Virus fun.xls.exe

Résolu/Fermé
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010
- 12 sept. 2008 à 15:30
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010
- 20 sept. 2008 à 17:13
Bonjour,

Depuis quelque temps je suis infecté par le virus fun.xls.exe
Celui-ci est present dans les racines de tout mes lecteurs
Excel est toujours present dans les applications du gestionnaires des tâches de Windows
Je ne perçois pas encore le danger de ce virus mais c'est quand même embettant!!
J'ai déjà lu quelques post à ce sujet mais étant une brel dans ce genre de truc je ne suis pas arrivé à faire
grand chose!!!
Le seul système antivirus que je possède est spyware doctor,

Je compte donc sur votre aide...
Merci d'avance

56 réponses

afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
14 sept. 2008 à 10:44
Allo ?

Alors nico262 , on est en vacances pendant que celui à qui tu demandes de l'aide (ou qui a répondu à ton appel d'aide) est pendu à son PC en attente de ta réponse ?

Pas sérieux, tout ça !

Al.
3
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
13 sept. 2008 à 17:33
Bonsoir

OK


A)- Pour RAV, le rapport est là https://imageshack.com/
CIT. « RAV antivirus a trouvé et supprimé pas mal de virus (environ un vingtaine de fichiers) »
Ça me fait baver!
C'est tout de même triste que je doive conclure sans aucune indication.
Bref!
Et qui t'a demandé de faire cela ? ==> « J'ai aussi protegé mon pc avec Spyware blaster et également spybot (qui m'a detecté et supprimé pas mal d'infections). »
Tu ne parviens à faire qu'une seule chose: ==> me brouiller les pistes !
Et enfoncer le clou.
Merci. ;)


B)- Ensuite
1°- Télécharger _OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
2°- Double-cliquer sur OTMoveIt.exe pour le lancer.
3°- Dans le cadre de OTMoveIt2 : "Paste List of Files/Folders to be moved"
http://nsa01.casimages.com/img/2008/04/04/0804041233502840681.jpg
... faire un copier/coller de cette liste en gras, telle quelle:

C:\Documents and Settings\nicolas\Application Data\Sun\Java\Deployment\cache\6.0\39\17db47e7-3e95bb0c
C:\v.cmd
C:\cfdflx.com
C:\3o.exe
C:\h1dwg20.exe
C:\aub0wb8.cmd
C:\ino6.com
C:\f.exe
C:\1weicxa.com
C:\xyw9tmdj.com
C:\t.com H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\R­P465


4°- Clique sur le bouton rouge MoveIt! pour lancer la suppression.
-Le résultat apparaîtra dans le cadre "Results".
Note : Copier tout ce qui se trouve dans la zone “Results” (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic-droit puis en choisissant Copier), et coller ces résultats en réponse sur le forum (clic-droit > coller).
* Clique sur "Exit" pour fermer Fermer OTMoveIt2
5°- Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.
6°- Le rapport se trouve en C:\_OTMoveIt\MovedFiles; tu ouvres le dossier et tu trouveras le rapport à poster. (fichier de ce type ********_******.log (mm/jj/aaaa_hh/mm/ss = date et horaire de la suppression)


C)- Supprime RAV.



D)- Ensuite, télécharge ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure-toi que tous les programmes sont fermés avant de commencer.
• ==> Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours.
• ==> Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de ton Antispywares, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil).
• Double-clique combofix.exe afin de l'exécuter.
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
• Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
• Ou bien --> Réponds oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
• Laisse se dérouler le scan.
/!\ Pendant la durée de cette étape, <gras>ne te sers pas du pc et n'ouvre aucun programme. Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse)./i\</gras>
Lorsque l'analyse sera terminée, un rapport apparaîtra.
• Copie-colle ce rapport dans ta prochaine réponse.

• Le rapport se trouve dans : C:\Combofix.txt (si jamais).


Laisse encore désactivée la restauration système actuellement.
Merci
Al.


1
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
13 sept. 2008 à 19:22
Re,

OK
Merci
_OT Move!t n'a pas tout supprimé à cause d'un mauvais retour à la ligne dans le script.
Ce n'est rien, nous allons résoudre ça; comme ceci:

Ensuite, tu as toujours l'icône de ComboFix sur le bureau

1°)-Désactiver le TeaTimer
==> Si tu n'as pas Spybot S&D, passe outre de cette partie !
==> Si tu as Spybot S&D.
•- Tout d'abord > Désactive le Tea-Timer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne dois plus voir l'icône du Tea- Timer dans la barre de tâches!
•- Ne fais pas l'impasse sur cette étape, car ça peut faire échouer la procédure de désinfection !

2°)- ==> Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de ton Antispywares, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil).


3°- Sélectionne (mettre en surbrillance) tout le texte en caractères gras en une traite suivant :

File::
C:\FOUND.005
C:\v.cmd
C:\t.com
C:\3o.exe
F:\fun.xls.exe
F:\semo2x.exe
G:\fun.xls.exe
G:\semo2x.exe
H:\ino6.com
H:\fun.xls.exe
H:\semo2x.exe

Folder::
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\R­P465
C:\Documents and Settings\nicolas\Application Data\Sun\Java\Deployment\cache\6.0\39\17db47e7-3e95bb0c
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Program Files\Bonjour

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052a73d0-f4d2-11dc-95f7-0013ce1f8a82}l]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abffdef-e620-11dc-95e2-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{125cc45f-21b9-11dd-963c-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2621a26e-d71f-11dc-95d7-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28c5a676-1691-11dd-9629-00c09fdd146c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c62c16-be0d-11db-bc59-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c346424-ea8d-11dc-95e8-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c346426-ea8d-11dc-95e8-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a26d972-cf80-11dc-95d3-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6afecf2e-da26-11dc-95d9-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ddb50ba-9ca4-11db-85e5-00c09fdd146c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f9665d-d7b0-11db-b86a-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c57af10-b14a-11db-8605-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9deb0090-1b5f-11dd-9632-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9beae96-cd14-11dc-95ce-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9beae97-cd14-11dc-95ce-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94b1968-c8c2-11dc-95cd-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94b1969-c8c2-11dc-95cd-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7b9072a-8de2-11dc-957e-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc389c00-3e31-11dd-9662-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed106ee8-86ac-11da-83b8-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a7b49e-5f66-11db-857a-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc2ad8f7-94f6-11db-85e3-0060b3f59b98}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff54f6d0-f9d9-11dc-95fc-0013ce1f8a82}]


4°- Copie le texte sélectionné (CTRL+C) ==> en appuyant simultanément sur les touches CTRL et C.
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Colle (bien dans le coin supérieur gauche) ce texte dans ce bloc-notes (CTRL+V) ==> en appuyant simultanément sur les touches CTRL et V .
Sauvegarde (enregistre-le sur le bureau) sous le nom CFScript1.txt
• Regarde ici (ce n’est qu’un exemple !) < http://img509.imageshack.us/img509/5984/screenshot332wc3.png >

5°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” sur le bureau - ) en faisant un “glisser/déposer” de ce fichier “ gras>CFScript1.txt</gras> ” sur le fichier “ComboFix.exe” comme sur la capture: < http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif >
L'icône ComboFix.exe change alors de "brillance" dans sa couleur.
Un module s'affiche ==> clic sur "Exécuter"

Patiente le temps du scan.
Le bureau va disparaître à plusieurs reprises: c'est normal!

(CAUTION: Do not mouse-click ComboFix's window while it is running. = Ne touche à rien tant que le scan n'est pas terminé. That may cause it to stall.)

6°- Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur le forum.
Si le fichier n'apparaît pas, il se trouve ici > C:\ComboFix.txt

7°- Arrêter puis redémarrer le PC impérativement

8°- Poste immédiatement un nouveau rapport ComboFix

9°- Termine avec ce "Scan en ligne de Kaspersky"


Merci
Al.
1
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

19 sept. 2008 à 18:01
Re,


Voici le rapport de System Repair Engineer 2.6.12.1018



[CODE]

2008-09-19,17:46:45

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools Lite><"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun> [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<EPM-DM><c:\acer\epm\epm-dm.exe> [Acer Inc]
<ePowerManagement><C:\Acer\ePM\ePM.exe boot> [File is missing]
<LManager><C:\Program Files\Launch Manager\QtZgAcer.EXE> [Dritek System Inc.]
<eRecoveryService><C:\Windows\System32\Check.exe> [acer Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<IntelliPoint><"C:\Program Files\Microsoft IntelliPoint\point32.exe"> [Microsoft Corporation]
<ATICCC><"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [File is missing]
<HPDJ Taskbar Utility><C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
<ISTray><"C:\Program Files\Spyware Doctor\pctsTray.exe"> [(Verified)PC Tools]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<WIAWizardMenu><RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Adobe Gamma]
<C:\Documents and Settings\nicolas\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Notebook Manager Service / anbmService][Running/Auto Start]
<C:\Acer\eManager\anbmServ.exe><OSA Technologies Inc.>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Service Bonjour / Bonjour Service][Stopped/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><(File is missing)>
[EvtEng / EvtEng][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Service de l’iPod / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[RegSrvc / RegSrvc][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]
<C:\Program Files\Spyware Doctor\pctsAuxs.exe><PC Tools>
[PC Tools Security Service / sdCoreService][Stopped/Manual Start]
<C:\Program Files\Spyware Doctor\pctsSvc.exe><PC Tools>
[TabletService / TabletService][Running/Auto Start]
<C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>

