Diagnostic pour mon ordi

elle974 Messages postés 15 Statut Membre -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,

J'aurais besoin d'un diagnostic pour mon ordi, pour voir si j'ai un virus ou pas...mon ordi est de plus en plus lent! et lorsque j'envoie des fichiers en pièces jointes, les destinataires me disent que le document est soit codé, soit ils n'arrivent pas à l'ouvrir, soit il n'y a plus rien dessus...
Comme à l'école on se passe beaucoup de documents par clé, et que dernièrement une copine à moi à eu un trojan qui l'a obligé à formanter son ordi,je m'inquiète!
j'ai bitdefender comme antivirus...
Merci d'avance pour votre aide...
Configuration: Windows Vista
Firefox 2.0.0.14

21 réponses

  • 1
  • 2
  1. jimkiller Messages postés 2177 Statut Membre 487
     
    Salut !! essayes Malwarebyte anti malware et fait un scan complet en fermant toutes tes applications (il est téléchargeable sur ce site et gratuit) s'il trouve des virus ,supprime les. Surtout avant le scan fais la mise à jour de Malwarebyte
    En ce qui concerne le problème de tes piéces jointe, c'est peut-être autre chose. Qu' utilises-tu comme boite mail ?
    0
  2. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Pour avancer :

    Bonjour,

    Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

    Ensuite :

    Télécharge le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.

    Renomme Hijackthis en Tutu

    Double-clique sur HJTInstall.exe (tutu) pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la licence en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

    Tutoriaux (ne fixe rien pour le moment !!)

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
  3. elle974 Messages postés 15 Statut Membre
     
    BONJOUR!
    merci pour vos réponse!
    voici le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:43:15, on 21/03/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\s3trayp.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\vsnpstd.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Windows\VPro610.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [Trojan Killer] "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" 0
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VProperty.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/...
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un, répondre oui. Merci.

    Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
    Dézippe le dossier, double-clique sur GenProc.bat
    En final, poste le contenu du rapport qui s'affiche.
    Comment utiliser GenProc

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

    0
  6. elle974 Messages postés 15 Statut Membre
     
    Rapport GenProc 2.491 [1] - 21/03/2009 à 16:20:03 - Windows Vista

    GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

    Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
    - coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
    - C:\Program Files\EsetOnlineScanner\log.txt

    ----------------------------------------------------------------------
    Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
    ----------------------------------------------------------------------
    0
  7. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ok très bien c'est déjà bon signe, maintenant ceci :

    Telecharge malwarebytes

    NB : S'il te manque COMCTL32.OCX alors télécharge le ici

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log

    Tutoriaux

    0
    1. elle974 Messages postés 15 Statut Membre
       
      SALUT!
      sa, c'est le deuxiéme scan...parce que pour le premier, il avait trouvé 11 élément infectés! mais mon ordi a bloqué quand j'ai cliqué sur supprimer la sélection, donc j'ai pas pu avoir de rapport...
      voici donc le 2e rapport!


      Malwarebytes' Anti-Malware 1.34
      Version de la base de données: 1882
      Windows 6.0.6000

      23/03/2009 15:47:29
      mbam-log-2009-03-23 (15-47-29).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 154848
      Temps écoulé: 5 hour(s), 22 minute(s), 37 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 4
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Users\Hélène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
      C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
      C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  8. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ok vide la quarantaine de malware et fait ceci :

    Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

    Télécharge Superantispyware (SAS)

    Choisis "enregistrer" et enregistre-le sur ton bureau.

    Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

    Créé une icône sur le bureau.

    Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

    - Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    - Sous Configuration and Preferences, clique sur le bouton "Preferences"
    - Clique sur l'onglet "Scanning Control "
    - Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

    Close browsers before scanning
    Scan for tracking cookies
    Terminate memory threats before quarantining
    - Laisse les autres lignes décochées.

    - Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

    - Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

    Dans la colonne de gauche, coche C:\Fixed Drive.

    Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

    Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

    A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

    Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

    Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

    Pour recopier les informations sur le forum, fais ceci :

    - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
    - Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

    - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

    - Copie son contenu dans ta réponse.

    Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

    0
  9. elle974 Messages postés 15 Statut Membre
     
    RE

    j'étais en train de scanner mon ordi avec les dernières démarches que tu m'avais demandé...j'ai quitté ma chambre un moment, et quand je suis revenue, mon ordi était en train de se rallumer!!
    IL s'est éteint tout seul, et quand je l'ai rallumé, on m'a proposé de trouver une solution et voila ce qu'on m'a repondu:

    Problem caused by antivirus or firewall program

    You received this message because your antivirus or firewall program has caused a blue screen error, which means the computer has shut down abruptly to protect itself from potential data corruption or loss.

    Troubleshooting

    --------------------------------------------------------------------------------

    The following troubleshooting steps might prevent the blue screen error from recurring. Try them in the order given. If one step does not solve the problem, then move on to the next one.

    Update your antivirus and firewall programs and scan your computer for viruses

    If you have an antivirus program or firewall program installed on your computer, make sure they are up to date and that the latest antivirus definitions are installed. Check the product websites for your antivirus and firewall programs for information on getting the latest updates. When these products are up to date, run a thorough antivirus scan of your system.

    If you do not have antivirus software installed on your computer, it is possible that your firewall program is causing the problem, or it could be that your computer has been infected by malware.

    What is malware?

    Malicious software, also known as malware, is designed to deliberately harm your computer or collect information about you (including personally identifiable or other sensitive information). For example, viruses, worms, and Trojan horses are malicious software.

