StealthSWs114.h!dll

Résolu
GPAT Messages postés 20 Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
bonjour, le titre du message indique le problème. Je suis néophite, voire nul: NORTON 2004 régulièrement mis à jour, SPYBOT, rien n'y fait. GOOGLE m'a renvoyé sur votre site que je découvre: la lecture des aides aux messages identiques m'a permis d'utiliser HijackThis dont le log est joint: trop complexe pour moi: je crois comprendre que certaines instructions ne devraient pas figurer et indiquent des connexions non maîtrisées...Pouvez vous m'aider SVP, de manière simple? Merci beaucoup. Pardonnez moi si je commets quelques erreurs d'utilisation du forum: manque d'habitude!

Logfile of HijackThis v1.99.1
Scan saved at 17:39:48, on 29/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7EG6JLWE\HijackThis[1].exe
C:\WINDOWS\system32\ntvdm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpBB80.tmp
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

22 réponses

  • 1
  • 2
Résumé de la discussion

Le problème central concerne une infection sur Windows XP où Norton Internet Security et Spybot ne suffisent pas à éliminer les éléments indésirables, d'où l'utilisation de HijackThis pour analyser le système. La meilleure intention est d'exécuter HijackThis en mode scan-only, puis de cocher et fixer les entrées problématiques listées, notamment des R1 et O3, et de supprimer des composants tels que ALCXMNTR.EXE. Des étapes complémentaires recommandent ensuite d'exécuter des outils comme ewido et CCleaner, puis d'effectuer un balayage en ligne (BitDefender) et, si nécessaire, d'analyser les rapports pour repérer d'autres traces.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    belle infection !!!

    commence par ceci stp :

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.
    ----------------------------------------------------------------------------
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

    a+

    ***Le deuxieme mot le plus important apres Aimer, c'est Aider! ...***
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Ô merci Green Day: le pop up infernal m'avertissant d'infection avec renvoi sur un site commercial d'anti-virus s'est éteint. Ceci dit, quand j'ai lancé Smitfraudfix, Norton n'a pas aimé du tout. Peut être n'ai je pas utilisé la bonne commande? J'ai utilisé le script de commande (414 kO): Ci dessous le premier rapport, suivi du deuxième:
      SmitFraudFix v2.37

      Rapport fait à 0:00:25,15, 30/04/2006
      Executé à partir de C:\Program Files\SMITFRAUDFIX\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600]

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\d3??.dll PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

      C:\WINDOWS\system32\dcomcfg.exe PRESENT !
      C:\WINDOWS\system32\dfrgsrv.exe PRESENT !
      C:\WINDOWS\system32\hp????.tmp PRESENT !
      C:\WINDOWS\system32\ld????.tmp PRESENT !
      C:\WINDOWS\system32\ncompat.tlb PRESENT !
      C:\WINDOWS\system32\ot.ico PRESENT !
      C:\WINDOWS\system32\simpole.tlb PRESENT !
      C:\WINDOWS\system32\sivudro.dll PRESENT !
      C:\WINDOWS\system32\stdole3.tlb PRESENT !
      C:\WINDOWS\system32\1024\ PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»»


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

      C:\Program Files\SpywareQuake.com\ PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!! Attention, les clés qui suivent ne sont pas forcément infectées !!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}"="SivuWare"

      [HKEY_CLASSES_ROOT\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32]
      @="C:\WINDOWS\system32\sivudro.dll"

      [HKEY_CURRENT_USER\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32]
      @="C:\WINDOWS\system32\sivudro.dll"


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin


      Deuxième rapport:

      SmitFraudFix v2.37

      Rapport fait à 0:09:55,06, 30/04/2006
      Executé à partir de C:\Program Files\SMITFRAUDFIX\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600]

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

      C:\WINDOWS\d3??.dll supprimé
      C:\WINDOWS\system32\dcomcfg.exe supprimé
      C:\WINDOWS\system32\dfrgsrv.exe supprimé
      C:\WINDOWS\system32\hp????.tmp supprimé
      C:\WINDOWS\system32\ld????.tmp supprimé
      C:\WINDOWS\system32\ncompat.tlb supprimé
      C:\WINDOWS\system32\ot.ico supprimé
      C:\WINDOWS\system32\simpole.tlb supprimé
      C:\WINDOWS\system32\sivudro.dll supprimé
      C:\WINDOWS\system32\stdole3.tlb supprimé
      C:\WINDOWS\system32\1024\ supprimé
      C:\Program Files\SpywareQuake.com\ supprimé

      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      Le problème est-il complètement réglé?

      autre problème récurrent: au démarrage de windows, j'ai le message suivant: erreur de chargement p2esocks_1021.dll: je réponds OK, et je n'ai jamais rien constaté!