==================================
Drivers
[AEGIS Protocol (IEEE 802.1x) v3.1.6.0 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Atheros Wireless Network Adapter Service / AR5211][Stopped/Manual Start]
<system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Conexant AMC Audio / CAMCAUD][Running/Manual Start]
<system32\drivers\camcaud.sys><Conexant Systems Inc.>
[CAMCHALA / CAMCHALA][Running/Manual Start]
<system32\drivers\camchal.sys><Conexant Systems Inc.>
[Dritek HotKey Keyboard Filter Driver / DKbFltr][Running/Manual Start]
<System32\Drivers\DKbFltr.sys><Dritek System Inc.>
[dtscsi / dtscsi][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[Acer EPM Power Scheme Driver / EpmPsd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\epm-psd.sys><Acer Value Labs, USA>
[Acer EPM System Hardware Driver / EpmShd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\epm-shd.sys><Acer Value Labs, USA>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Hardlock / Hardlock][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[Haspnt / Haspnt][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[HSFHWICH / HSFHWICH][Running/Manual Start]
<system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
<system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[File Security Driver / IKFileSec][Stopped/Manual Start]
<\SystemRoot\system32\drivers\ikfilesec.sys><PCTools Research Pty Ltd.>
[System Filter Driver / IKSysFlt][Stopped/Manual Start]
<system32\drivers\iksysflt.sys><PCTools Research Pty Ltd.>
[System Security Driver / IKSysSec][Stopped/Manual Start]
<system32\drivers\iksyssec.sys><PCTools Research Pty Ltd.>
[int15.sys / int15.sys][Running/Manual Start]
<\??\C:\Program Files\acer\eRecovery\int15.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MicroGuard Copy Protection / MicroGuard][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mgnt.sys><N/A>
[Pilote de périphérique infrarouge NSC / NSCIRDA][Stopped/Manual Start]
<system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
<system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[osaio / osaio][Running/Auto Start]
<\SystemRoot\system32\drivers\osaio.sys><Avocent/OSA Technologies Inc.>
[osanbm / osanbm][Running/Auto Start]
<\SystemRoot\system32\drivers\osanbm.sys><Windows (R) 2000 DDK provider>
[PCANDIS5 Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><N/A>
[Pen Class / PenClass][Running/Boot Start]
<\SystemRoot\System32\Drivers\PenClass.sys><Wacom Technology Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[WLAN Transport / s24trans][Running/Auto Start]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SAGEM 802.11g XG762 1211B Driver / SG762_XP][Stopped/Manual Start]
<system32\DRIVERS\WlanBZXP.sys><ZyDAS Technology Corporation>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tifm21 / tifm21][Stopped/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP / w29n51][Stopped/Manual Start]
<system32\DRIVERS\w29n51.sys><Intel® Corporation>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, (Signed) Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[PDFCreator Toolbar Helper]
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} <C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll, >
[Java Plug-in 1.6.0_07]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[PDFCreator Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} <C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll, >
[Java Plug-in 1.6.0_07]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[TECollaboration.Manager]
{07FEE7FA-EA56-4790-AE41-2E227CCF6EB7} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, (Signed) Skyline>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[SkyGps Class]
{1D1342E2-B737-43C4-B2B2-BB855FC353F1} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Plane]
{1E686889-C1F3-437F-A8CE-729C78AA3BEC} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, (Signed) Skyline>
[TECollaboration.VirtualCursor]
{2040FA1B-53B6-41BD-BF73-6400C4F40E49} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, (Signed) Skyline>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[PDFCreator Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} <C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll, >
[]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <, >
[TerraExplorer Class]
{3a4f9191-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, (Signed) Skyline software systems Inc.>
[TE3DWindow Class]
{3a4f9192-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, (Signed) Skyline software systems Inc.>
[TEInformationWindow Class]
{3a4f9193-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, (Signed) Skyline software systems Inc.>
[TENavigationMap Class]
{3a4f9194-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, (Signed) Skyline software systems Inc.>
[]
{461CC20B-FB6E-4F16-8FE8-C29359DB100E} <, >
[]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <, >
[FalconViewObj Class]
{504AC303-A983-45B7-8663-CB5649B3AB1A} <C:\Program Files\Skyline\TerraExplorer\Tools\TEFVT\TEFVT.dll, >
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>
[]
{59317604-6E61-4009-9DF1-D010F5A19E39} <, >
[TECollaboration.FlyFile]
{641ECCA4-28F2-4AE0-90E6-3152E62AFCA2} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, (Signed) Skyline>
[Microsoft Shell UI Helper]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Comunication Class]
{662CB034-1B5F-46DE-83C8-8BDCA1424856} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLCU.dll, (Signed) >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[FVGps Class]
{765FB9BF-38D5-4678-9BD0-40DDE72906ED} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Annotation]
{7A412365-8492-42A0-9411-BEE11106AAD6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, (Signed) Skyline>
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[TECollaboration.Chat]
{8120661B-1913-4C41-8C47-A0A9279715C6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, (Signed) Skyline>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
{94DFE928-72F9-4CF0-9A22-C1638395DF30} <, >
[TECollaboration.Projection]
{984E67E2-6C7E-4D87-AC71-A640954D4495} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, (Signed) Skyline>
[FileManager Class]
{A3EEA80F-5A77-402B-8A2E-D1D9A08A497C} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLFM.dll, >
[TETest Class]
{A5606C7C-13E8-4403-B5C1-72CE1AEE1CA2} <C:\Documents and Settings\All Users\Application Data\Skyline\TEDetect.dll, (Signed) Skyline software systems Inc.>
[]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, (Signed) Google Inc.>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[CreateMPU Class]
{BF001C67-5DEE-40B5-85BE-A5B0E1AA0AD6} <C:\Program Files\Skyline\TerraExplorer\Tools\PyramidTool\SLMPU.dll, >
[PDFCreator Toolbar Helper]
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} <C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll, >
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
{D6ED932A-1BA8-497C-8AB7-9C9AD33B38DF} <, >
[Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000, N/A>
[Ouvrir dans un nouvel onglet d'arrière-plan]
<res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?50ea9411959343cca5de9436665f3a93, N/A>
[Ouvrir dans un nouvel onglet de premier plan]
<res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?50ea9411959343cca5de9436665f3a93, N/A>

