449]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.FRA] [N/A, ]
[C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll] [Exalead, 1, 0, 0, 402]
[C:\Program Files\Exalead\Exalead Toolbar\exa_Core.dll] [N/A, ]
[C:\Program Files\Exalead\Exalead Toolbar\exa_Application.dll] [N/A, ]
[C:\Program Files\Exalead\Exalead Toolbar\exa_Gui.dll] [N/A, ]
[C:\Program Files\Exalead\Exalead Toolbar\exa_Network.dll] [N/A, ]
[C:\Program Files\Exalead\Exalead Toolbar\ATL80.DLL] [Microsoft Corporation, 8.00.50727.42]
[C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL] [Visicom Media Inc. , 5.0.1.226]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\PDM.DLL] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 1.1.1.1]
[C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\WIFD1F~1\MpOAv.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\PROGRA~1\WIFD1F~1\MpShHook.dll] [Microsoft Corporation, 1.1.1593.0]
[PID: 2636 / georges][C:\Program Files\Outlook Express\msimn.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Agnitum\Spam Terrier\oe_mydb.dll] [Agnitum LTD, 0, 90, 1422, 7524]
[C:\Program Files\Agnitum\Spam Terrier\oe_mail.dll] [Agnitum LTD, 0, 90, 1422, 7524]
[C:\Program Files\Agnitum\Spam Terrier\op_gui.dll] [Agnitum LTD, 0, 90, 1422, 7524]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\WIFD1F~1\MpShHook.dll] [Microsoft Corporation, 1.1.1593.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2660 / georges][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 3164 / georges][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[PID: 1404 / georges][C:\Documents and Settings\georges\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\ScanSoft\OmniPagePro12.0\ophook12.dll] [ScanSoft, Inc., 12.0]
[C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem2526.dll] [, ]
[C:\PROGRA~1\Wanadoo\Inactivity.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\georges\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1872, C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\SCANSOFT\OMNIPAGEPRO12.0\OPWARE12.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1940, C:\PROGRA~1\WANADOO\TASKBARICON.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 372, C:\WINDOWS\TSNPSTD3.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 400, C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 400, C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 424, C:\PROGRAM FILES\FICHIERS COMMUNS\ACRONIS\SCHEDULE2\SCHEDHLP.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 432, C:\WINDOWS\CAMERAFIXER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 432, C:\WINDOWS\CAMERAFIXER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 664, C:\PROGRAM FILES\FICHIERS COMMUNS\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1420, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1580, C:\PROGRA~1\WANADOO\GESTIONNAIREINTERNET.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1620, C:\PROGRA~1\WANADOO\COMCOMP.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1660, C:\PROGRA~1\WANADOO\TOASTER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1672, C:\PROGRA~1\WANADOO\INACTIVITY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1596, C:\PROGRA~1\WANADOO\POLLINGMODULE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2064, C:\WINDOWS\SYSTEM32\ALERTM~1\ALERTM~1.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3932, C:\PROGRA~1\WANADOO\WATCH.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1788, C:\PROGRAM FILES\AGNITUM\SPAM TERRIER\ASP_SRV.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3308, C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3164, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
9 janv. 2008 à 11:19
Re,

OK.

1/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

2/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

3/ * Peux-tu tester ceci : C:\WINDOWS\tsnpstd3.exe
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

4/ Edite aussi un nouveau rapport Hijackthis.

FillPCA
0
Réponse 6 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
9 janv. 2008 à 12:19
ComboFix 08-01-09.2 - georges 2008-01-09 11:44:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.134 [GMT 1:00]Running from: C:\Documents and Settings\georges\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\georges\Application Data\install.dat
C:\WINDOWS\system32\config\47780984.Evt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ASC3550P
-------\asc3550p


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))))))
.

