A l'aide...pop ups recalcitrants...

bonjour tout le monde!
j'ai un probleme....des que je lance internet explorer, des fenetres s'ouvrent,faisant de la pub pr des sites de téléchargements de smileys,d'antispyware,vente d'autos sur le net...Etc...
je ne sais plus quoi faire! a²,adaware, et norton 2005 ne trouvent que des fichiers dll que j'efface,mais qui réapparaissent apres quelques temps...que faire?
voici mon log hijackthis:
Logfile of HijackThis v1.98.2
Scan saved at 11:50:11, on 07/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE


voici mon log FindandFix:

Thu 07 Oct 04 11:55:31

»»»»»»»»»»»»»»»»»»***LOG!***(*updated *9/1*)»»»»»»»»»»»»»»»»

*System:
Microsoft Windows XP Home Edition 5.1 Service Pack 1 (Build 2600)
*IE version:
6.0.2800.1106 SP1-Q867801-Q823353



MS-DOS Version 5.00.500

*command.com test passed!

__________________________________
!!*Creating backups...!!

The operation completed successfully
11:55:31,23 07/10/2004
__________________________________

*Local time:
jeudi 7 octobre 2004 (07/10/2004)
11:55, Paris, Madrid
*Uptime:
11:55:32 up 0 days, 10:22:28

*Path:
C:\FINDnFIX
----------------------------------------------------
»»Member of...: ("ADMIN" logon + group match required!)

User is a member of group PIERRE-ANTOINE\Aucun.
User is a member of group \Tout le monde.
User is a member of group BUILTIN\Administrateurs.
User is a member of group BUILTIN\Utilisateurs.
User is a member of group \LOCAL.
User is a member of group AUTORITE NT\INTERACTIF.
User is a member of group AUTORITE NT\Utilisateurs authentifiés.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

User: [PIERRE-ANTOINE\Propriétaire], is a member of:

BUILTIN\Administrateurs
PIERRE-ANTOINE\Aucun

Running in WORKSTATION MODE.

SystemDrive is C:
SystemRoot is C:\WINDOWS
Logon Domain is PIERRE-ANTOINE
Administrator's Name is Propri‚taire
Computer Name is PIERRE-ANTOINE
LOGON SERVER is \\PIERRE-ANTOINE

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided and registry scan should match the
corresponding file(s) listed.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Unless the file match the entire criteria, it should not be pointed to remove
without attempting to confirm it's nature!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
At times there could be several (legit) files flagged, and/or duplicate culprit file(s)!
If in doubt, always search the file(s) and properties according to criteria!

The file(s) found should be moved to \FINDnFIX\"junkxxx" Subfolder

______________________________________________________________________________
***YOU NEED TO DISABLE YOUR ACTIVE ANTI VIRUS PROTECTION TO AVOID CONFLICTS!***
______________________________________________________________________________

......Scanning for file(s)...
*Note! The list(s) may include legitimate files!
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........
»»Read access error(s)...

C:\WINDOWS\SYSTEM32\ARLEDIT.DLL +++ File read error
\\?\C:\WINDOWS\System32\ARLEDIT.DLL +++ File read error

»»»»» (*2*) »»»»»........

»»»»» (*3*) »»»»»........

C:\WINDOWS\SYSTEM32\
6ao4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6ho4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6jo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6lo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6oo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6wo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
add.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
ailui.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
aitiveds.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
aoaamon.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
ard.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
arledit.dll Mon 4 Oct 2004 15:31:06 ..SHR 320 872 313,35 K
aud.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K

13 items found: 13 files (13 H/S), 0 directories.
Total of file sizes: 4 171 336 bytes 3,98 M

unknown/hidden files...

C:\WINDOWS\SYSTEM32\
6ao4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6ho4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6jo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6lo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6oo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
6wo4svc.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
add.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
ailui.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
aitiveds.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
aoaamon.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
ard.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K
arledit.dll Mon 4 Oct 2004 15:31:06 ..SHR 320 872 313,35 K
aud.dll Mon 4 Oct 2004 15:31:06 A.SHR 320 872 313,35 K

13 items found: 13 files, 0 directories.
Total of file sizes: 4 171 336 bytes 3,98 M

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\6AO4SVC.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\6HO4SVC.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\6JO4SVC.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\6LO4SVC.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\6OO4SVC.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\6WO4SVC.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\ADD.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\AILUI.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\AITIVEDS.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\AOAAMON.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\ARD.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\ARLEDIT.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\AUD.DLL
SNiF 1.34 statistics

Matching files : 13 Amount in bytes : 4171336
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»»»(*5*)»»»»»
¯ Access denied ® ..................... ARLEDIT.DLL ....320872 04.10.2004

»»»»»(*6*)»»»»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...
*List of files and specs according to 'size' :
*Note: Not all files listed here are infected, but *may include* the
name and spces of the offending file...
___________________________________________________________________________
Path: C:\WINDOWS\SYSTEM32 Including: *.DLL


____________________________________________________________________________
*By size and date...


No matches found.