==================================
Running Processes
[PID: 432 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 864 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WUPS2.DLL] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1080 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] [Intel Corporation, 9, 0, 1, 12]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[PID: 1168 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] [Intel Corporation , 9, 0, 1, 41]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[PID: 1240 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1356 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1552 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\cpwmon2k.dll] [N/A, ]
[C:\WINDOWS\system32\hpzlnt05.dll] [HP, 2,118,0,0]
[C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0]
[C:\WINDOWS\system32\pdfcmnnt.dll] [N/A, ]
[PID: 1832 / nicolas][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 1912 / nicolas][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0]
[C:\Program Files\Fichiers communs\Autodesk Shared\AcSignCore16.dll] [Autodesk, Inc., 17.1.51.0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[C:\PROGRA~1\WinZip\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtension.dll] [Autodesk, Inc., 1.1.0.341]
[C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll] [Autodesk, Inc., 1.1.0.341]
[PID: 240 / nicolas][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 244 / nicolas][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 356 / nicolas][C:\acer\epm\epm-dm.exe] [Acer Inc, 2.57]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 372 / nicolas][C:\Program Files\Launch Manager\QtZgAcer.EXE] [Dritek System Inc., 1, 0, 8, 628]
[C:\Program Files\Launch Manager\CDRomUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\Launch Manager\ComFnUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\Launch Manager\MixerUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\Launch Manager\OSDUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\Launch Manager\RgnMaker.dll] [Dritek System Inc., 12.07.1999 ( VC60 )]
[C:\Program Files\Launch Manager\SzUPFUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\Launch Manager\Wnd2File.dll] [Dritek System Inc., 3.00]
[C:\Program Files\Launch Manager\MMDUtl.dll] [Dritek System Inc., 1, 2, 2, 2728]
[C:\Program Files\Launch Manager\LgKCUtl.Dll] [Dritek System Inc., 2, 0, 1, 1]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[C:\Program Files\Launch Manager\DialCnt.Dll] [Dritek System Inc., 1.10]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 388 / nicolas][C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.70.6]
[PID: 408 / nicolas][C:\Program Files\Microsoft IntelliPoint\point32.exe] [Microsoft Corporation, 5.30.607.0]
[C:\Program Files\Microsoft IntelliPoint\point32.dll] [Microsoft Corporation, 5.30.606.0]
[C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll] [Microsoft Corporation, 5.30.606.0]
[C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll] [Microsoft Corporation, 5.30.606.0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\Program Files\Microsoft IntelliPoint\srres.dll] [Microsoft Corporation, 5.30.587.0]
[C:\Program Files\Microsoft IntelliPoint\ipres.dll] [Microsoft Corporation, 5.30.601.0]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 448 / nicolas][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe] [ATI Technologies Inc., 1.11.0.0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d36e0f58\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_3b8f18eb\system.windows.forms.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.implementation.dll] [ATI Technologies Inc., 1.2.2217.17118]
[c:\program files\ati technologies\ati.ace\log.foundation.dll] [ATI Technologies Inc., 1.2.2147.29141]
[c:\program files\ati technologies\ati.ace\cli.foundation.dll] [ATI Technologies Inc., 1.2.2147.29141]
[c:\program files\ati technologies\ati.ace\log.foundation.service.dll] [ATI Technologies Inc., 1.2.2217.17268]
[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll] [ATI Technologies Inc., 1.2.2147.29163]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_43051613\system.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll] [ATI Technologies Inc., 1.2.2217.17268]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d5853791\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\cli.component.runtime.dll] [ATI Technologies Inc., 1.2.2217.17269]
[c:\program files\ati technologies\ati.ace\aticccom.dll] [ATI Technologies Inc., 1.0.0.0]
[c:\program files\ati technologies\ati.ace\aem.foundation.dll] [ATI Technologies Inc., 1.2.2147.29141]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e2075419\system.drawing.dll] [N/A, ]
[c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_fr_b77a5c561934e089\system.windows.forms.resources.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29143]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17263]
[c:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll] [ATI Technologies Inc., 1.2.2147.29143]
[c:\program files\ati technologies\ati.ace\dem.foundation.dll] [ATI Technologies Inc., 1.2.2147.29141]
[c:\program files\ati technologies\ati.ace\dem.graphics.demosinfo.dll] [ATI Technologies Inc., 1.2.2147.29147]
[c:\program files\ati technologies\ati.ace\dem.graphics.demosadapterinfo.dll] [ATI Technologies Inc., 1.2.2159.16348]
[c:\program files\ati technologies\ati.ace\dem.graphics.dematiadapterinfo.dll] [ATI Technologies Inc., 1.2.2147.29155]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdriversettings.dll] [ATI Technologies Inc., 1.2.2147.29143]
[c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll] [ATI Technologies Inc., 1.2.2147.29142]
[c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\atidemgr.dll] [ATI Technologies Inc., 1.2.2217.17103]
[c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\dem.graphics.demosmodeinfo.dll] [ATI Technologies Inc., 1.2.2147.29149]
[c:\program files\ati technologies\ati.ace\dem.graphics.dematidisplaysmanagersettings.dll] [ATI Technologies Inc., 1.2.2147.29150]
[c:\program files\ati technologies\ati.ace\dem.graphics.demverylargedesktopsettings.dll] [ATI Technologies Inc., 1.2.2147.29146]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17153]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2182.27456]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17173]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll] [ATI Technologies Inc., 1.2.2182.27452]
[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17153]
[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29147]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17190]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17187]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17157]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29158]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdisplayscoloursettings.dll] [ATI Technologies Inc., 1.2.2147.29145]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17217]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29146]
[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17203]
[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29166]
[c:\program files\ati technologies\ati.ace\dem.graphics.mmdeintlacingsettings.dll] [ATI Technologies Inc., 1.2.2147.29167]
[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17268]
[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.shared.dll] [ATI Technologies Inc., 1.2.2147.29149]
[c:\program files\ati technologies\ati.ace\dem.graphics.videooverlay.shared.dll] [ATI Technologies Inc., 1.2.2147.29142]
[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17184]
[c:\program files\ati technologies\ati.ace\dem.graphics.demsmartgartsettings.dll] [ATI Technologies Inc., 1.2.2147.29146]
[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17177]
[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29145]
[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17175]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17236]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17162]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17227]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29168]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17157]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29148]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17232]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2169.27643]
[c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29144]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17165]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2169.27620]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17224]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17220]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17230]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29168]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17159]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29148]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17196]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29165]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17200]
[c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrivesettings.dll] [ATI Technologies Inc., 1.2.2147.29164]
[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17193]
[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29147]
[c:\program files\ati technologies\ati.ace\dem.graphics.dempowerplaysettings.dll] [ATI Technologies Inc., 1.2.2154.21069]
[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17211]
[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17206]
[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17209]
[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29155]
[c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2217.17168]
[c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29156]
[c:\program files\ati technologies\ati.ace\dem.graphics.demmultivpusettings.dll] [ATI Technologies Inc., 1.2.2182.27432]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29157]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29166]
[c:\program files\ati technologies\ati.ace\dem.graphics.mmoverlaysettings.dll] [ATI Technologies Inc., 1.2.2147.29167]
[c:\program files\ati technologies\ati.ace\dem.graphics.demvideotheatermodesettings.dll] [ATI Technologies Inc., 1.2.2147.29167]
[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29147]
[c:\program files\ati technologies\ati.ace\dem.graphics.demvideooverlaysettings.dll] [ATI Technologies Inc., 1.2.2147.29145]
[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29164]
[c:\program files\ati technologies\ati.ace\dem.graphics.demvpurecoverinfo.dll] [ATI Technologies Inc., 1.2.2147.29167]
[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll] [ATI Technologies Inc., 1.2.2168.19591]
[c:\program files\ati technologies\ati.ace\dem.graphics.workstationsettings.dll] [ATI Technologies Inc., 1.2.2147.29157]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29157]
[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29142]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecrtsettings.dll] [ATI Technologies Inc., 1.2.2147.29164]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommonsettings.dll] [ATI Technologies Inc., 1.2.2147.29167]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29149]
[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29143]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommon2settings.dll] [ATI Technologies Inc., 1.2.2147.29143]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicelcdsettings.dll] [ATI Technologies Inc., 1.2.2166.26895]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecomponentvideosettings.dll] [ATI Technologies Inc., 1.2.2147.29143]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29165]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetv2settings.dll] [ATI Technologies Inc., 1.2.2147.29165]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29167]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetvsettings.dll] [ATI Technologies Inc., 1.2.2147.29157]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfpsettings.dll] [ATI Technologies Inc., 1.2.2147.29164]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfp2settings.dll] [ATI Technologies Inc., 1.2.2147.29147]
[c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrive3settings.dll] [ATI Technologies Inc., 1.2.2147.29168]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29149]
[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll] [ATI Technologies Inc., 1.2.2147.29157]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdisplaysmanageroptionssettings.dll] [ATI Technologies Inc., 1.2.2147.29148]
[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll] [ATI Technologies Inc., 1.2.2210.26509]
[c:\program files\ati technologies\ati.ace\dem.graphics.demumaframebuffersettings.dll] [ATI Technologies Inc., 1.2.2147.29147]
[c:\program files\ati technologies\ati.ace\apm.foundation.dll] [ATI Technologies Inc., 1.2.2147.29156]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 456 / nicolas][C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe] [HP, 2,118,0,0]
[C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3212.dll] [HP, 2.335.5.0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 480 / nicolas][C:\Program Files\QuickTime\QTTask.exe] [Apple Inc., 7.5.5 (990.7)]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 500 / nicolas][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 8.0.0.35]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 8.0.0.26]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 8.0.0.35]
[C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.5.5 (990.7)]
[C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 185.2.0.4]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 508 / nicolas][C:\Program Files\Spyware Doctor\pctsTray.exe] [PC Tools, 5.5.0.106]
[C:\Program Files\Spyware Doctor\rtl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\vcl100.bpl] [Borland Software Corporation, 10.0.2288.42451]
[C:\Program Files\Spyware Doctor\SysAccess.dll] [PC Tools, 5.5.0.5]
[C:\Program Files\Spyware Doctor\ikdll.dll] [PCTools Research Pty Ltd., 5.0.2.1040 built by: WinDDK]
[C:\Program Files\Spyware Doctor\CommOM.dll] [PC Tools, 5.5.0.31]
[C:\Program Files\Spyware Doctor\CommLib.dll] [PC Tools, 5.5.0.35]
[C:\Program Files\Spyware Doctor\PCToolsComponents.bpl] [PC Tools, 5.5.0.5]
[C:\Program Files\Spyware Doctor\sdinfo.sdp] [PC Tools, 5.5.0.53]
[C:\Program Files\Spyware Doctor\cdialogs.dll] [PC Tools, 5.5.0.77]
[C:\Program Files\Spyware Doctor\pwindow.dll] [PC Tools, 5.5.0.14]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 588 / nicolas][C:\Program Files\DAEMON Tools Lite\daemon.exe] [DT Soft Ltd, 4.30.1.0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\Program Files\DAEMON Tools Lite\DaemonPlugin.dll] [DT Soft Ltd, 4.12.0.0]
[C:\Program Files\DAEMON Tools Lite\daemon.dll] [DT Soft Ltd., 4.30.0.0]
[C:\Program Files\DAEMON Tools Lite\imgengine.dll] [DT Soft Ltd., 1.17.0.0]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0]
[C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll] [N/A, ]
[C:\Program Files\DAEMON Tools Lite\Lang\FRA.dll] [N/A, ]
[C:\Program Files\DAEMON Tools Lite\Plugins\ISOmaker.dll] [DT Soft Ltd, 1.0.0.0]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 888 / SYSTEM][C:\Acer\eManager\anbmServ.exe] [OSA Technologies Inc., 3.0.5.8]
[C:\Acer\eManager\cpuid_dll.dll] [ OSA Technologies, Inc., 1, 0, 6, 13]
[C:\Acer\eManager\SMBIOSAPI.dll] [OSA Technologies Inc. Taiwan Branch, 1, 0, 6, 7]
[C:\Acer\eManager\IpmiTrans.dll] [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 14]
[C:\Acer\eManager\SYSAPI.dll] [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 15]
[C:\Acer\eManager\NBAPI.dll] [OSA Technologies Inc. Taiwan Branch, 1, 0, 1, 2]
[PID: 1464 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple Inc., 2.10.31.0]
[PID: 1632 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
[PID: 1688 / nicolas][C:\Program Files\acer\eRecovery\Monitor.exe] [acer Inc., 1, 2, 9, 0]
[C:\Program Files\acer\eRecovery\Cdrw32.dll] [NewTech Infosystems, Inc., 3, 1, 0, 57]
[C:\Program Files\acer\eRecovery\CdrMmc32.dll] [NewTech Infosystems, Inc., 3, 1, 0, 132]
[C:\Program Files\acer\eRecovery\CdrwEx32.dll] [NewTech Infosystems, Inc., 3, 1, 0, 73]
[C:\Program Files\acer\eRecovery\ImagFile.dll] [NewTech Infosystems, Inc., 1, 0, 0, 4]
[C:\Program Files\acer\eRecovery\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\acer\eRecovery\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\acer\eRecovery\BlockDll.dll] [Achieva Systems, Inc., 1, 0, 0, 2]
[C:\Program Files\acer\eRecovery\Data32.dll] [NewTech Infosystems, Inc., 2, 0, 0, 48]
[C:\Program Files\acer\eRecovery\DataEx32.dll] [NewTech Infosystems, Inc., 2, 1, 0, 23]
[C:\Program Files\acer\eRecovery\cximage.dll] [Pizzolato Davide - www.xdp.it, 5, 9, 9, a]
[C:\Program Files\acer\eRecovery\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\acer\eRecovery\extResource.dll] [acer, 1, 1, 7, 0]
[C:\Program Files\acer\eRecovery\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\acer\eRecovery\NtiAspi.dll] [NewTech Infosystems, Inc., 2, 5, 0, 1]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 1976 / nicolas][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9]
[C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.7.1]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.0.1]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.0.1]
[C:\Documents and Settings\nicolas\Application Data\Mozilla\Firefox\Profiles\o7zk4r8f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll] [N/A, ]
[C:\Documents and Settings\nicolas\Application Data\Mozilla\Firefox\Profiles\o7zk4r8f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll] [N/A, ]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[C:\Documents and Settings\nicolas\Application Data\Mozilla\Firefox\Profiles\o7zk4r8f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll] [N/A, ]
[C:\Documents and Settings\nicolas\Application Data\Mozilla\Firefox\Profiles\o7zk4r8f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll] [N/A, ]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.0.3 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.70]
[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.0.1]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2104 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe] [HP, 9, 0, 0, 0]
[PID: 2140 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] [Intel Corporation, 9, 0, 1, 10]
[PID: 2256 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2340 / SYSTEM][C:\WINDOWS\system32\Tablet.exe] [Wacom Technology, Corp., 4.51 ]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[PID: 2460 / SERVICE LOCAL][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2944 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 8.0.0.35]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Inc., 8.0.0.26]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 8.0.0.35]
[PID: 2988 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3244 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3876 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 212 / nicolas][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe] [ATI Technologies Inc., 1.11.0.0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d36e0f58\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.3 08Oct04]
[C:\WINDOWS\system32\hookdll.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_3b8f18eb\system.windows.forms.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.implementation.dll] [ATI Technologies Inc., 1.2.2217.17118]
[c:\program files\ati technologies\ati.ace\log.foundation.dll] [ATI Technologies Inc., 1.2.2147.29141]
[c:\program files\ati technologies\ati.ace\cli.foundation.dll] [ATI Technologies Inc., 1.2.2147.29141]
[c:\program files\ati technologies\ati.ace\log.foundation.service.dll] [ATI Technologies Inc., 1.2.2217.17268]
[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll] [ATI Technologies Inc., 1.2.2147.29163]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_43051613\system.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll] [ATI Technologies Inc., 1.2.2217.17268]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d5853791\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corpor
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Le logiciel en question n'est pas un antivirus, mais un anti-spyware, pour l'antivir (gratuit), je te conseille AVG8 ou Avira Personal Antivirus.
0
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
12 sept. 2008 à 15:47
Salut Nico