2008-01-09 11:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 10:29 . 2008-01-09 10:29 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-09 10:24 . 2008-01-09 10:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-08 12:21 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-08 12:21 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-08 12:21 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-08 12:21 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-01-08 12:21 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-07 11:37 . 2007-03-12 10:01 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-07 11:37 . 2007-03-12 09:41 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-06 13:17 . 1997-06-11 18:01 30,208 --a------ C:\WINDOWS\system32\WNASPI2K.BAK
2008-01-06 13:17 . 2002-05-06 11:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-01-06 13:17 . 2001-04-19 17:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-01-06 13:17 . 1999-10-22 16:58 4,030 --a------ C:\WINDOWS\system\WINASPI.BAK
2008-01-06 01:48 . 2008-01-06 01:48 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-06 01:19 . 2008-01-06 01:20 <REP> d-------- C:\Program Files\Everest 3 Ultime Edition
2008-01-06 00:43 . 2008-01-06 00:43 <REP> d-------- C:\Program Files\avast
2008-01-06 00:37 . 2008-01-09 12:10 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-01-05 20:38 . 2006-05-26 15:40 61,440 --a------ C:\WINDOWS\system32\vsnpx32.dll
2008-01-03 11:16 . 2001-04-24 15:22 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-01-03 11:16 . 2001-06-11 19:03 98,304 --a------ C:\WINDOWS\system32\HLBButton6.ocx
2008-01-03 11:16 . 2007-09-05 21:56 40,960 --a------ C:\WINDOWS\system32\LedCommon.dll
2007-12-29 16:11 . 2007-12-29 16:12 <REP> d-------- C:\Program Files\Paint.NET
2007-12-28 17:41 . 2007-12-28 17:41 <REP> d-------- C:\Documents and Settings\georges\Application Data\CA
2007-12-28 14:00 . 2008-01-09 09:11 320 --a------ C:\WINDOWS\system32\winupdate.dat
2007-12-27 10:57 . 2007-12-27 10:57 <REP> dr-h----- C:\Documents and Settings\georges\Application Data\SecuROM
2007-12-27 10:57 . 2007-12-27 10:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-17 18:23 . 2007-12-17 18:25 <REP> d-------- C:\Documents and Settings\georges\Application Data\BonkEnc
2007-12-17 18:22 . 2007-12-17 18:23 <REP> d-------- C:\Program Files\BonkEnc
2007-12-12 15:08 . 2007-12-12 15:08 <REP> d-------- C:\Documents and Settings\georges\Application Data\Talkback
2007-12-12 15:07 . 2008-01-04 07:55 <REP> d-------- C:\Program Files\Mozilla Sunbird
2007-12-11 10:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\X-Fonter
2007-12-11 09:55 . 2007-12-11 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avery
2007-12-09 20:42 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2007-12-09 20:42 . 1998-06-01 14:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2007-12-09 20:42 . 1998-06-01 14:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-12-09 20:42 . 1999-09-09 22:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2007-12-09 20:42 . 1999-06-07 18:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-12-09 20:42 . 1999-09-09 22:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2007-12-09 20:42 . 1999-09-30 19:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2007-12-09 20:42 . 1999-04-26 20:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2007-12-09 20:42 . 1998-05-05 11:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 11:11 --------- d-----w C:\Program Files\Wanadoo
2008-01-09 10:39 --------- d-----w C:\Documents and Settings\georges\Application Data\vmntoolbar
2008-01-09 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-08 11:34 --------- d-----w C:\Program Files\Ahead
2008-01-08 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 19:38 --------- d-----w C:\Program Files\Fichiers communs\snpstd3
2007-12-31 15:25 --------- d-----w C:\Documents and Settings\georges\Application Data\Ahead
2007-12-29 15:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 15:56 --------- d-----w C:\Program Files\Mindscape
2007-12-09 19:38 --------- d-----w C:\Program Files\Micro Application
2007-12-09 18:12 830 ---ha-w C:\Documents and Settings\georges\hpothb07.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 18:34 --------- d-----w C:\Documents and Settings\georges\Application Data\gtk-2.0
2007-11-30 15:41 659 ---ha-w C:\hpothb07.dat
2007-11-30 10:39 --------- d-----w C:\Program Files\Google
2007-11-22 11:54 --------- d-----w C:\Documents and Settings\georges\Application Data\TomTom
2007-11-22 11:53 --------- d-----w C:\Program Files\TomTom HOME 2
2007-11-22 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2007-11-22 11:52 --------- d-----w C:\Program Files\TomTom HOME
2007-11-15 09:29 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2007-11-11 22:43 --------- d-----w C:\Program Files\Anuman Interactive
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
1995-09-20 15:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
[color=red]Files Infected - Win32.Agent.zb[/color]
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04F9D268-DC1F-4BF9-AD5D-7DDCEB514294}]
2006-12-21 09:45 200704 --a------ C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{968631B6-4729-440D-9BF4-251F5593EC9A}
{8F6D9079-D956-4D31-B7CC-CE6FA3044EE5}
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}