    We recommend using a web-based scanner to check your computer for malware. Many of the top antivirus software providers offer this service free of charge on their websites.

    To see a list of Microsoft and third-party providers of antispyware, anti-malware, and antivirus software, go online to the following website:

    Security software: Downloads and trials

    To see a list of antivirus software vendors, go online to the following Knowledge Base article:

    List of antivirus software vendors

    Tip
    Consider scanning your computer using more than one web-based antivirus scanner, even if you have an antivirus program installed on your computer. This will help make sure that you are using the most up-to-date antivirus definitions and allows you to benefit from the different strengths of each antivirus software manufacturer.

    If you do run multiple antivirus products, make sure you run only one product at a time. Running multiple antivirus products simultaneously can produce incorrect results.

    Check for multiple antivirus programs running on your computer

    Running two antivirus software programs on your computer at the same time is not recommended because the two programs can interfere with each other. Even if you don't think your computer could be running two antivirus programs, antivirus software can sometimes come bundled with your computer and it might be running without your knowledge. To check if two antivirus programs are running, follow these steps:

    Click the Start button , click Control Panel, click System and Maintenance, and then click Administrative Tools.

    Double-click Services. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    Look at the list of services under the Name column. If you find two antivirus programs, right-click each service associated with one of the programs, and then click Stop. Note that there may be multiple services running for one antivirus program.

    Download and install the latest updates and device drivers for your computer

    Use Windows Update to check for and install updates:
    Go online to Windows Update:

    Windows Update

    Click the Check for Updates link in the left pane, and then click View available updates.

    What if I don't see any available updates?

    If you see the You receive updates: Managed by your system administrator message you can try clicking the link to Check online for updates from Microsoft Update or Check online for updates from Windows Update, but you might need to contact your system administrator to obtain the desired updates.

    If you don't see the message above and no updates are available in Windows Update, after you click the Check for Updates link in the left pane, then the available updates have already been installed.

    Select all important and recommended updates.

    Select the optional updates you want, and then click Install. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    If you recently added a new hardware device to your computer, go online to the manufacturer's website to see if a driver update is available.

    If you recently added a new program to your computer, go online to the manufacturer's website to see if an update is available.

    Uninstall your firewall or antivirus software

    If the earlier steps did not solve the problem, try uninstalling your firewall program. If this makes the problem go away, then contact the manufacturer of your firewall program for more information about a possible solution. If the problem doesn't go away, then try uninstalling your antivirus program. If this makes the problem go away, then contact the manufacturer of your antivirus program for more information about a possible solution.

    Warning
    Uninstalling your antivirus or firewall programs can leave your computer unprotected from viruses and other malicious software. While your computer is unprotected, refrain from using e-mail, only visit websites that are known to be safe (such as your antivirus or firewall manufacturer's websites), and restore antivirus and firewall protection as soon as possible.

    How do I uninstall a program?

    Click to open Programs and Features.

    Select a program, and then click Uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    Note
    If the program that you want to uninstall isn't listed, it might not have been written for this version of Windows. To uninstall the program, check the information that came with the program.

    Try removing any recently installed hardware or software

    If you received the blue screen error after adding a new hardware device or program (including games), and the previous steps didn't solve the problem, try removing the device or program and restarting Windows. If removing the new device or program allows Windows to start without the error, contact the device or program's manufacturer to get product updates or to learn about any issues with the device or program.

    How do I uninstall a program?

    Click to open Programs and Features.

    Select a program, and then click Uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    Note
    If the program that you want to uninstall isn't listed, it might not have been written for this version of Windows. To uninstall the program, check the information that came with the program.

    Consider restoring your computer to an earlier state

    If the blue screen error occurred after installing a system or program update, consider using the System Restore feature to remove the changes. System Restore uses restore points that have been saved on your computer to return your system to a point in time before the problem began. This can make your computer work again, but the problem could reappear if its cause is reintroduced to your computer.

    Do one of the following:

    If Windows doesn't start:

    Restart the computer and, when the screen becomes blank during startup, repeatedly press F8 until the Windows Advanced Options Menu displays.

    Use your arrow keys to select Safe Mode with Command Prompt, and then press ENTER.

    For more information about safe mode start up options, go online to read an article in the Microsoft Knowledge Base:

    Click to read KB315222

    If you are prompted to select a version of Windows, select the correct version, and then press ENTER.

    Log on to the computer using the Administrator account or an account that has administrator credentials.

    Open a command line window by clicking the Start button , clicking Run, typing cmd in the Search field, right-clicking cmd.exe in the search results, and then selecting Run as administrator. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    Type the following command, and then press ENTER:

    systemroot\system32\restore\rstrui.exe

    (Where systemroot is the drive and directory where your Windows system files are located -- for example, "C:\Windows")

    Follow the instructions that appear on the screen to restore the computer to an earlier state.

    Or, if Windows starts:

    Log on to Windows using an administrator account.

    Click the Start button , and then, in the Search box, type system restore and press ENTER. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    In the System Restore wizard, click Next.

    On the Choose a restore point page, click the most recent system restore point, and then click Next.

    On the Confirm disks to restore page, note that your system disk is selected and click Next.

    On the Confirm your restore point page, click Finish. System Restore restores the previous Windows configuration, and then restarts the computer

    Log on to the computer as an administrator.

    When the System Restore Restoration Complete page appears, click OK.

    Advanced troubleshooting

    The following steps can help determine what is causing a blue screen error and provide additional options for solving the problem. Try the above troubleshooting steps first before trying these advanced troubleshooting steps.