Télécharge Lop S&D.exe (Eric 71 & Angeldark) https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 sur ton bureau.
2°- Double-clique sur Lop S&D pour lancer l'installation

3°- Redémarrer le PC en mode sans échec</gras> < http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 >
Quand tu as le curseur qui clignote, tu peux avoir un temps d'ouverture du mode sans échec qui va jusqu'à 15 minutes. Il faut donc être patient.
Il faut laisser aller le PC à son rythme, pour que s'installe le bureau; après quoi, tu réutilises ta souris.
Choisir sa session habituelle, (pas le compte "Administrateur" ou une autre).

4°- Double-clique sur le raccourci Lop S&D présent sur ton bureau, ensuite sélectionne la langue souhaitée,
5°- puis choisis l'Option 2 - Suppression +HOSTS - et patiente jusqu'à ce qu'il ait terminé.
6°- Redémarre normalement et poste, dans la même réponse, le contenu du rapport C:\lopR.txt


Merci
Al.
0
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

12 sept. 2008 à 16:59
Tout d'abord merci, voilà le rapport de l'analyse :


--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : nicolas ( Administrator )
BOOT : Fail-safe boot

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [2] ( 12/09/2008|16:29 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\nicolas\Cookies\nicolas@advertising[2].txt
Supprime! - C:\DOCUME~1\nicolas\Cookies\nicolas@adopt.euroclick[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[30/03/2005|23:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[27/08/2008|20:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[30/03/2005|23:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[12/09/2008|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[12/12/2007|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[08/02/2007|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/11/2007|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[08/07/2008|23:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28/01/2006|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[18/03/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[18/12/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[25/12/2006|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[08/02/2007|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[13/12/2007|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Icon Constructor 3
[16/01/2006|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[30/03/2005|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/07/2007|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[28/01/2006|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[12/07/2006|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[10/08/2007|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[16/01/2006|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[20/04/2007|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/08/2007|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[30/03/2005|23:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[30/03/2005|23:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[13/12/2007|14:08] C:\DOCUME~1\nicolas\APPLIC~1\Abvent
[12/12/2007|20:39] C:\DOCUME~1\nicolas\APPLIC~1\ACD Systems
[16/01/2006|16:51] C:\DOCUME~1\nicolas\APPLIC~1\Adobe
[16/01/2006|16:51] C:\DOCUME~1\nicolas\APPLIC~1\AdobeUM
[11/02/2006|16:51] C:\DOCUME~1\nicolas\APPLIC~1\Ahead
[28/01/2006|21:36] C:\DOCUME~1\nicolas\APPLIC~1\Apple Computer
[28/08/2007|13:33] C:\DOCUME~1\nicolas\APPLIC~1\ATI
[18/03/2008|11:29] C:\DOCUME~1\nicolas\APPLIC~1\Autodesk
[22/11/2007|12:20] C:\DOCUME~1\nicolas\APPLIC~1\AutoDWG
[18/12/2007|20:54] C:\DOCUME~1\nicolas\APPLIC~1\Azureus
[16/01/2006|17:23] C:\DOCUME~1\nicolas\APPLIC~1\CyberLink
[27/08/2008|16:15] C:\DOCUME~1\nicolas\APPLIC~1\DAEMON Tools
[16/01/2007|22:45] C:\DOCUME~1\nicolas\APPLIC~1\dvdcss
[13/07/2006|14:39] C:\DOCUME~1\nicolas\APPLIC~1\Google
[18/06/2006|01:36] C:\DOCUME~1\nicolas\APPLIC~1\Help
[30/03/2005|23:44] C:\DOCUME~1\nicolas\APPLIC~1\Identities
[16/01/2006|23:28] C:\DOCUME~1\nicolas\APPLIC~1\Intel
[29/04/2007|01:21] C:\DOCUME~1\nicolas\APPLIC~1\LimeWire
[12/07/2006|12:38] C:\DOCUME~1\nicolas\APPLIC~1\Macromedia
[12/07/2006|16:39] C:\DOCUME~1\nicolas\APPLIC~1\Media Player Classic
[30/03/2005|23:29] C:\DOCUME~1\nicolas\APPLIC~1\Microsoft
[07/02/2007|17:52] C:\DOCUME~1\nicolas\APPLIC~1\Mozilla
[12/07/2007|13:07] C:\DOCUME~1\nicolas\APPLIC~1\MSNInstaller
[08/02/2007|17:30] C:\DOCUME~1\nicolas\APPLIC~1\Nemetschek
[20/04/2007|14:07] C:\DOCUME~1\nicolas\APPLIC~1\PC Tools
[12/07/2006|16:38] C:\DOCUME~1\nicolas\APPLIC~1\Real
[28/08/2007|10:41] C:\DOCUME~1\nicolas\APPLIC~1\SecondLife
[15/02/2008|23:15] C:\DOCUME~1\nicolas\APPLIC~1\Skyline
[14/07/2007|00:03] C:\DOCUME~1\nicolas\APPLIC~1\Sun
[16/01/2006|23:53] C:\DOCUME~1\nicolas\APPLIC~1\Symantec
[16/01/2006|17:25] C:\DOCUME~1\nicolas\APPLIC~1\Template
[26/11/2006|20:12] C:\DOCUME~1\nicolas\APPLIC~1\U3
[12/07/2006|16:21] C:\DOCUME~1\nicolas\APPLIC~1\vlc