[HKEY_CLASSES_ROOT\clsid\{8f6d9079-d956-4d31-b7cc-ce6fa3044ee5}]
[HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband.1]
[HKEY_CLASSES_ROOT\TypeLib\{6C8E73C2-21F8-4A83-BEFC-5130AB2D971C}]
[HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8F6D9079-D956-4D31-B7CC-CE6FA3044EE5}"= C:\Program Files\Exalead\Exalead Toolbar\ExaleadToolbar.dll [2006-12-21 09:45 200704]

[HKEY_CLASSES_ROOT\clsid\{8f6d9079-d956-4d31-b7cc-ce6fa3044ee5}]
[HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband.1]
[HKEY_CLASSES_ROOT\TypeLib\{6C8E73C2-21F8-4A83-BEFC-5130AB2D971C}]
[HKEY_CLASSES_ROOT\ExaleadToolbar.ExaIEToolband]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 16:12 386752]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2006-12-08 16:58 1546544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-24 17:41 1294446]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49 49152]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"OSSelectorReinstall"="C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe" [2006-04-19 19:36 1281425]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-09-26 09:13 270336]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-03-02 20:00 1009003]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-12-05 14:18 20480]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-03-02 20:00 118784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 11:55]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []
S3 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-06-18 09:44:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173694717.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2008-01-09 10:44:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173695991.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2008-01-09 11:13:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 12:11:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 12:14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 11:13:59
.
2008-01-09 09:29:54 --- E O F ---
0
Réponse 7 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
9 janv. 2008 à 12:33
Re,

1/ Les barres d'outils sont souvent controversées. Je te conseille de supprimer via ajout/suppression des programmes les barres d'outils VMN et Exalead.

2/ * Sélectionne le texte suivant :

Driver::
sysrest.sys

Registry::
[HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysrest32.exe"=-
[-HKEY_CLASSES_ROOT \CLSID\{E8F628B5-259A-4734-97EE-BA914D7BE941}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E8F628B5-259A-4734-97EE-BA914D7BE941}]

File::
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\sysrest.sys

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite aussi un nouveau rapport Hijackthis.

FillPCA
0
Réponse 8 / 28
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
9 janv. 2008 à 12:39
Bonjour,

pour suivre (SReng, merci FillPCA)
0
Réponse 9 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
9 janv. 2008 à 12:46
Bonjour Lyonnais92
0
Réponse 10 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
9 janv. 2008 à 13:06
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Bad Parent Associations
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 7c9eee928a16baef23d73f23a0cd0850
0
Réponse 11 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
9 janv. 2008 à 13:39
Re,

OK. As-tu vu ma réponse de 12 h 33 ?

FillPCA
0
Réponse 12 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
10 janv. 2008 à 08:25
bonjour
comme etant partie hier apres midi je n'ai pu faire toutes les manips ce qui y a etait fait hier soir tard
merci tout est rentrée dans l'ordre
question ce trojan que faisait il ou quelle fonction il avait?
encore une fois votre utilité est reconnue
0
Réponse 13 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
10 janv. 2008 à 13:26
Bonjour,

J'aurais souhaité avoir les rapports demandés. Ce n'est peut-être pas encore terminé.