    This section is intended for advanced computer users, such as software developers and network administrators. If you are not comfortable with advanced troubleshooting procedures, we recommend that you perform these steps with someone who is.

    Step 1: Start Windows in safe mode

    Restart the computer and, when the screen becomes blank during startup, repeatedly press F8 until the Windows Advanced Options Menu displays.

    Use your arrow keys to select Safe Mode, and then press ENTER.

    For more information about safe mode start up options, go online to read an article in the Microsoft Knowledge Base:

    Click to read KB315222

    If you are prompted to select a version of Windows, select the correct version, and then press ENTER.

    Step 2: Collect more information about your computer and search online for answers

    To continue troubleshooting this problem, you will need to collect more information about your computer, and then use it to find more information online.

    Use Event Viewer to find specific information about this problem

    Event Viewer is an advanced tool that displays detailed information about significant events on your computer. It can be helpful when troubleshooting problems and errors with Windows and other programs.

    Click the Start button , and then, in the Search box, type Event Viewer.

    In the list of search results, double-click Event Viewer. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    In the left pane, double-click Windows Logs, and then click Application

    In the Actions pane on the right side of the window, click Find.

    In the Find dialog box, type bluescreen, and then click Find Next. When a blue screen event is located, close the Find dialog box.

    In the Actions pane, click Event Properties.

    Click the General tab, and then locate and write down the Fault bucket. An example fault bucket is 0xD1_W_portcls!CPortWavePci::Notify+12.

    Use the Windows Vista Communities to troubleshoot this problem

    Go online to the Windows Vista Discussions in Hardware and Devices Community.

    In the Search For box, type the fault bucket name, and then click Go. This will give you a list of the posts that include this fault bucket. From the results, you might be able to determine if anyone else is also experiencing this problem. If you don't get any results, try searching for the driver name or the device name. If you get too many results, you can add other keywords to your search, such as your system information.

    If you don't find a solution to your problem in the search results, you can post your own question by clicking New. To post questions, you need a Windows Live ID. We recommend that you provide as much system information about your computer as possible with your question.

    Go online to get a Windows Live ID

    What is a Windows Live ID?

    If you have an MSN Hotmail, MSN Messenger, or Microsoft Passport account, you already have a Windows Live account. You can go online to sign in now with your current account information to start using Windows Live. If you don't have a Windows Live ID, you can go online to Get your Windows Live ID to sign up.

    If you don't find a solution to your problem in the Windows Vista Communities, you can go online to search the Internet for the fault bucket name or the driver name. If you find troubleshooting steps for your problem, we do not recommend following them unless they are for your specific brand and model of computer.
    Step 3: Disable your firewall service

    If you are using a third-party firewall program, try disabling it to see if the problem goes away. Some firewall programs provide an icon in the Notification Area, which might allow you to disable or shut down the firewall service by right-clicking its icon and selecting a menu option. See the documentation that came with your firewall program for instructions on how to do this.

    To manually disable your firewall service, follow these steps:

    Warning
    This procedure describes how to turn off third-party services. Be careful not to disable Microsoft services, because doing so will turn off System Restore and cause you to lose all system restore points.

    Click the Start button , type msconfig in the Search field, and then press ENTER. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    Click the Services tab, and then select the Hide all Microsoft services check box to filter the list to third-party services only.

    Find your firewall service in the list of third-party services, deselect its check box, and click OK.

    Restart the computer and check to see if the problem has gone away.

    If the problem goes away after disabling your firewall service, contact its manufacturer for more information on how to solve the problem.

    --------------------------------------------------------------------------------
    Rate this response:Provide Feedback

    QUE DOIS -JE FAIRE?

    J'ai relancé le scan de mon ordi pour l'instant...
    0
  10. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    il est pas français ton ordi?
    0
    1. elle974 Messages postés 15 Statut Membre
       
      LOL !

      Si, mais cette solution n'était pas disponible en français, mais uniquement en anglais...ça n'aide pas!
      Ca te dit rien?
      0
  11. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    non j'ai jamais vu ça mais refait le scan merci.
    0
    1. elle974 Messages postés 15 Statut Membre
       
      VOICI le rapport

      SUPERAntiSpyware Scan Log
      https://www.superantispyware.com/

      Generated 03/24/2009 at 07:15 PM

      Application Version : 4.25.1014

      Core Rules Database Version : 3811
      Trace Rules Database Version: 1765

      Scan type : Complete Scan
      Total Scan Time : 00:48:47

      Memory items scanned : 757
      Memory threats detected : 1
      Registry items scanned : 7334
      Registry threats detected : 0
      File items scanned : 21285
      File threats detected : 37

      Trojan.Dropper/Multi-MBAD
      C:\WINDOWS\VPRO610.EXE
      C:\WINDOWS\VPRO610.EXE
      C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\VPROPERTY.LNK

      Adware.Tracking Cookie
      .xiti.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .mediaplex.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .mediaplex.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .msnportal.112.2o7.net [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      media.adrevolver.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .doubleclick.net [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      core.insightexpressai.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .serving-sys.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .serving-sys.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .serving-sys.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .serving-sys.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .serving-sys.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .bs.serving-sys.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .serving-sys.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .atdmt.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .insightexpressai.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .insightexpressai.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .insightexpressai.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .insightexpressai.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .insightexpressai.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .insightexpressai.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .smartadserver.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .smartadserver.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .smartadserver.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .smartadserver.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .advertising.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .advertising.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .advertising.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .advertising.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .apmebf.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .tradedoubler.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .tradedoubler.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .tradedoubler.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .tradedoubler.com [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      .adserver.aol.fr [ C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt ]
      0
  12. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    quand même : Trojan.Dropper/Multi-MBAD

    Ensuite supprime tout ce que SAS a trouvé et fait ceci ensuite :

    Télécharger RemoveIT Pro

    Fais un scan et poste moi le full rapport log.