No matches found.

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

SNiF 1.34 statistics

Matching files : 0 Amount in bytes : 0
Directories searched : 1 Commands executed : 0

Masks sniffed for: *.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»


BHO search and other files...



No matches found.

No matches found.

--*sp.html in temp folder was NOT FOUND!--

*Filter keys search...
REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html' (2)

--(*text/html Subkey was NOT FOUND!)--

REGDMP: Unable to open key 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain' (2)

--(*text/plain Subkey was NOT FOUND!)--

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 474

»»Checking for AppInit_DLLs (empty) value...
________________________________
!"AppInit_DLLs"=""!

Value Matches
________________________________

»»Comparing *saved* key with *original*...

REGDIFF 2.1 - Freeware written by Gerson Kurz (http://www.p-nand-q.com)

Comparing File #1 (Keys1\winkey.reg) with File #2 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows).

Value "AppInit_DLLs" in key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" has different lengths (1 vs 13)

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ \0\0\0\0\0\0\0\0\0\0\0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Utilisateurs
Full access BUILTIN\Administrateurs
Full access AUTORITE NT\SYSTEM



»»Performing string scan....
00001150: vk f AppInit_DLLs G
00001190: h vk U
000011D0:DeviceNotSelectedTimeout 1 5 o 9 0 X[ vk
00001210: ' GDIProcessHandleQuota, 2 vk X
00001250:Spoolerw y e s =p h 8 vk
00001290: . swapdisk vk J TransmissionRetryTimeout
000012D0: h 8 vk ' 4 USERProc
00001310:essHandleQuotaH
00001350: ) ` ~ MZ
00001390:
000013D0:
00001410: ( 0 ` %
00001450: @ 9
00001490:< 9 >: h9 : 9 9 9 9 9 9 9 9 : ~: S; *
000014D0:5 @
00001510: : : 69 n
00001550:T . l8B |HO SW ss  ~~ ~~ }} || ]_ RV uAI ])6 A 9
00001590:8 : S9 3
000015D0: @ 9

---------- WIN.TXT
fùAppInit_DLLs֍æGàÿÿÿ
--------------
--------------
$01180: AppInit_DLLs
$011CF: UDeviceNotSelectedTimeout
$01220: GDIProcessHandleQuota
$012B8: TransmissionRetryTimeout
$01308: USERProcessHandleQuotaH
--------------
--------------
No strings found.

--------------
--------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

.............
A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value exists and reports as 26 bytes, including the 2 for string termination.

[AppInitDLLs]
Ansi string : ""
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0010 00 00 00 00 00 00 00 00 00 00 | ..........
-----------------------

»»»»»»Backups list...»»»»»»
11:56:51 up 0 days, 10:23:46
-----------------------
Thu 07 Oct 04 11:56:51


C:\FINDNFIX\
keyback.hiv Thu 7 Oct 2004 11:55:32 A.... 8 192 8,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 8 192 bytes 8,00 K

C:\FINDNFIX\KEYS1\
winkey.reg Thu 7 Oct 2004 11:55:32 A.... 287 0,28 K

1 item found: 1 file, 0 directories.
Total of file sizes: 287 bytes 0,28 K

*Temp backups...

"C:\Documents and Settings\Propri‚taire\Local Settings\Temp\Backs2\"
keyback2.hi_ 7 Oct 2004 8192 "keyback2.hi_"
winkey2.re_ 7 Oct 2004 287 "winkey2.re_"

2 items found: 2 files, 0 directories.
Total of file sizes: 8 479 bytes 8,28 K
-D---- JUNKXXX 00000000 11:55.32 07/10/2004
A----- STARTIT .BAT 00000060 11:55.32 07/10/2004

________________________________________________________________________________
***THE FIX IS NOT COMPATIBLE WITH EARLIER;UNPATCHED VERSIONS OF WIN2K'(SP3 and BELLOW)'
AND/OR LAX OF SECURITY UPDATES AND SERVICE PACKS FOR ALL PLATFORMS!
MINIMAL REQUIREMENTS INCLUDE:
_________XP HOME/PRO; SP1; IE6/SP1
_________2K/SP4; IE6/SP1
________________________________________________________________________________
»»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»»
-----END------
Thu 07 Oct 04 11:56:52


et enfin,mon log gat-active-service:
These are the Current Active Services:

AUDIO WINDOWS: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

EXPLORATEUR D'ORDINATEUR: Browser
C:\WINDOWS\System32\svchost.exe -k netsvcs

SERVICES DE CRYPTOGRAPHIE: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs

CLIENT DHCP: Dhcp
C:\WINDOWS\System32\svchost.exe -k netsvcs

SYSTÈME D'ÉVÉNEMENTS DE COM+: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs

COMPATIBILITÉ AVEC LE CHANGEMENT RAPIDE D'UTILISATEUR: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs

AIDE ET SUPPORT: helpsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

SERVEUR: lanmanserver
C:\WINDOWS\System32\svchost.exe -k netsvcs

STATION DE TRAVAIL: lanmanworkstation
C:\WINDOWS\System32\svchost.exe -k netsvcs

CONNEXIONS RÉSEAU: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs

NLA (NETWORK LOCATION AWARENESS): Nla
C:\WINDOWS\System32\svchost.exe -k netsvcs

GESTIONNAIRE DE CONNEXIONS D'ACCÈS DISTANT: RasMan
C:\WINDOWS\System32\svchost.exe -k netsvcs

PLANIFICATEUR DE TÂCHES: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs

CONNEXION SECONDAIRE: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs

NOTIFICATION D'ÉVÉNEMENT SYSTÈME: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs

DÉTECTION MATÉRIEL NOYAU: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs

SERVICE DE RESTAURATION SYSTÈME: srservice
C:\WINDOWS\System32\svchost.exe -k netsvcs

TÉLÉPHONIE: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

SERVICES TERMINAL SERVER: TermService
C:\WINDOWS\System32\svchost.exe -k netsvcs

THÈMES: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs

CLIENT DE SUIVI DE LIEN DISTRIBUÉ: TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs

GESTIONNAIRE DE TÉLÉCHARGEMENT: uploadmgr
C:\WINDOWS\System32\svchost.exe -k netsvcs

HORLOGE WINDOWS: W32Time
C:\WINDOWS\System32\svchost.exe -k netsvcs

INFRASTRUCTURE DE GESTION WINDOWS: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs

MISES À JOUR AUTOMATIQUES: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs

CONFIGURATION AUTOMATIQUE SANS FIL: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs

SYMANTEC EVENT MANAGER: ccEvtMgr
"C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"

SYMANTEC SETTINGS MANAGER: ccSetMgr
"C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"

CLIENT DNS: Dnscache
C:\WINDOWS\System32\svchost.exe -k NetworkService

JOURNAL DES ÉVÉNEMENTS: Eventlog
C:\WINDOWS\system32\services.exe

PLUG-AND-PLAY: PlugPlay
C:\WINDOWS\system32\services.exe

LEXBCE SERVER: LexBceS
C:\WINDOWS\system32\LEXBCES.EXE

ASSISTANCE TCP/IP NETBIOS: LmHosts
C:\WINDOWS\System32\svchost.exe -k LocalService

SERVICE DE DÉCOUVERTES SSDP: SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalService

WEBCLIENT: WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService

MACHINE DEBUG MANAGER: MDM
"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"

SERVICE NORTON ANTIVIRUS AUTO-PROTECT: navapsvc
"C:\Program Files\Norton AntiVirus\navapsvc.exe"

NORTON ANTIVIRUS FIREWALL MONITOR SERVICE: NPFMntor
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

SERVICES IPSEC: PolicyAgent
C:\WINDOWS\System32\lsass.exe

EMPLACEMENT PROTÉGÉ: ProtectedStorage
C:\WINDOWS\system32\lsass.exe

GESTIONNAIRE DE COMPTES DE SÉCURITÉ: SamSs
C:\WINDOWS\system32\lsass.exe

APPEL DE PROCÉDURE DISTANTE (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss

SYMANTEC NETWORK DRIVERS SERVICE: SNDSrvc
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

SYMANTEC SPBBCSVC: SPBBCSvc
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

SPOULEUR D'IMPRESSION: Spooler
C:\WINDOWS\system32\spoolsv.exe

ACQUISITION D'IMAGE WINDOWS (WIA): stisvc
C:\WINDOWS\System32\svchost.exe -k imgsvc

SYMANTEC CORE LC: Symantec Core LC
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

WINDOWS USER MODE DRIVER FRAMEWORK: UMWdf
C:\WINDOWS\System32\wdfmgr.exe


d'avance merci!!