FillPCA
0
Réponse 14 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
10 janv. 2008 à 13:34
ComboFix 08-01-09.2 - georges 2008-01-09 23:09:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.153 [GMT 1:00]
Running from: C:\Documents and Settings\georges\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\georges\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))))))
.

2008-01-09 11:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 10:29 . 2008-01-09 10:29 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-09 10:24 . 2008-01-09 10:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-08 12:21 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-08 12:21 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-08 12:21 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-08 12:21 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-01-08 12:21 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-07 11:37 . 2007-03-12 10:01 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-07 11:37 . 2007-03-12 09:41 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-07 11:37 . 2007-03-12 09:41 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-06 13:17 . 1997-06-11 18:01 30,208 --a------ C:\WINDOWS\system32\WNASPI2K.BAK
2008-01-06 13:17 . 2002-05-06 11:01 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-01-06 13:17 . 2001-04-19 17:34 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-01-06 13:17 . 1999-10-22 16:58 4,030 --a------ C:\WINDOWS\system\WINASPI.BAK
2008-01-06 01:48 . 2008-01-06 01:48 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-06 01:19 . 2008-01-06 01:20 <REP> d-------- C:\Program Files\Everest 3 Ultime Edition
2008-01-06 00:43 . 2008-01-06 00:43 <REP> d-------- C:\Program Files\avast
2008-01-06 00:37 . 2008-01-09 23:16 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-01-05 20:38 . 2006-05-26 15:40 61,440 --a------ C:\WINDOWS\system32\vsnpx32.dll
2008-01-03 11:16 . 2001-04-24 15:22 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-01-03 11:16 . 2001-06-11 19:03 98,304 --a------ C:\WINDOWS\system32\HLBButton6.ocx
2008-01-03 11:16 . 2007-09-05 21:56 40,960 --a------ C:\WINDOWS\system32\LedCommon.dll
2007-12-29 16:11 . 2007-12-29 16:12 <REP> d-------- C:\Program Files\Paint.NET
2007-12-28 17:41 . 2007-12-28 17:41 <REP> d-------- C:\Documents and Settings\georges\Application Data\CA
2007-12-28 14:00 . 2008-01-09 09:11 320 --a------ C:\WINDOWS\system32\winupdate.dat
2007-12-27 10:57 . 2007-12-27 10:57 <REP> dr-h----- C:\Documents and Settings\georges\Application Data\SecuROM
2007-12-27 10:57 . 2007-12-27 10:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-17 18:23 . 2007-12-17 18:25 <REP> d-------- C:\Documents and Settings\georges\Application Data\BonkEnc
2007-12-17 18:22 . 2007-12-17 18:23 <REP> d-------- C:\Program Files\BonkEnc
2007-12-12 15:08 . 2007-12-12 15:08 <REP> d-------- C:\Documents and Settings\georges\Application Data\Talkback
2007-12-12 15:07 . 2008-01-04 07:55 <REP> d-------- C:\Program Files\Mozilla Sunbird
2007-12-11 10:24 . 2007-12-13 12:24 <REP> d-------- C:\Program Files\X-Fonter
2007-12-11 09:55 . 2007-12-11 09:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avery
2007-12-09 20:42 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2007-12-09 20:42 . 1998-06-01 14:37 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2007-12-09 20:42 . 1998-06-01 14:37 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-12-09 20:42 . 1999-09-09 22:06 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2007-12-09 20:42 . 1999-06-07 18:59 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-12-09 20:42 . 1999-09-09 22:06 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2007-12-09 20:42 . 1999-09-30 19:21 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2007-12-09 20:42 . 1999-04-26 20:08 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2007-12-09 20:42 . 1998-05-05 11:36 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 22:17 --------- d-----w C:\Program Files\Wanadoo
2008-01-09 22:00 --------- d-----w C:\Program Files\vmntoolbar
2008-01-09 21:49 --------- d-----w C:\Documents and Settings\georges\Application Data\vmntoolbar
2008-01-09 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-08 11:34 --------- d-----w C:\Program Files\Ahead
2008-01-08 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 19:38 --------- d-----w C:\Program Files\Fichiers communs\snpstd3
2007-12-31 15:25 --------- d-----w C:\Documents and Settings\georges\Application Data\Ahead
2007-12-29 15:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 15:56 --------- d-----w C:\Program Files\Mindscape
2007-12-09 19:38 --------- d-----w C:\Program Files\Micro Application
2007-12-09 18:12 830 ---ha-w C:\Documents and Settings\georges\hpothb07.dat
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-02 18:34 --------- d-----w C:\Documents and Settings\georges\Application Data\gtk-2.0
2007-11-30 15:41 659 ---ha-w C:\hpothb07.dat
2007-11-30 10:39 --------- d-----w C:\Program Files\Google
2007-11-22 11:54 --------- d-----w C:\Documents and Settings\georges\Application Data\TomTom
2007-11-22 11:53 --------- d-----w C:\Program Files\TomTom HOME 2
2007-11-22 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2007-11-22 11:52 --------- d-----w C:\Program Files\TomTom HOME
2007-11-15 09:29 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2007-11-11 22:43 --------- d-----w C:\Program Files\Anuman Interactive
1995-09-20 15:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_12.13.05.72 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 10:42:51 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-09 22:09:12 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-09 10:42:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-09 22:09:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-09 10:42:57 5,849,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-09 22:09:12 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-09 10:42:58 73,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-09 22:09:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-09 10:42:59 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-09 22:09:13 5,849,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-09 10:42:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-09 22:09:13 73,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-09 22:15:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 16:12 386752]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2006-12-08 16:58 1546544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-24 17:41 1294446]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49 49152]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"OSSelectorReinstall"="C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe" [2006-04-19 19:36 1281425]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-09-26 09:13 270336]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-03-02 20:00 1009003]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-12-05 14:18 20480]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-03-02 20:00 118784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03 81920]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 11:55]
S3 UPnPService;UPnPService;C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-06-18 09:44:51 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173694717.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-01-09 10:44:06 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173695991.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2008-01-09 22:19:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
rapport 1
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 23:16:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 23:20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 22:19:46
ComboFix2.txt 2008-01-09 11:14:08
.
2008-01-09 09:29:54 --- E O F ---
0
Réponse 15 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
10 janv. 2008 à 13:36
rapport 2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:09, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
0
Réponse 16 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
10 janv. 2008 à 13:39
rebonjour
avec toutes mes excuse pour FillPCA je croyait qu'il n'en voulait pas
une question depuis les manip nero ( officiel de chez officiel avec mise à jour) est passer en anglais est ce normal?
autre question deja posé dans mon messge precedent que faisait comme action ce trojan?
encore une fois merci
0
Réponse 17 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
10 janv. 2008 à 16:40
Re,