[30/03/2005|23:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[30/03/2005|23:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[12/09/2008 15:00][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[12/09/2008 15:39][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[15/08/2008 12:10][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/09/2008 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/01/2006|20:34] C:\Program Files\@Last Software
[12/12/2007|20:13] C:\Program Files\ACD Systems
[16/01/2006|16:41] C:\Program Files\acer
[30/03/2005|23:57] C:\Program Files\Acer Inc
[26/07/2008|18:53] C:\Program Files\Acro Software
[09/02/2007|14:22] C:\Program Files\Active Data Recovery Software
[30/03/2005|23:59] C:\Program Files\Adobe
[28/01/2006|20:59] C:\Program Files\Ahead
[24/01/2007|19:09] C:\Program Files\Alice
[26/12/2006|19:08] C:\Program Files\Apple Software Update
[13/12/2007|14:07] C:\Program Files\Artlantis
[15/11/2006|14:25] C:\Program Files\art-lantis 4.5
[16/01/2006|16:36] C:\Program Files\ATI Technologies
[05/03/2007|19:25] C:\Program Files\Audacity
[18/03/2008|11:29] C:\Program Files\AutoCAD 2008
[18/03/2008|11:23] C:\Program Files\Autodesk
[18/12/2007|20:54] C:\Program Files\Azureus
[13/12/2007|17:34] C:\Program Files\BitComet
[12/09/2008|14:13] C:\Program Files\Bonjour
[24/04/2008|13:10] C:\Program Files\Capturino 1.4
[23/11/2007|18:36] C:\Program Files\CCleaner
[30/03/2005|23:35] C:\Program Files\ComPlus Applications
[30/03/2005|23:52] C:\Program Files\CONEXANT
[24/12/2007|16:47] C:\Program Files\Copy of Simcity 4.DeLuxe.Pn.Pass
[31/03/2005|00:01] C:\Program Files\CyberLink
[27/08/2008|16:23] C:\Program Files\DAEMON Tools Lite
[09/10/2007|20:52] C:\Program Files\DesignWorkshop Lite
[21/11/2007|12:49] C:\Program Files\eMule
[30/03/2005|23:29] C:\Program Files\Fichiers communs
[11/06/2006|18:20] C:\Program Files\Fujifilm
[13/07/2006|14:39] C:\Program Files\Google
[26/07/2008|18:58] C:\Program Files\GPLGS
[21/07/2006|15:18] C:\Program Files\Guitar Pro 5
[08/02/2007|01:21] C:\Program Files\Hewlett-Packard
[08/02/2007|01:17] C:\Program Files\HP
[19/03/2008|21:54] C:\Program Files\hp deskjet 5550 series
[30/03/2005|23:44] C:\Program Files\InstallShield Installation Information
[30/03/2005|23:45] C:\Program Files\Intel
[30/03/2005|23:35] C:\Program Files\Internet Explorer
[28/01/2006|21:34] C:\Program Files\iPod
[12/09/2008|14:14] C:\Program Files\iTunes
[16/07/2006|19:12] C:\Program Files\Java
[16/01/2006|16:40] C:\Program Files\Launch Manager
[12/07/2006|16:38] C:\Program Files\Media Player Classic
[30/03/2005|23:34] C:\Program Files\Messenger
[30/03/2005|23:38] C:\Program Files\microsoft frontpage
[17/04/2008|19:46] C:\Program Files\Microsoft Games
[02/05/2007|15:58] C:\Program Files\Microsoft IntelliPoint
[16/01/2006|16:56] C:\Program Files\Microsoft Office
[16/01/2006|16:54] C:\Program Files\Microsoft Works
[05/03/2007|16:33] C:\Program Files\Monkey's Audio
[30/03/2005|23:36] C:\Program Files\Movie Maker
[07/02/2007|17:52] C:\Program Files\Mozilla Firefox
[30/03/2005|23:34] C:\Program Files\MSN
[30/03/2005|23:34] C:\Program Files\MSN Gaming Zone
[11/08/2007|14:08] C:\Program Files\MSN Messenger
[30/03/2005|23:36] C:\Program Files\NetMeeting
[31/03/2005|00:06] C:\Program Files\NewTech Infosystems
[03/02/2008|22:15] C:\Program Files\Norton Security Scan
[30/03/2005|23:34] C:\Program Files\Online Services
[30/03/2005|23:36] C:\Program Files\Outlook Express
[04/03/2008|20:26] C:\Program Files\PDFCreator
[04/03/2008|20:27] C:\Program Files\PDFCreator Toolbar
[05/08/2007|23:50] C:\Program Files\Philips
[20/04/2007|14:04] C:\Program Files\Picasa2
[08/02/2007|12:55] C:\Program Files\PowerQuest
[12/09/2008|14:12] C:\Program Files\QuickTime
[12/07/2006|16:38] C:\Program Files\Real Alternative
[04/10/2007|20:11] C:\Program Files\RegCleaner
[08/02/2007|19:16] C:\Program Files\R-Undelete
[30/03/2005|23:36] C:\Program Files\Services en ligne
[15/02/2008|13:46] C:\Program Files\Skyline
[23/11/2007|14:34] C:\Program Files\Spyware Doctor
[30/03/2005|23:54] C:\Program Files\Synaptics
[24/01/2007|19:37] C:\Program Files\TechCity Solutions
[06/02/2006|19:11] C:\Program Files\Thomson
[12/07/2006|12:40] C:\Program Files\ToniArts
[30/03/2005|23:44] C:\Program Files\Uninstall Information
[13/06/2006|18:27] C:\Program Files\VectorWorks 11
[08/02/2007|14:34] C:\Program Files\VectorWorks 12v
[12/07/2006|16:19] C:\Program Files\VideoLAN
[25/04/2008|15:08] C:\Program Files\Virtual Earth 3D
[11/08/2007|20:09] C:\Program Files\Vista Start Menu
[23/04/2006|21:12] C:\Program Files\Wacom
[05/03/2007|16:33] C:\Program Files\Winamp
[07/01/2007|17:15] C:\Program Files\Windows Journal Viewer
[11/08/2007|14:10] C:\Program Files\Windows Live Favorites
[11/01/2008|22:11] C:\Program Files\Windows Live Safety Center
[11/08/2007|14:09] C:\Program Files\Windows Live Toolbar
[30/03/2005|23:34] C:\Program Files\Windows Media Player
[30/03/2005|23:34] C:\Program Files\Windows NT
[30/03/2005|23:36] C:\Program Files\WindowsUpdate
[16/01/2006|16:38] C:\Program Files\WinPCap
[12/07/2006|16:22] C:\Program Files\WinRAR
[07/02/2006|22:44] C:\Program Files\WinZip
[30/03/2005|23:38] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/12/2007|20:13] C:\Program Files\Fichiers communs\ACD Systems
[16/01/2006|16:51] C:\Program Files\Fichiers communs\Adobe
[08/11/2007|16:35] C:\Program Files\Fichiers communs\Adobe Systems Shared
[28/01/2006|21:00] C:\Program Files\Fichiers communs\Ahead
[08/07/2008|23:15] C:\Program Files\Fichiers communs\Apple
[18/03/2008|11:23] C:\Program Files\Fichiers communs\Autodesk Shared
[14/02/2006|19:44] C:\Program Files\Fichiers communs\Designer
[08/02/2007|01:21] C:\Program Files\Fichiers communs\Hewlett-Packard
[08/02/2007|01:22] C:\Program Files\Fichiers communs\HP
[30/03/2005|23:44] C:\Program Files\Fichiers communs\InstallShield
[16/07/2006|19:10] C:\Program Files\Fichiers communs\Java
[30/03/2005|23:29] C:\Program Files\Fichiers communs\Microsoft Shared
[30/03/2005|23:36] C:\Program Files\Fichiers communs\MSSoap
[31/03/2005|00:06] C:\Program Files\Fichiers communs\muvee Technologies
[31/03/2005|00:06] C:\Program Files\Fichiers communs\NewTech Infosystems
[30/03/2005|23:29] C:\Program Files\Fichiers communs\ODBC
[30/03/2005|23:36] C:\Program Files\Fichiers communs\Services
[30/03/2005|23:29] C:\Program Files\Fichiers communs\SpeechEngines
[20/04/2007|15:01] C:\Program Files\Fichiers communs\Symantec Shared
[30/03/2005|23:35] C:\Program Files\Fichiers communs\System
[17/01/2006|20:29] C:\Program Files\Fichiers communs\Vbox