    A la fin du 1er scan, s'il demande de faire un scan complet dite oui et à la fin du 2ème scan, si virus trouvé cliquez sur fix pour nettoyer des virus trouvés.
    0
  13. elle974 Messages postés 15 Statut Membre
     
    comment fait on pour supprimer ce que Sas a trouvé?
    0
  14. elle974 Messages postés 15 Statut Membre
     
    c'est bon,je pense qu'il faut supprimer la quarantaine...
    Je continue
    0
  15. elle974 Messages postés 15 Statut Membre
     
    RemoveIT Pro v4 - SE (Build date: 6.6.2008) full information log file.
    Generated at: 24/03/2009 on 20:06:14
    Microsoft Windows Vista Home Edition (Build 6000)
    Author: Damjan Irgolic
    https://www.incodesolutions.com/
    support@incodesolutions.com

    Running processes: (26)
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\s3trayp.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\vsnpstd.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
    C:\Windows\system32\SearchFilterHost.exe

    Startup files:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Sidebar
    [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr
    ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\swg
    [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Picasa Media Detector
    [C:\Program Files\Picasa2\PicasaMediaDetector.exe]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Trojan Killer
    ["C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" 0]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SUPERAntiSpyware
    [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender
    [%ProgramFiles%\Windows Defender\MSASCui.exe -hide]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\S3Trayp
    [S3trayp.exe]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HDAudDeck
    [C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Apoint
    [C:\Program Files\Apoint2K\Apoint.exe]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck
    [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
    [C:\Windows\vsnpstd.exe]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BDMCon
    [C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BDAgent
    ["C:\Program Files\Softwin\BitDefender10\bdagent.exe"]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe
    ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCSuiteTrayApplication
    [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
    ["C:\Program Files\QuickTime\QTTask.exe" -atboottime]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
    ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UnlockerAssistant
    ["C:\Program Files\Unlocker\UnlockerAssistant.exe"]