      Encore merci pour l'aide: il est tard: dodo
      Reconnexion: 01/05/06 #19H

      Bonne nuit, bon WE, MERCI pour tout!
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    as tu un parfeu ???

    autre problème récurrent: au démarrage de windows, j'ai le message suivant: erreur de chargement p2esocks_1021.dll: je réponds OK, et je n'ai jamais rien constaté!

    oui c'est le très connu trojan Instant Access

    d'ailleurs, on le voit très bien dans le hijackthis :

    [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess

    reste de l'infection ...

    #Désactiver la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    ensuite : "peti" nettoyage

    télécharge ceci :

    1) Ad-Aware (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

    2) Le patch en Français pour Ad-Aware (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

    tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/AdAware/AdAware.htm

    3) Spybot (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

    tuto : (merci à Ballatrap )
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    4) A-squared (nécéssite un enregistrement gratuit en ligne pour obtenir la clé d'activation) :
    https://www.emsisoft.com/fr/

    5) Ewido (gratuit) :
    https://www.avg.com/en-ww/free-antivirus-download

    fais un copier/coller du rapport ici stp

    tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/Ewido/

    6) CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

    tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm

    mets tout à jour,lance les scans en mode sans echec : pour cela redemarre en appuillant sur le touche F8 ou F5

    puis :

    *Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

    *Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
    est cochée) puis clique sur "lancer le nettoyage"

    https://www.01net.com/404/

    tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    et enfin reposte un nouveau hijackthis stp

    bon courage, @+

    ***Le deuxieme mot le plus important apres Aimer, c'est Aider! ...***
    0
  3. GPAT Messages postés 20 Statut Membre 4
     
    Bonsoir Green Day
    as tu reçu mon message (très long) de ce matin?
    Sinon je recommence un copié collé (très très long) des différents rapports.
    Y a-t-il une limitation en taille des messages

    @+

    Merci
    0
    1. Utilisateur anonyme
       
      Salut,

      met juste le rapport d'ewido avec un nouveau rapport hijackthis ça suffira ;-)
      0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut à vous

    Gpat : non je n'ai pas recu de message ???

    tu l'as envoyé/posté où ???

    ++
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Bonjour Green Day
      La valeur n'attend pas le nombre des années....

      j'ai essayé de t'envoyer les logs des différents scan, avant et après nettoyage: je crois que c'était tellement gros que ça n'a pas marché. Boulepat62 m'a conseillé de faire un Highjack et Ewido et de l'envoyer: ce que je fais ci-dessous. Je constate que chaque scan trouve son lot de pb (parfois par millier d'occurences...), fait ce qu'il peut, mais il en reste toujours: ex p2esocks_1021.dll est toujours là!
      Dans l'ordre: parfeu: en principe (!!) j'en ai un: j'ai un modem routeur Linksys sans fil WAG354G, dont on m'a dit qu'il est intégré(??): aussi ai-je déconnecté le parefeu WINDOWS.

      J'ai ensuite procédé dans l'ordre que tu m'as indiqué, et j'ai cru comprendre que les premiers scan devaient se faire en mode normal (et pas sans échec): ce fut long!!! au passage SPYBOT s'arrête au 1/4 de la recherche; je suis ensuite repassé en mode sans échec, et ai recommencé les scans: Spybot fonctionne (!!?)



      Scan Results:
      scan start: 05/05/2006 02:03:16
      scan stop: 05/05/2006 02:26:35
      scanned items: 143512
      found items: 217
      found and ignored: 0
      tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