Je n'ai que 2 min mais je regarde tout cela ce soir.

FillPCA
0
Réponse 18 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
10 janv. 2008 à 21:57
Re,

Tu as quelques indications sur cette vérole ici : http://www.prevx.com/filenames/1427900198371137922-0/SYSREST32.EXE.html#cooliris

1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

4/ Edite le rapport AVGantispyware et le rapport Kaspersky.

5/ Ton antivirus Avast se lance-t-il au démaarage ? Il n'apparait pas en 04.

FillPCA
0
Réponse 19 / 28
jojo9166 Messages postés 32 Date d'inscription mercredi 9 janvier 2008 Statut Membre Dernière intervention 12 avril 2012
11 janv. 2008 à 17:35
bonjour
une question puisque j'ai avast doit je obligatoirement instaler l'antivirus comme il me le demande car en ligne il ne genere aucun rapport
0
Réponse 20 / 28
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Contributeur sécurité Dernière intervention 18 février 2023 123
11 janv. 2008 à 17:37
Re,

Non, aucun antivirus ne doit être installé. A la fin du scan, tu as la possibilité d'enregistrer le rapport au format texte. C'est ce qu'il me faut.

FillPCA
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses
Problème de décodeur TV Bouygues Telecom
Massi119 -
Turone37 -

188 réponses