    Detail report: (91)
    Clsid c:\program files\superantispyware\saswinlo.dll[972edede23ac8d59aac0c09799c6f18a][356352]
    Clsid C:\Windows\system32\iconcodecservice.dll[08578f3ca5365f896d90ce2bf97fd000][9728]
    Proc C:\Program Files\Apoint2K\ApMsgFwd.exe[7890a95bba6ee9eb0e4539f5270a6201][42544]
    Proc C:\Program Files\Apoint2K\Apntex.exe[99a7b10500920e5cc79b700927b18bc1][40960]
    Proc C:\Program Files\Apoint2K\Apoint.exe[3725331a9383c1fbca84fe94638a2a62][155648]
    Proc C:\Program Files\Common Files\Real\Update_OB\realsched.exe[74bc945eb2584e90619a56ef5028ab0f][185896]
    Proc C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5d61be7db55b026a5d61a3eed09d0ead][39408]
    Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[5f3e76c6be90c901c7a3058f05a5dc33][550912]
    Proc C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[6ab4c021fbd36dc6764924c312428d97][144784]
    Proc C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[e188695d1893591b21da95f5ab3c9ae3][282624]
    Proc C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[bc41ef142d76f423cf1cf261201d5623][271360]
    Proc C:\Program Files\Picasa2\PicasaMediaDetector.exe[ef1ecb9df42af6bf7514bb5ebc5c59ec][443968]
    Proc C:\Program Files\Softwin\BitDefender10\bdagent.exe[2ffa83a15bc21c5b3f336d96f19b47e6][69632]
    Proc C:\Program Files\Softwin\BitDefender10\bdmcon.exe[0595cccf2e5babfc6d5052cfeffa96f6][290816]
    Proc C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
    Proc C:\Program Files\Unlocker\UnlockerAssistant.exe[403e928ba217e38485009636c793f3c9][15872]
    Proc C:\Program Files\Windows Defender\MSASCui.exe[9ad9e2fb2811123da13de84cc154ab77][1006264]
    Proc C:\Program Files\Windows Live\Messenger\msnmsgr.exe[97384875b6d03831b2d1820ab8952f67][5724184]
    Proc C:\Program Files\Windows Sidebar\sidebar.exe[582f3a0ba61d8f0d50c66b592808b6d6][1232896]
    Proc C:\Windows\Explorer.EXE[37440d09deae0b672a04dccf7abf06be][2923520]
    Proc C:\Windows\system32\conime.exe[05cb3da78a4bbd9b799a5957f9d101cc][68608]
    Proc C:\Windows\system32\Dwm.exe[e87b968f3d49117445893eb0503fe34f][83456]
    Proc C:\Windows\System32\s3trayp.exe[ea7ed7592063eccaec1406d63c2cd764][176128]
    Proc C:\Windows\system32\SearchFilterHost.exe[78b5ae488dcd24556cf976be0bba82be][76288]
    Proc C:\Windows\system32\taskeng.exe[1226e9fae5b8508801ec974e3c9d9c14][166400]
    Proc C:\Windows\system32\wbem\unsecapp.exe[e19c7bce081b85f86f03ae9d82ffa77b][37376]
    Proc C:\Windows\vsnpstd.exe[d30fcc9632cf2eaae0a9e76f5d56016f][339968]
    RegRun c:\progra~1\softwin\bitdef~1\bdmcon.exe[0595cccf2e5babfc6d5052cfeffa96f6][290816]
    RegRun c:\program files\apoint2k\apoint.exe[3725331a9383c1fbca84fe94638a2a62][155648]
    RegRun c:\program files\common files\ahead\lib\nerocheck.exe[5c1ab463bc29cc9095625d0a7e0a4c99][153136]
    RegRun c:\program files\common files\real\update_ob\realsched.exe [74bc945eb2584e90619a56ef5028ab0f][185896]
    RegRun c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe[5d61be7db55b026a5d61a3eed09d0ead][39408]
    RegRun c:\program files\gridinsoft trojan killer\trojankiller.exe [b67a21c37f6dfdd809a771f54a638569][2776064]
    RegRun c:\program files\java\jre1.6.0_07\bin\jusched.exe[6ab4c021fbd36dc6764924c312428d97][144784]
    RegRun c:\program files\nokia\nokia pc suite 6\launchapplication.exe [bc41ef142d76f423cf1cf261201d5623][271360]
    RegRun c:\program files\picasa2\picasamediadetector.exe[ef1ecb9df42af6bf7514bb5ebc5c59ec][443968]
    RegRun c:\program files\quicktime\qttask.exe [bafcf6cf19ce4882039c52dfa17be35f][385024]
    RegRun c:\program files\softwin\bitdefender10\bdagent.exe[2ffa83a15bc21c5b3f336d96f19b47e6][69632]
    RegRun c:\program files\superantispyware\superantispyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
    RegRun c:\program files\unlocker\unlockerassistant.exe[403e928ba217e38485009636c793f3c9][15872]
    RegRun c:\program files\via\viaudioi\vistaadeck\hdaudiocpl.exe [aef40f3a7da0f09019e48b9e506eeb2b][471040]
    RegRun c:\program files\windows live\messenger\msnmsgr.exe [97384875b6d03831b2d1820ab8952f67][5724184]
    RegRun c:\program files\windows sidebar\sidebar.exe [582f3a0ba61d8f0d50c66b592808b6d6][1232896]
    RegRun C:\Windows\system32\s3trayp.exe[ea7ed7592063eccaec1406d63c2cd764][176128]
    RegRun c:\windows\vsnpstd.exe[d30fcc9632cf2eaae0a9e76f5d56016f][339968]
    Service c:\firststeps\onlinediagnostic\testmanager\testhandler.exe[8c80a73a5d77b2208ca91e4fa269981d][204800]
    Service c:\program files\bonjour\mdnsresponder.exe[cfd4c3352e29a8b729536648466e8df5][229376]
    Service c:\program files\common files\ahead\lib\nmindexingservice.exe[7b273501c59d52978b761f82bebadb06][267824]
    Service c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe[1961cb10bb48eb4d97e37db6373e9e63][110592]
    Service c:\program files\common files\arcsoft\connection service\bin\acservice.exe[31874766d7babccf8e378e2adb7ecdc6][109056]
    Service c:\program files\common files\intervideo\regmgr\iviregmgr.exe[213822072085b5bbad9af30ab577d817][112152]
    Service c:\program files\common files\microsoft shared\source engine\ose.exe[7a56cf3e3f12e8af599963b16f50fb6a][89136]
    Service c:\program files\common files\softwin\bitdefender communicator\xcommsvr.exe [5dc7b7f1dd7b9ed4066a6b065f0ce329][86016]
    Service c:\program files\common files\softwin\bitdefender scan server\bdss.exe [9ea18931c1e9e29d27b9dfbe60278477][81920]
    Service c:\program files\common files\softwin\bitdefender update service\livesrv.exe [4ebbc3d88ec7fd5ee60edc7ba3c9433e][278528]
    Service c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe[2698cd77f4d73ea7988f0bc63de8e3d6][1174152]
    Service c:\program files\google\common\google updater\googleupdaterservice.exe[1bf044e23206fddc16891a32922d571b][137200]
    Service c:\program files\pc connectivity solution\servicelayer.exe[019ab047b932ad277a4da2673e5cc19c][300544]
    Service c:\program files\softwin\bitdefender10\vsserv.exe [1cc4d4287c7f5eac453f33c7db24455c][466944]
    Service c:\program files\windows live\installer\wlsetupsvc.exe[94a85e956a065e23e0010a6a7826243b][266240]
    Service c:\program files\windows live\messenger\usnsvc.exe[9d19b042a4fd5c02195071ea2fe0c821][98328]
    Service c:\program files\windows media player\wmpnetwk.exe[acb2e63d50157e3ea7140f29d9e76a48][895488]
    Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[d3bf342f47996e18490970fcfb8126a8][59392]
    Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe[6d1d3cab85ba0c63cb83296a8a1825f9][741376]
    Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe[b418382de04ff58567aa07a2b66b2332][122880]
    Service c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe[7ef57375636991f794bf40b522a8e7ef][36864]
    Service c:\windows\servicing\trustedinstaller.exe[34e388a395fedba1d0511ed39bbf4074][27136]
    Service c:\windows\system32\alg.exe[e69fb0e3112c40fdc0ef7d21a52dc951][58880]
    Service c:\windows\system32\dfsr.exe[e0d584aa76c7d845ba9f3a788260528f][2089984]
    Service c:\windows\system32\dllhost.exe [be01e566d1f569aab32d0335613e1eea][7168]
    Service c:\windows\system32\drivers\xaudio.exe[28dc5d626e036a75a572556f0a6eb1f6][386560]
    Service c:\windows\system32\locator.exe[5123f83cbc4349d065534eeb6bbdc42b][7680]
    Service c:\windows\system32\lsass.exe[6a0e382e74280e4cc0df17fe2661d003][7680]
    Service c:\windows\system32\msdtc.exe[bc64a92d821efea8bab8e8caf1b668bc][106496]
    Service c:\windows\system32\pastisvc.exe[ed78dfad8efcdfbc89500492c4d14645][53248]
    Service c:\windows\system32\searchindexer.exe [5de40982e3ae45dc00586a93637b351b][287744]
    Service c:\windows\system32\slsvc.exe[a1dcd30534835cb67733ad00175125a6][2605568]
    Service c:\windows\system32\snmptrap.exe[2a146a055b4401c16ee62d18b8e2a032][12800]
    Service c:\windows\system32\spoolsv.exe[da612ef2556776df2630b68bf2d48935][124928]
    Service c:\windows\system32\svchost.exe [10da15933d582d2fedcf705efe394b09][22016]
    Service c:\windows\system32\ui0detect.exe[24a333f4f14dcfb6ff6d5a1b9e5d79dd][35840]
    Service c:\windows\system32\vds.exe[c9d0bafee0d0a2681f048ca61bc0da96][392704]
    Service c:\windows\system32\vssvc.exe[e0e29d9ef2524abd11749c7c2fd7f607][924160]
    Service c:\windows\system32\wbem\wmiapsrv.exe[a279323bee5fffafda222910bce92132][137216]
    Startup c:\program files\adobe\reader 8.0\reader\adobecollabsync.exe[169c293ce9460a05646d17dc6aa2fb2c][734872]
    Startup c:\program files\adobe\reader 8.0\reader\reader_sl.exe[54c88bfbd055621e2306534f445c0c8d][40048]
    Startup c:\program files\kodak\kodak easyshare software\bin\easyshare.exe[e188695d1893591b21da95f5ab3c9ae3][282624]
    Startup c:\program files\microsoft office\office\osa9.exe[2ffa2696472c004f1f89c183da953aae][65588]
    Startup c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini[7f1698bab066b764a314a589d338daae][174]
    Startup c:\users\hélène\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini[7f1698bab066b764a314a589d338daae][174]
    System.ini c:\windows\system32\drivers\xaudio.exe[28dc5d626e036a75a572556f0a6eb1f6][386560]