--------------------\\ Process

( 15 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 16:30:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:618][D:46]-> C:\DOCUME~1\nicolas\LOCALS~1\Temp
[F:79][D:0]-> C:\DOCUME~1\nicolas\Cookies
[F:4623][D:12]-> C:\DOCUME~1\nicolas\LOCALS~1\TEMPOR~1\content.IE5
[F:120][D:17]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 12/09/2008|16:31 - Option : [2]

--------------------\\ Fin du rapport a 16:31:19
0
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
12 sept. 2008 à 17:41
Re,

Merci


Télécharge et execute : http://www.techsupportforum.com/sectools/tel.xls.exe_Remover.exe

- Télécharge HiJackThis de Merijn sur ton bureau.
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
•- Renomme le fichier "HiJackThis.exe" en "Scanner.exe"; --> pour cela, fais un clic-droit sur le fichier "HiJackThis.exe" et choisis "renommer" dans la liste
- Tape "Scanner.exe" et Appuye sur la touche [Entrée.
•- Génère un rapport en suivant ces indications :
- Double-clic sur "Scanner.exe"
- Exécute le et clique sur "Do a scan and save log file".
- Le rapport s'ouvre sur le "Bloc-Notes"
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Manuel d'aide https://www.malekal.com/tutoriel-hijackthis/


Utilises-tu des clés USB ?

Dis-moi si tu as encore cette alerte "fun.xls.exe" .


Merci
Al

0
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

12 sept. 2008 à 19:57
Merci de me répondre

mais le lien
http://www.techsupportforum.com/sectools/tel.xls.exe_Remover­.exe
que tu m'a donné est mort, j'ai essayé par d'autres moyens mais sans réussir.

Sinon j'ai bien des clés USB et des disques externes également infecté par le virus...

Merci.
0
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
12 sept. 2008 à 20:50
Re,

Désolé.

 Désactive la restauration système.
Clic droit sur poste de travail > propriétés > onglet restauration système
Coche "désactiver la restauration système sur tous les lecteurs".
clic sur ok pour valider

1°-  Télécharge l'outil Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Enregistre Flash_Disinfector.exe sur ton bureau.
Ferme les applications (word, etc) : car explorer.exe va être arrêté puis relancé (on perd les icônes du bureau).
Double clique sur Flash_Disinfector.exe pour l'exécuter.
Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra :
Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés.
Puis clic sur Ok

Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!]
Appuie ensuite sur OK, pour faire réapparaître le bureau.
S'il y a plusieurs clés USB ou disques durs externes à désinfecter, renouvelle l'opération en branchant les clés non traitées une par une.


2°- Utiliser RAV ANTIVIRUS par Evosla à télécharger ici
Ou là < http://ww25.evosla.com/compteur.php?soft=rav_antivirus >
Brancher les disques amovibles (clef USB,stick mémoire,disque externe)
NOTE : NE PAS FAIRE DE DOUBLE-CLIC SUR CES CLÉS .
Lancer RAV en mode sans échec
Le décompresser (clic droit >> Extraire ici) et double-cliquer sur le fichier RAV.exe
Une fois RAV ANTIVIRUS lancé, le laisser agir (il scanne automatiquement tous les lecteurs).
À propos du nettoyage en temps réel, quand le soft détecte un « autorun » sur un disk, il le supprime (sauf si vous utilisez un lecteur virtual comme virtual daemon).
Si un virus est trouvé, un log s'établira; sinon rien se passera et le soft affichera (Votre Ordinateur est Sain).
Poster un rapport ensuite.


3°- Ensuite fais analyser par précaution ton pc par :
https://www.kaspersky.fr/downloads
Clic sur le bouton [Kaspersky Online Scanner] et laisse toi guider.
Comme cible d'analyse, choisis le « Poste de travail ».
- Choisis par la suite l'analyse du "Poste de travail" pour faire un « Scan complet ».
- Sauvegarde puis colle le rapport généré en fin d'analyse.
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif

AIDE : Configurer le contrôle des ActiveX < http://www.inoculer.com/activex.php3 >
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html , ou là : https://forum.pcastuces.com/sujet.asp?f=25&s=37641 (par Morgane & nico_dodo)

Si le rapport n'indique aucune infection :
 Réactive la restauration système.
Clic droit sur poste de travail > propriétés > onglet restauration système
Décoche "désactiver la restauration système sur tous les lecteurs".
Clic sur ok pour valider.



Fais déjà ça.
C'est gênant, mais apparemment pas dangereux.
Ce sont tes clés USB qui ont généré l'infection.
Essaie d'avancer dans les applications; on va en finir avec ce souci.
Merci
Al.
0
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

13 sept. 2008 à 15:34
salut,

RAV antivirus a trouvé et supprimé pas mal de virus (environ un vingtaine de fichiers)
Par contre je n'ai pas trouvé le rapport.
Lorsque je le relance maintenant (en mode normal) il me dit que l'ordinateur est sain.
Le virus n'apparait plus nul part!
Est-ce-que je risque encore de me faire contaminer par d'autres périf USB ?

Sinon voici le rapport du scan Kaspersky :

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 12, 2008 19:07:57
Records in database: 1219698
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 147300
Threat name: 11
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 01:40:28


File name / Threat name / Threats count
C:\Documents and Settings\nicolas\Application Data\Sun\Java\Deployment\cache\6.0\39\17db47e7-3e95bb0c Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\v.cmd Infected: Trojan-PSW.Win32.OnLineGames.uaw 1
C:\cfdflx.com Infected: Trojan-PSW.Win32.OnLineGames.uhv 1
C:\3o.exe Infected: Packed.Win32.PolyCrypt.h 1
C:\h1dwg20.exe Infected: Trojan-PSW.Win32.OnLineGames.wfz 1
C:\aub0wb8.cmd Infected: Trojan-PSW.Win32.OnLineGames.wev 1
C:\ino6.com Infected: Trojan-PSW.Win32.OnLineGames.wgy 1
C:\f.exe Infected: Trojan-PSW.Win32.OnLineGames.wgy 1
C:\1weicxa.com Infected: Worm.Win32.AutoRun.dcz 1
C:\xyw9tmdj.com Infected: Trojan-PSW.Win32.OnLineGames.yze 1
C:\t.com Infected: Trojan-PSW.Win32.OnLineGames.zll 1
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP465\A0126364.exe Infected: Trojan.Win32.VB.atg 1
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP465\A0126365.exe Infected: Trojan.Win32.VB.atg 1
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP465\A0126366.exe Infected: Trojan.Win32.VB.atg 1
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP465\A0126367.exe Infected: Trojan.Win32.VB.atg 1
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP465\A0126368.exe Infected: Trojan.Win32.VB.atg 1
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP465\A0126369.exe Infected: Trojan.Win32.VB.atg 1

The selected area was scanned.

J'ai aussi protegé mon pc avec Spyware blaster et également spybot (qui m'a detecté et supprimé pas mal d'infections).

Pour ce qui est du "nettoyage" j'ai l'habitude d'utiliser EasyCleaner (le même depuis 5ans!), en particulier pour la base de registre. Est-ce que c'est suffisant?

Quand tout sera clean je pensait défragmenter et sauvegarder une image de ma partition C: . A l'époque j'utilisai GHOST (sous win98). Est-ce que le sytème de restauration de windows fonctionne aussi bien (j'ai vu que SpywareBlaster le faisait aussi?!).

Merci encore pour ton aide.
0
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

13 sept. 2008 à 18:15
Salut,

Désolé !
Pour RAV l'interface n'était pas la même que celle que tu m'a montré dans ton précédent message, j'ai vraiment pas trouvé...
Et pour spyware blaster et spybot j'ai bêtement suivi ça :

http://www.inoculer.com/activex.php3
=>"Différents logiciels permettent de prémunir sa machine contre bon nombre d'ActiveX reconnus malveillants. Nous vous en recommandont deux gratuits et particulièrement performants : SpywareBlaster et Spybot S&D."

Bref! Encore désolé

Voilà les deux rapports :



RAPPORT MOVE IT

File/Folder C:\Documents and Settings\nicolas\Application Data\Sun\Java\Deployment\cache\6.0\39\17db47e7-3e95bb0c C:\v.cmd not found.
C:\cfdflx.com moved successfully.
File/Folder C:\3o.exe not found.
C:\h1dwg20.exe moved successfully.
C:\aub0wb8.cmd moved successfully.
C:\ino6.com moved successfully.
C:\f.exe moved successfully.
C:\1weicxa.com moved successfully.
C:\xyw9tmdj.com moved successfully.
File/Folder C:\t.com H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\R­P465 not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09132008_174822



RAPPORT COMBOFIX


ComboFix 08-09-12.09 - nicolas 2008-09-13 17:56:15.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.616 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\nicolas\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\nicolas\Cookies\nicolas@serving-sys[1].txt
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-13 au 2008-09-13 ))))))))))))))))))))))))))))))))))))
.