      Infection Name Location Risk
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I## High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstance High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000## High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Service High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Legacy High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlags High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Class High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUID High
      CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDesc High
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402} Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}## Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid## Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32 Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32## Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib## Elevated
      RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Version Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B} Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}## Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid## Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32 Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32## Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib## Elevated
      Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Version Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3} Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}## Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid## Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32 Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32## Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib## Elevated
      Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Version Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B} Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}## Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid## Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32 Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32## Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib## Elevated
      Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Version Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3} Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}## Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid## Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32 Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32## Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib## Elevated
      Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Version Elevated
      Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta High
      Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta## High
      PSGuard Desktop Hijacker C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url High
      Instant Access C:\WINDOWS\Downloaded Program Files\EGAUTH.inf High
      Instant Access C:\WINDOWS\system32\eglivecam_1030.dll High
      Backdoor.Agobot C:\WINDOWS\system32\winhl32.exe High
      Instant Access C:\WINDOWS\tmlpcert2005 High
      CWS C:\WINDOWS\ajele.dat High
      CWS C:\WINDOWS\aqgvi.dat High
      CWS C:\WINDOWS\ayzfc.dat High
      CWS C:\WINDOWS\bibcc.dat High
      CWS C:\WINDOWS\bmfuo.dat High
      CWS C:\WINDOWS\brlil.dat High
      CWS C:\WINDOWS\buiot.dat High
      CWS C:\WINDOWS\byivh.dat High
      CWS C:\WINDOWS\cacon.dat High
      CWS C:\WINDOWS\ccrju.dat High
      CWS C:\WINDOWS\cegur.dat High
      CWS C:\WINDOWS\crzmu.dat High
      CWS C:\WINDOWS\cteax.dat High
      CWS C:\WINDOWS\czzis.dat High
      CWS C:\WINDOWS\elqyf.dat High
      CWS C:\WINDOWS\erpsj.dat High
      CWS C:\WINDOWS\errdi.dat High
      CWS C:\WINDOWS\fffbl.dat High
      CWS C:\WINDOWS\fknrn.dat High
      CWS C:\WINDOWS\gwivm.dat High
      CWS C:\WINDOWS\gxbup.dat High
      CWS C:\WINDOWS\hlaoq.dat High
      CWS C:\WINDOWS\hmweo.dat High
      CWS C:\WINDOWS\imeep.dat High
      CWS C:\WINDOWS\ixwkd.dat High
      CWS C:\WINDOWS\jbdxh.dat High
      CWS C:\WINDOWS\jefha.dat High
      CWS C:\WINDOWS\jfrog.dat High
      CWS C:\WINDOWS\jkclk.dat High
      CWS C:\WINDOWS\jkmhg.dat High
      CWS C:\WINDOWS\jqydf.dat High
      CWS C:\WINDOWS\kalov.dat High
      CWS C:\WINDOWS\kdkxt.dat High
      CWS C:\WINDOWS\kenpa.dat High
      CWS C:\WINDOWS\klvyg.dat High
      CWS C:\WINDOWS\laejt.dat High
      CWS C:\WINDOWS\lnqtx.dat High
      CWS C:\WINDOWS\lxzgq.dat High
      CWS C:\WINDOWS\mhenz.dat High
      CWS C:\WINDOWS\msijy.dat High
      CWS C:\WINDOWS\mzxfs.dat High
      CWS C:\WINDOWS\ncrmc.dat High
      CWS C:\WINDOWS\nsxgh.dat High
      CWS C:\WINDOWS\pcpcf.dat High
      CWS C:\WINDOWS\porkw.dat High
      CWS C:\WINDOWS\ppdgn.dat High
      CWS C:\WINDOWS\qaicm.dat High
      CWS C:\WINDOWS\qguky.dat High
      CWS C:\WINDOWS\qpare.dat High
      CWS C:\WINDOWS\qzawp.dat High
      CWS C:\WINDOWS\rbnsz.dat High
      CWS C:\WINDOWS\rkmvx.dat High
      CWS C:\WINDOWS\safxn.dat High
      CWS C:\WINDOWS\sgyiv.dat High
      CWS C:\WINDOWS\tqtsq.dat High
      CWS C:\WINDOWS\uvwdp.dat High
      CWS C:\WINDOWS\uzcpz.dat High
      CWS C:\WINDOWS\vqcre.dat High
      CWS C:\WINDOWS\vxrub.dat High
      CWS C:\WINDOWS\wfpde.dat High
      CWS C:\WINDOWS\wnltn.dat High
      CWS C:\WINDOWS\wypgg.dat High
      CWS C:\WINDOWS\xfasd.dat High
      CWS C:\WINDOWS\xqimy.dat High
      CWS C:\WINDOWS\yeuxy.dat High
      CWS C:\WINDOWS\ypbsp.dat High
      CWS C:\WINDOWS\yypyf.dat High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}## High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data## High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0 High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2 High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32 High
      CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32## High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}## High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data## High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0 High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2 High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32 High
      CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32## High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}## High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data## High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0 High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2 High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32 High
      CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32## High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}## High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data## High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0 High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2 High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32 High
      CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32## High
      CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} High
      CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}## High
      CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data High
      CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data## High
      CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32 High
      CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32## High
      CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} High
      CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}## High
      CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data High
      CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data## High
      CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32 High
      CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponent High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##Installer High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dll High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dll High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASE High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INF High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModified High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C} High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponent High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}##Installer High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dll High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASE High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INF High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion## High
      Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModified High
      Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459} High
      Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}## High
      Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32 High
      Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32## High
      Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModel High
      Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459} High
      Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}## High
      Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32 High
      Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32## High
      Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModel High

      ci-dessous ewido:

      ---------------------------------------------------------
      ewido anti-malware - Rapport de scan
      ---------------------------------------------------------

      + Créé le: 09:54:27, 06/05/2006
      + Somme de contrôle: C4996528

      + Résultats du scan:

      C:\Documents and Settings\Propriétaire\Cookies\propriétaire@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder


      ::Fin du rapport



      J'ai gardé les autres scans: je peux les envoyer dans l'ordre que tu souhaites

      Petite remarque: depuis ces nettoyages, linksys a du mal à trouver une adresse IP: connexion très longue à se faire.