    Startup folder: (6)
    Startup name: desktop.ini
    Command: C:\Users\Hélène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    Startup name: Adobe Reader Synchronizer.lnk
    Command: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    Startup name: desktop.ini
    Command: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    Startup name: Lancement rapide d'Adobe Reader.lnk
    Command: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    Startup name: Logiciel Kodak EasyShare.lnk
    Command: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    Startup name: Microsoft Office.lnk
    Command: C:\Program Files\Microsoft Office\Office\OSA9.EXE

    Win.ini Startup: (2)
    Path: device=vm/gvcrhvci6zmjnzbm6vci9zss=
    Path: device2=vm/gvcrhvci6zmjnzbm6vci9zss=

    Win.ini Startup: (1)
    Path: No additional driver found!

    Keyboard drivers: (1)
    Name: No Keyboard Filter driver found!

    Services: (139)
    Service Name: Accès du périphérique d'interface utilisateur [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Acquisition d'image Windows (WIA) [Running],
    Path: C:\Windows\system32\svchost.exe -k imgsvc
    Service Name: Agent de protection d’accès réseau [Stopped],
    Path: C:\Windows\System32\svchost.exe -k NetworkService
    Service Name: Agent de stratégie IPsec [Running],
    Path: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    Service Name: Appel de procédure distante (RPC) [Running],
    Path: C:\Windows\system32\svchost.exe -k rpcss
    Service Name: Apple Mobile Device [Running],
    Path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    Service Name: Application système COM+ [Stopped],
    Path: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Service Name: ArcSoft Connect Daemon [Running],
    Path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    Service Name: Assistance IP [Running],
    Path: C:\Windows\System32\svchost.exe -k NetSvcs
    Service Name: Assistance NetBIOS sur TCP/IP [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Audio Windows [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: BitDefender Communicator [Running],
    Path: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
    Service Name: BitDefender Desktop Update Service [Running],
    Path: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
    Service Name: BitDefender Scan Server [Running],
    Path: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
    Service Name: BitDefender Virus Shield [Running],
    Path: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
    Service Name: Cache de police de Windows Presentation Foundation 3.0.0.0 [Stopped],
    Path: C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    Service Name: Carte à puce [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Carte de performance WMI [Stopped],
    Path: C:\Windows\system32\wbem\WmiApSrv.exe
    Service Name: Centre de sécurité [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Cliché instantané de volume [Stopped],
    Path: C:\Windows\system32\vssvc.exe
    Service Name: Client de stratégie de groupe [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Client de suivi de lien distribué [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Client DHCP [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Client DNS [Running],
    Path: C:\Windows\system32\svchost.exe -k NetworkService
    Service Name: Collecteur d'événements de Windows [Stopped],
    Path: C:\Windows\system32\svchost.exe -k NetworkService
    Service Name: Configuration automatique de réseau câblé [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Configuration des services Terminal Server [Stopped],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Connaissance des emplacements réseau [Running],
    Path: C:\Windows\System32\svchost.exe -k NetworkService
    Service Name: Connexions réseau [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Contrôle parental [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Coordinateur de transactions distribuées [Stopped],
    Path: C:\Windows\System32\msdtc.exe
    Service Name: Découverte SSDP [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Détection de services interactifs [Stopped],
    Path: C:\Windows\system32\UI0Detect.exe
    Service Name: Détection matériel noyau [Running],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Disque virtuel [Stopped],
    Path: C:\Windows\System32\vds.exe
    Service Name: Emplacement protégé [Stopped],
    Path: C:\Windows\system32\lsass.exe
    Service Name: Énumérateur de bus IP PnP-X [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Expérience audio-vidéo haute qualité Windows [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Expérience d’application [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Explorateur d'ordinateurs [Stopped],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Fournisseur de cliché instantané de logiciel Microsoft [Stopped],
    Path: C:\Windows\System32\svchost.exe -k swprv
    Service Name: Fujitsu Siemens Computers Diagnostic Testhandler [Running],
    Path: C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    Service Name: Générateur de points de terminaison du service Audio Windows [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Gestion à distance de Windows (Gestion WSM) [Stopped],
    Path: C:\Windows\System32\svchost.exe -k NetworkService
    Service Name: Gestion des clés et des certificats d'intégrité [Stopped],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Gestionnaire de comptes de sécurité [Running],
    Path: C:\Windows\system32\lsass.exe
    Service Name: Gestionnaire de connexion automatique d'accès distant [Stopped],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Gestionnaire de connexions d'accès distant [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Gestionnaire de sessions du Gestionnaire de fenêtrage [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Gestionnaire d'identité réseau homologue [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Google Updater Service [Stopped],
    Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    Service Name: Groupement de mise en réseau de pairs [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Horloge Windows [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Hôte de périphérique UPnP [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Hôte du fournisseur de découverte de fonctions [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Hôte système de diagnostics [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Informations d'application [Stopped],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Infrastructure de gestion Windows [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Interruption SNMP [Stopped],
    Path: C:\Windows\System32\snmptrap.exe
    Service Name: Isolation de clé CNG [Running],
    Path: C:\Windows\system32\lsass.exe
    Service Name: IviRegMgr [Running],
    Path: C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    Service Name: Journal d’événements Windows [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Journaux & alertes de performance [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    Service Name: Lanceur de processus serveur DCOM [Running],
    Path: C:\Windows\system32\svchost.exe -k DcomLaunch
    Service Name: Licence du logiciel [Running],
    Path: C:\Windows\system32\SLsvc.exe
    Service Name: Localisateur d'appels de procédure distante (RPC) [Stopped],
    Path: C:\Windows\system32\locator.exe
    Service Name: Mappage de découverte de topologie de la couche de liaison [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalService
    Service Name: Microsoft .NET Framework NGEN v2.0.50727_X86 [Stopped],
    Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Service Name: Modules de génération de clés IKE et AuthIP [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Moteur de filtrage de base [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    Service Name: Netlogon [Stopped],
    Path: C:\Windows\system32\lsass.exe
    Service Name: NMIndexingService [Stopped],
    Path: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
    Service Name: Office Source Engine [Stopped],
    Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    Service Name: Ouverture de session secondaire [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Pare-feu Windows [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    Service Name: Partage de connexion Internet (ICS) [Stopped],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Planificateur de classes multimédias [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Planificateur de tâches [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Planificateur LiveUpdate automatique [Stopped],
    Path: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    Service Name: Plug-and-Play [Running],
    Path: C:\Windows\system32\svchost.exe -k DcomLaunch
    Service Name: Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration [Stopped],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Programme d’installation de modules Windows [Stopped],
    Path: C:\Windows\servicing\TrustedInstaller.exe
    Service Name: Propagation du certificat [Stopped],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Protocole de résolution de noms d'homologues [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Protocole EAP (Extensible Authentication Protocol) [Running],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Publication des ressources de découverte de fonctions [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Recherche Windows [Running],
    Path: C:\Windows\system32\SearchIndexer.exe /Embedding
    Service Name: Registre à distance [Stopped],
    Path: C:\Windows\system32\svchost.exe -k regsvc
    Service Name: Réplication DFS [Stopped],
    Path: C:\Windows\system32\DFSR.exe
    Service Name: Routage et accès distant [Stopped],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Sauvegarde Windows [Stopped],
    Path: C:\Windows\system32\svchost.exe -k SDRSVC
    Service Name: Serveur [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Serveur de priorités des threads [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Service Bonjour [Running],
    Path: "C:\Program Files\Bonjour\mDNSResponder.exe"
    Service Name: Service de configuration automatique WLAN [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Service de découverte automatique de Proxy Web pour les services HTTP Windows [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Service de l’Assistant Compatibilité des programmes [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Service de la passerelle de la couche Application [Stopped],
    Path: C:\Windows\System32\alg.exe
    Service Name: Service de notification d’événements système [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Service de notification de l’interface utilisateur SL [Stopped],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Service de partage de ports Net.Tcp [Stopped],
    Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
    Service Name: Service de profil utilisateur [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Service de publication des noms d’ordinateurs PNRP [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    Service Name: Service de rapport d'erreurs Windows [Running],
    Path: C:\Windows\System32\svchost.exe -k WerSvcGroup
    Service Name: Service de stratégie de diagnostic [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    Service Name: Service de transfert intelligent en arrière-plan [Running],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: Service Énumérateur d’appareil mobile [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Service hôte WDIServiceHost [Stopped],
    Path: C:\Windows\System32\svchost.exe -k wdisvc
    Service Name: Service Initiateur iSCSI de Microsoft [Stopped],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Service Interface du magasin réseau [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Service KtmRm pour Distributed Transaction Coordinator [Running],
    Path: C:\Windows\System32\svchost.exe -k NetworkService
    Service Name: Service Liste des réseaux [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalService
    Service Name: Service Messenger Sharing Folders USN Journal Reader [Stopped],
    Path: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
    Service Name: Service Panneau de saisie Tablet PC [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Service Partage réseau du Lecteur Windows Media [Stopped],
    Path: "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    Service Name: Service ReadyBoost [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: ServiceLayer [Running],
    Path: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
    Service Name: Services de base de module de plateforme sécurisée [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalService
    Service Name: Services de chiffrement [Running],
    Path: C:\Windows\system32\svchost.exe -k NetworkService
    Service Name: Services Terminal Server [Running],
    Path: C:\Windows\System32\svchost.exe -k NetworkService
    Service Name: Spouleur d'impression [Running],
    Path: C:\Windows\System32\spoolsv.exe
    Service Name: Station de travail [Running],
    Path: C:\Windows\System32\svchost.exe -k LocalService
    Service Name: STI Simulator [Running],
    Path: C:\Windows\System32\PAStiSvc.exe
    Service Name: Stratégie de retrait de la carte à puce [Stopped],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: Superfetch [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Symantec Core LC [Stopped],
    Path: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
    Service Name: Système de couleurs Windows [Stopped],
    Path: C:\Windows\system32\svchost.exe -k wcssvc
    Service Name: Système d'événement COM+ [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Téléphonie [Running],
    Path: C:\Windows\System32\svchost.exe -k NetworkService
    Service Name: Thèmes [Running],
    Path: C:\Windows\System32\svchost.exe -k netsvcs
    Service Name: WebClient [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalService
    Service Name: Windows CardSpace [Stopped],
    Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
    Service Name: Windows Connect Now - Registre de configuration [Stopped],
    Path: C:\Windows\System32\svchost.exe -k LocalService
    Service Name: Windows Defender [Running],
    Path: C:\Windows\System32\svchost.exe -k secsvcs
    Service Name: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur [Running],
    Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    Service Name: Windows Installer [Stopped],
    Path: C:\Windows\system32\msiexec /V
    Service Name: Windows Live Setup Service [Stopped],
    Path: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
    Service Name: Windows Update [Running],
    Path: C:\Windows\system32\svchost.exe -k netsvcs
    Service Name: XAudioService [Running],
    Path: C:\Windows\system32\DRIVERS\xaudio.exe
    Finished..
    0
  16. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    A -t-il trouvé des virsu?
    0
  17. elle974 Messages postés 15 Statut Membre
     