2008-09-13 17:48 . 2008-09-13 17:48 <REP> d-------- C:\_OTMoveIt
2008-09-13 14:25 . 2008-09-13 14:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-13 14:25 . 2008-09-13 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-13 14:22 . 2008-09-13 14:22 <REP> d-------- C:\Program Files\SpywareBlaster
2008-09-12 16:21 . 2008-09-12 16:21 <REP> d-------- C:\Lop SD
2008-09-12 14:14 . 2008-09-12 14:14 <REP> d-------- C:\Program Files\iTunes
2008-09-12 14:14 . 2008-09-12 14:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 14:13 . 2008-09-12 14:13 <REP> d-------- C:\Program Files\Bonjour
2008-09-12 14:12 . 2008-09-12 14:12 <REP> d-------- C:\Program Files\QuickTime
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 00:59 . 2008-09-06 00:59 <REP> d--hs---- C:\FOUND.005
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-27 16:23 . 2008-08-27 16:23 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-27 16:15 . 2008-08-27 16:15 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\DAEMON Tools

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 14:15 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-26 16:58 --------- d-----w C:\Program Files\GPLGS
2008-07-26 16:53 --------- d-----w C:\Program Files\Acro Software
2007-04-16 19:14 55,112 ----a-w C:\Documents and Settings\nicolas\Application Data\GDIPFONTCACHEV1.DAT
2006-01-16 15:25 0 ----a-w C:\Documents and Settings\nicolas\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 217088]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 1103240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-05 138240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VectorWorks 11\\VectorWorks.exe"=
"C:\\Program Files\\art-lantis 4.5\\Art-lantis.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"=
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\AGE3.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13578:TCP"= 13578:TCP:NortonAV
"12064:TCP"= 12064:TCP:NortonAV
"16768:TCP"= 16768:TCP:NortonAV
"15348:TCP"= 15348:TCP:NortonAV
"17550:TCP"= 17550:TCP:NortonAV
"18364:TCP"= 18364:TCP:NortonAV
"18405:TCP"= 18405:TCP:NortonAV
"12950:TCP"= 12950:TCP:NortonAV
"15752:TCP"= 15752:TCP:NortonAV
"13325:TCP"= 13325:TCP:NortonAV
"13591:TCP"= 13591:TCP:NortonAV
"13474:TCP"= 13474:TCP:NortonAV
"15283:TCP"= 15283:TCP:NortonAV
"12362:TCP"= 12362:TCP:NortonAV
"12627:TCP"= 12627:TCP:NortonAV
"14173:TCP"= 14173:TCP:NortonAV
"13028:TCP"= 13028:TCP:NortonAV
"12899:TCP"= 12899:TCP:NortonAV
"17070:TCP"= 17070:TCP:NortonAV
"14794:TCP"= 14794:TCP:NortonAV
"14533:TCP"= 14533:TCP:NortonAV
"17921:TCP"= 17921:TCP:NortonAV
"12190:TCP"= 12190:TCP:NortonAV
"16224:TCP"= 16224:TCP:NortonAV
"12297:TCP"= 12297:TCP:NortonAV
"17062:TCP"= 17062:TCP:NortonAV
"15027:TCP"= 15027:TCP:NortonAV
"12981:TCP"= 12981:TCP:NortonAV
"12074:TCP"= 12074:TCP:NortonAV
"18685:TCP"= 18685:TCP:NortonAV
"13490:TCP"= 13490:TCP:NortonAV
"16025:TCP"= 16025:TCP:NortonAV
"12240:TCP"= 12240:TCP:NortonAV
"18493:TCP"= 18493:TCP:NortonAV
"16361:TCP"= 16361:TCP:NortonAV
"18518:TCP"= 18518:TCP:NortonAV
"14835:TCP"= 14835:TCP:NortonAV
"13746:TCP"= 13746:TCP:NortonAV
"18968:TCP"= 18968:TCP:NortonAV
"17602:TCP"= 17602:TCP:NortonAV
"13364:TCP"= 13364:TCP:NortonAV
"13398:TCP"= 13398:TCP:NortonAV
"13428:TCP"= 13428:TCP:NortonAV
"16663:TCP"= 16663:TCP:NortonAV
"18806:TCP"= 18806:TCP:NortonAV
"16393:TCP"= 16393:TCP:NortonAV
"18330:TCP"= 18330:TCP:NortonAV
"13736:TCP"= 13736:TCP:NortonAV
"15193:TCP"= 15193:TCP:NortonAV
"15056:TCP"= 15056:TCP:NortonAV
"13074:TCP"= 13074:TCP:NortonAV
"13839:TCP"= 13839:TCP:NortonAV
"16644:TCP"= 16644:TCP:NortonAV
"14475:TCP"= 14475:TCP:NortonAV
"15722:TCP"= 15722:TCP:NortonAV
"18360:TCP"= 18360:TCP:NortonAV
"14828:TCP"= 14828:TCP:NortonAV
"16461:TCP"= 16461:TCP:NortonAV
"18502:TCP"= 18502:TCP:NortonAV
"14730:TCP"= 14730:TCP:NortonAV
"17410:TCP"= 17410:TCP:NortonAV
"16153:TCP"= 16153:TCP:NortonAV
"14414:TCP"= 14414:TCP:NortonAV
"15680:TCP"= 15680:TCP:NortonAV
"17448:TCP"= 17448:TCP:NortonAV
"12326:TCP"= 12326:TCP:NortonAV
"18175:TCP"= 18175:TCP:NortonAV
"17514:TCP"= 17514:TCP:NortonAV
"13719:TCP"= 13719:TCP:NortonAV
"14938:TCP"= 14938:TCP:NortonAV
"17451:TCP"= 17451:TCP:NortonAV
"13966:TCP"= 13966:TCP:NortonAV
"12706:TCP"= 12706:TCP:NortonAV
"12476:TCP"= 12476:TCP:NortonAV
"17756:TCP"= 17756:TCP:NortonAV
"12280:TCP"= 12280:TCP:NortonAV
"16670:TCP"= 16670:TCP:NortonAV
"13982:TCP"= 13982:TCP:NortonAV
"16665:TCP"= 16665:TCP:NortonAV
"14824:TCP"= 14824:TCP:NortonAV
"15531:TCP"= 15531:TCP:NortonAV
"16580:TCP"= 16580:TCP:NortonAV
"13267:TCP"= 13267:TCP:NortonAV
"16072:TCP"= 16072:TCP:NortonAV
"18938:TCP"= 18938:TCP:NortonAV
"13549:TCP"= 13549:TCP:NortonAV
"17052:TCP"= 17052:TCP:NortonAV
"14801:TCP"= 14801:TCP:NortonAV
"12772:TCP"= 12772:TCP:NortonAV
"18327:TCP"= 18327:TCP:NortonAV
"16735:TCP"= 16735:TCP:NortonAV
"17229:TCP"= 17229:TCP:NortonAV
"13214:TCP"= 13214:TCP:NortonAV
"15001:TCP"= 15001:TCP:NortonAV
"12708:TCP"= 12708:TCP:NortonAV
"14222:TCP"= 14222:TCP:NortonAV
"16104:TCP"= 16104:TCP:NortonAV
"18677:TCP"= 18677:TCP:NortonAV
"16820:TCP"= 16820:TCP:NortonAV
"16107:TCP"= 16107:TCP:NortonAV
"15510:TCP"= 15510:TCP:NortonAV
"16003:TCP"= 16003:TCP:NortonAV
"14113:TCP"= 14113:TCP:NortonAV
"18920:TCP"= 18920:TCP:NortonAV
"14153:TCP"= 14153:TCP:NortonAV
"14874:TCP"= 14874:TCP:NortonAV
"18717:TCP"= 18717:TCP:NortonAV
"18885:TCP"= 18885:TCP:NortonAV
"18119:TCP"= 18119:TCP:NortonAV
"14993:TCP"= 14993:TCP:NortonAV
"18902:TCP"= 18902:TCP:NortonAV
"15772:TCP"= 15772:TCP:NortonAV
"13827:TCP"= 13827:TCP:NortonAV
"18655:TCP"= 18655:TCP:NortonAV
"16872:TCP"= 16872:TCP:NortonAV
"15344:TCP"= 15344:TCP:NortonAV
"14375:TCP"= 14375:TCP:NortonAV
"14445:TCP"= 14445:TCP:NortonAV
"14219:TCP"= 14219:TCP:NortonAV
"13393:TCP"= 13393:TCP:NortonAV
"14481:TCP"= 14481:TCP:NortonAV
"18939:TCP"= 18939:TCP:NortonAV
"15018:TCP"= 15018:TCP:NortonAV
"14263:TCP"= 14263:TCP:NortonAV
"18597:TCP"= 18597:TCP:NortonAV
"14176:TCP"= 14176:TCP:NortonAV
"16378:TCP"= 16378:TCP:NortonAV
"14311:TCP"= 14311:TCP:NortonAV
"18192:TCP"= 18192:TCP:BitComet 18192 TCP
"18192:UDP"= 18192:UDP:BitComet 18192 UDP