      Comment faire pour ne plus être infecté sans maîtriser quoi que ce soit, et sans t'embêter???

      @+

      Bon WE
      0
      1. Utilisateur anonyme > GPAT Messages postés 20 Statut Membre
         
        Salut,

        le premier scan c'est un scan de quel logiciel ?

        fait ce scan anti-virus en ligne enregistre et colle le rapport ici avec un nouveau rapport hijackthis une fois que le scan est terminé

        http://www.bitdefender.fr/scan8/ie.html
        0
      2. GPAT Messages postés 20 Statut Membre 4 > Utilisateur anonyme
         
        Salut Boulepate, et Green Day

        Encore merci de votre contribution, et j'ai l'impression qu'il faut beaucoup de docteurs pour éliminer mes virus!.....c'est désespérant!

        2ième tentative d'ajout depuis 24H!!!

        Ci-dessous les logs demandés par Boulepate: comme d'hab, je comprends que c'est infecté, mais rien n'érradique! Bon courage pour l'interprétation: cela me dépasse!

        Les logs sont dans l'ordre demandé:

        <HTML>
        <HEAD>
        <TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
        <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
        </HEAD>
        <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


        <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
        <tr>
        <td width="458">
        <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>
        <tr>
        <td colspan="3" width="912">
        <p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sun, May 07, 2006 - 15:28:11</b></span></font></p>
        </td>
        </tr>

        <tr>
        <td width="458">
        <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>

        <tr>
        <td width="458">
        <p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>

        <tr>
        <td width="458">
        <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>

        <tr>
        <td width="458">
        <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
        <tr>
        <td width="451" colspan="2" bgcolor="#CCCCCC">
        <p><font face="Arial" size="2"><B>Statistiques</b></font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Temps</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">01:45:43</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Fichiers</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">569821</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Directoires</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">6814</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Secteurs de boot</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">3</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Archives</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">21776</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Paquets programmes</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">67987</font></p>
        </td>
        </tr>
        </table>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>



        <tr>
        <td width="458">
        <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
        <tr>
        <td width="451" colspan="2" bgcolor="#CCCCCC">
        <p><font face="Arial" size="2"><B>Résultats</b></font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Virus identifiés</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">23</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Fichiers infectés</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">192</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Fichiers suspects</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">0</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Avertissements</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">0</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Désinfectés</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">0</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Fichiers effacés</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">243</font></p>
        </td>
        </tr>
        </table>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>

        <tr>
        <td width="458">
        <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
        <tr>
        <td width="451" colspan="2" bgcolor="#CCCCCC">
        <p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Définition virus</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">373676</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Version des moteurs</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Analyse des plugins</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">13</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Archive des plugins</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">39</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Unpack des plugins</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">4</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">E-mail plugins</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">6</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Système plugins</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">1</font></p>
        </td>
        </tr>
        </table>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>

        <tr>
        <td width="458">
        <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
        <tr>
        <td width="451" colspan="2" bgcolor="#CCCCCC">
        <p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Première action</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Désinfecté</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Seconde Action</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Heuristique</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Oui</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Acceptez les avertissements</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Oui</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Extensions analysées</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">*;</font></p>
        </td>
        </tr>

        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Excludez les extensions</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2"> </font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Analyse d'emails</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Oui</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Analyse des Archives</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Oui</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Analyser paquets programmes</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Oui</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Analyse des fichiers</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Oui</font></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">Analyse de boot</font></p>
        </td>
        <td width="43%" align="right">
        <p><font face="Arial" size="2">Oui</font></p>
        </td>
        </tr>
        </table>
        </td>
        <td width="40%">
        <p> </p>
        </td>
        <td width="10%">
        <p> </p>
        </td>
        </tr>