    Non, je crois qu'il m'a dit que mon ordi était "clean" à la fin du scann...il n'y a aucun fichier en quarantaine non plus!
    0
  18. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ok maintenant ceci afin de m'assurer qu'il n'y a plus de virus sur ton pc :

    Fais un scan en ligne avec Internet explorer
    Rend toi sur ce site : https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

    Voici un tutoriel
    0
    1. elle974 Messages postés 15 Statut Membre
       
      c'est écrit: VOUS ETES INFECTES! encore un problème?


      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2009-03-24 23:58:49
      PROTECTIONS: 4
      MALWARE: 3
      SUSPECTS: 0
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      Bitdefender Antivirus 8.0 Yes Yes
      BitDefender Antispyware 8.0 No Yes
      Windows Defender 1.1.1505.0 No Yes
      SUPERAntiSpyware 4, 25, 0, 1014 No Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.doubleclick.net/]
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.xiti.com/]
      02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Users\Hélène\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\caa36ac-44e8944a
      02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Users\Hélène\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7af974d4-4d89b200
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location ��K��39�
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description ��K��39�
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
  19. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    il n'y a que ces 2 là :

    02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Users\Hélène\AppData\LocalLow\Sun\Java\Deployment\cache\6­.0\44\caa36ac-44e8944a
    02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Users\Hélène\AppData\LocalLow\Sun\Java\Deployment\cache\6­.0\20\7af974d4-4d89b200

    Fait un coup de ccleaner registre et analyse pc. puis ensuite refais l'analyse panda. Merci.
    0
  20. elle974 Messages postés 15 Statut Membre
     
    Je suis encore infectée!!

    Pourrais tu détailler les démarches que je dois faire sur ccleaner, STP??

    voici le rapport:

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-03-25 08:08:01
    PROTECTIONS: 4
    MALWARE: 7
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Bitdefender Antivirus 8.0 Yes Yes
    BitDefender Antispyware 8.0 No Yes
    Windows Defender 1.1.1505.0 No Yes
    SUPERAntiSpyware 4, 25, 0, 1014 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.doubleclick.net/]
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.doubleclick.net/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.atdmt.com/]
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Microsoft\Windows\Cookies\hélène@mediaplex[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.xiti.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.advertising.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Hélène\AppData\Roaming\Mozilla\Firefox\Profiles\rolxb7sp.default\cookies.txt[.smartadserver.com/]
    02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Users\Hélène\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7af974d4-4d89b200
    02947949 Exploit/ByteVerify HackTools No 0 Yes No C:\Users\Hélène\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\caa36ac-44e8944a
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location �F���39�
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description �F���39�
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  • 1
  • 2