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
R2 MicroGuard;MicroGuard Copy Protection;C:\WINDOWS\system32\drivers\mgnt.sys [1997-10-09 40288]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052a73d0-f4d2-11dc-95f7-0013ce1f8a82}]
\Shell\AutoRun\command - semo2x.exe
\Shell\explore\Command - semo2x.exe
\Shell\open\Command - semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abffdef-e620-11dc-95e2-0013ce1f8a82}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{125cc45f-21b9-11dd-963c-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2621a26e-d71f-11dc-95d7-0013ce1f8a82}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28c5a676-1691-11dd-9629-00c09fdd146c}]
\Shell\AutoRun\command - ino6.com
\Shell\explore\Command - ino6.com
\Shell\open\Command - ino6.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c62c16-be0d-11db-bc59-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c346424-ea8d-11dc-95e8-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c346426-ea8d-11dc-95e8-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a26d972-cf80-11dc-95d3-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6afecf2e-da26-11dc-95d9-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ddb50ba-9ca4-11db-85e5-00c09fdd146c}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f9665d-d7b0-11db-b86a-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c57af10-b14a-11db-8605-0013ce1f8a82}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9deb0090-1b5f-11dd-9632-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9beae96-cd14-11dc-95ce-0013ce1f8a82}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9beae97-cd14-11dc-95ce-0013ce1f8a82}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94b1968-c8c2-11dc-95cd-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94b1969-c8c2-11dc-95cd-0013ce1f8a82}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7b9072a-8de2-11dc-957e-0013ce1f8a82}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc389c00-3e31-11dd-9662-0013ce1f8a82}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed106ee8-86ac-11da-83b8-0013ce1f8a82}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a7b49e-5f66-11db-857a-0013ce1f8a82}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc2ad8f7-94f6-11db-85e3-0060b3f59b98}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff54f6d0-f9d9-11dc-95fc-0013ce1f8a82}]
\Shell\AutoRun\command - H:\ino6.com
\Shell\explore\Command - H:\ino6.com
\Shell\open\Command - H:\ino6.com
.
Contenu du dossier 'Tƒches planifi‚es'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-NWEReboot - (no file)


.
------- Examen suppl‚mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\nicolas\Application Data\Mozilla\Firefox\Profiles\o7zk4r8f.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 18:00:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\WINDOWS\SYSTEM32\TABLET.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\VERCLSID.EXE
.
**************************************************************************
.
Heure de fin: 2008-09-13 18:03:04 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-13 16:03:02

Avant-CF: 10,012,459,008 octets libres
Après-CF: 10,179,903,488 octets libres

367
0
Utilisateur anonyme
13 sept. 2008 à 19:42
Salut Al.

Juste un détail pas vraiment utile mais comme je passais par là ,

<REP> d--hs---- C:\FOUND.005
C'est un dossier pas un fichier ;)

++
0
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
13 sept. 2008 à 21:12
Hello Cyrildu17 ,

Zut; et je le savais en plus !
C'est pas tellement grave, en effet; il peut rester là où il est.

Merci pour ta précieuse entraide.
Al.
0
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

15 sept. 2008 à 15:51
salut,

Désolé, effectivement, j'étais en vacance pour une partie du week-end!!


5°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” sur le bureau - ) en faisant un “glisser/déposer” de ce fichier “ gras>CFScript1.txt</gras> ” sur le fichier “ComboFix.exe” comme sur la capture: < http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif >
L'icône ComboFix.exe change alors de "brillance" dans sa couleur.
Un module s'affiche ==> clic sur "Exécuter"


J'ai essayé, ca ne marche pas. Il y a effectivement une petite barre de chargement (comme dans l'animation), ComboFix apparait pendant un moment dans la barre des taches mais rien ne se passe après, il ne se lance pas, pas non plus de demande "Exécuter".

J'ai verifié plusieurs fois le nom du fichier et que j'avais bien copier-coller le texte... je ne comprend pas.

Merci
0
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
15 sept. 2008 à 18:14
Bonsoir

1° As-tu ce fichier CFScript1.txt sur ton bureau ?
Ouvre-le, et fais-m'en un copier/coller --> poste-le.


Merci
Al.
0
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

15 sept. 2008 à 18:27
Re :

File::
C:\FOUND.005
C:\v.cmd
C:\t.com
C:\3o.exe
F:\fun.xls.exe
F:\semo2x.exe
G:\fun.xls.exe
G:\semo2x.exe
H:\ino6.com
H:\fun.xls.exe
H:\semo2x.exe

Folder::
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\R­P465
C:\Documents and Settings\nicolas\Application Data\Sun\Java\Deployment\cache\6.0\39\17db47e7-3e95bb0c
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Program Files\Bonjour

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052a73d0-f4d2-11dc-95f7-0013ce1f8a82}l]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0abffdef-e620-11dc-95e2-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{125cc45f-21b9-11dd-963c-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2621a26e-d71f-11dc-95d7-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28c5a676-1691-11dd-9629-00c09fdd146c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c62c16-be0d-11db-bc59-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c346424-ea8d-11dc-95e8-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c346426-ea8d-11dc-95e8-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a26d972-cf80-11dc-95d3-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6afecf2e-da26-11dc-95d9-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ddb50ba-9ca4-11db-85e5-00c09fdd146c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f9665d-d7b0-11db-b86a-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c57af10-b14a-11db-8605-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9deb0090-1b5f-11dd-9632-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9beae96-cd14-11dc-95ce-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9beae97-cd14-11dc-95ce-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94b1968-c8c2-11dc-95cd-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94b1969-c8c2-11dc-95cd-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7b9072a-8de2-11dc-957e-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc389c00-3e31-11dd-9662-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed106ee8-86ac-11da-83b8-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a7b49e-5f66-11db-857a-0013ce1f8a82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc2ad8f7-94f6-11db-85e3-0060b3f59b98}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff54f6d0-f9d9-11dc-95fc-0013ce1f8a82}]
0
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
15 sept. 2008 à 18:40
OK
Merci

As-tu ce fichier CFScript1.txt sur ton bureau ?
Est-il bien au format .txt ?



Modifie deux lignes:

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{052a73d0-f4d2-11dc-95f7-0013ce1f8a8­2}] <-- entre } et ], il y a un trait vertical à supprimer .

C:\FOUND.005 <-- déplace-le sous Folder::

Le CFSript devient donc:

File::
C:\v.cmd
C:\t.com
C:\3o.exe
F:\fun.xls.exe
F:\semo2x.exe
G:\fun.xls.exe
G:\semo2x.exe
H:\ino6.com
H:\fun.xls.exe
H:\semo2x.exe

Folder::
H:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\R­­P465
C:\Documents and Settings\nicolas\Application Data\Sun\Java\Deployment\cache\6.0\39\17db47e7-3e95bb0c
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Program Files\Bonjour
C:\FOUND.005

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{052a73d0-f4d2-11dc-95f7-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{0abffdef-e620-11dc-95e2-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{125cc45f-21b9-11dd-963c-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{2621a26e-d71f-11dc-95d7-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{28c5a676-1691-11dd-9629-00c09fdd146­c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{35c62c16-be0d-11db-bc59-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{4c346424-ea8d-11dc-95e8-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{4c346426-ea8d-11dc-95e8-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{5a26d972-cf80-11dc-95d3-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{6afecf2e-da26-11dc-95d9-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{7ddb50ba-9ca4-11db-85e5-00c09fdd146­c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{83f9665d-d7b0-11db-b86a-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{9c57af10-b14a-11db-8605-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{9deb0090-1b5f-11dd-9632-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{b9beae96-cd14-11dc-95ce-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{b9beae97-cd14-11dc-95ce-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{c94b1968-c8c2-11dc-95cd-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{c94b1969-c8c2-11dc-95cd-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{d7b9072a-8de2-11dc-957e-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{dc389c00-3e31-11dd-9662-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{ed106ee8-86ac-11da-83b8-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{f3a7b49e-5f66-11db-857a-0013ce1f8a8­2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{fc2ad8f7-94f6-11db-85e3-0060b3f59b9­8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{ff54f6d0-f9d9-11dc-95fc-0013ce1f8a8­2}]



Relance maintenant la procédure en suivant scrupuleusement mon texte, y compris les (CTRL+C) et (CTRL+V).
Si ça ne va toujours pas, fais-le en mode sans échec.
Mais c'est tout de même bizarre.


Al.
0
nico262
Messages postés
40
Date d'inscription
vendredi 12 septembre 2008
Statut
Membre
Dernière intervention
21 octobre 2010

15 sept. 2008 à 19:27
Re,

les deux icones sont bien sur le bureau,
le fichier est bien CFScript1.txt

Et ça marche toujours pas même en mode sans échec
Comme je te l'ai dit plus haut il y a bien la barre de chargement près de l'icone,
puis il ComboFix apparait ds la barre des taches, l'écran se rafraichit et puis rien..

Merci
0
afideg
Messages postés
10516
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
601
15 sept. 2008 à 19:48
OK
On va résoudre ça; c'est prêt.
Mais poste d'abord un nouveau rapport ComboFix. (pour vérifier si le CFSript a malgré tout été fusionné)
Merci
Al.

PS . (Je vais passer à table).
0