        <tr>
        <td colspan=2>  
        <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
        <tr>
        <td width="252" bgcolor="#CCCCCC">
        <p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
        </td>
        <td width="195" bgcolor="#CCCCCC" align="right">
        <p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
        </td>
        </tr>
        <tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0597318A</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0597318A</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\08F463D6=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Bagle.AX@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\08F463D6=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0928039D</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0928039D</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0938558B=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Bagle.AX@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0938558B=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.V</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.HR</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.B</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\132122C2=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.ClassLoader.D</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\132122C2=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\133122A8.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\133122A8.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.V</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25D0779F</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25D0779F</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25E177E7</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25E177E7</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\26AB6F97</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\26AB6F97</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\28B70281</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\28B70281</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Exploit.Html.MhtRedir.Gen</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F21BD.dll=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Wintrim.CB</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F21BD.dll=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Dialer.FU</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Exploit.Html.MhtRedir.Gen</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Echec de la désinfection</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Supprimé</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Mis à jour</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
        </td>
        <td width="43%" align="left">
        <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
        </td>
        </tr><tr>
        <td width="57%">
        <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Bonjour,

    Pour avancer Mlle Green Day et Boulepate, que je salue au passge, merci de refaire un hijackthis et de coller le rapport ici.

    Bon courage à tous.

    A+
    0
  7. GPAT Messages postés 20 Statut Membre 4
     
    Bonjour à tous, Dont Incognito:

    Ci-joint le log de Spyware doctor (highjack?).
    Il faut noter qu'à la fin du scan, il y a un pgm "résident" qui dit refuser les modifications de spyware doctor: je comprends que les pgm se marchent sur les pieds: que fait on dans ce cas là?

    Spyware Doctor ReportSpyware Doctor Activity Report
    Generated on 07/05/2006 15:47:06Spyware Doctor HomepagePC
    Tools HomepageTechnical Support

    Scans (basic information only):

    Scan Results:
    scan start:07/05/2006 15:49:26
    scan stop:07/05/2006 16:01:44
    scanned items:145080
    found items:239
    found and ignored:0
    tools used:General Scanner, Process Scanner, LSP
    Scanner, Startup Scanner, Registry Scanner,
    Hosts Scanner, Browser Scanner, Browser Activity
    Scanner, Disk Scanner, ActiveX Scanner

    Infection NameLocationRisk
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
    Instant
    AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
    AccessHigh
    IST Unknown
    VariantHKCU\software\microsoft\windows\currentversion\run##start
    wingman profilerMedium
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
    Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
    Helper ObjectaHigh
    Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
    Helper Objecta##High
    Known Bad SitesC:\Documents and
    Settings\Propriétaire\Favoris\antivirus test
    online.urlHigh
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@2o7[2].txtLow
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@opodo.122.2o7[1].txtLow
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@xiti[1].txtLow
    AdvertisingC:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@overture[1].txtLow
    PSGuard Desktop HijackerC:\Documents and Settings\All
    Users\Menu Démarrer\Security Troubleshooting.urlHigh
    PSGuard Desktop HijackerC:\Documents and
    Settings\Propriétaire\Favoris\Antivirus Test
    Online.urlHigh
    Kazaa Promotional ItemsC:\Documents and
    Settings\Propriétaire\Menu Démarrer\Programs\Altnet\Peer
    Points Manager.lnkMedium
    Instant AccessC:\WINDOWS\Downloaded Program
    Files\EGAUTH.infHigh
    Instant AccessC:\WINDOWS\system32\eglivecam_1030.dllHigh
    Backdoor.AgobotC:\WINDOWS\system32\winhl32.exeHigh
    Instant AccessC:\WINDOWS\tmlpcert2005High
    CWSC:\WINDOWS\ajele.datHigh
    CWSC:\WINDOWS\aqgvi.datHigh
    CWSC:\WINDOWS\ayzfc.datHigh
    CWSC:\WINDOWS\bibcc.datHigh
    CWSC:\WINDOWS\bmfuo.datHigh
    CWSC:\WINDOWS\brlil.datHigh
    CWSC:\WINDOWS\buiot.datHigh
    CWSC:\WINDOWS\byivh.datHigh
    CWSC:\WINDOWS\cacon.datHigh
    CWSC:\WINDOWS\ccrju.datHigh
    CWSC:\WINDOWS\cegur.datHigh
    CWSC:\WINDOWS\crzmu.datHigh
    CWSC:\WINDOWS\cteax.datHigh
    CWSC:\WINDOWS\czzis.datHigh
    CWSC:\WINDOWS\elqyf.datHigh
    CWSC:\WINDOWS\erpsj.datHigh
    CWSC:\WINDOWS\errdi.datHigh
    CWSC:\WINDOWS\fffbl.datHigh
    CWSC:\WINDOWS\fknrn.datHigh
    CWSC:\WINDOWS\gwivm.datHigh
    CWSC:\WINDOWS\gxbup.datHigh
    CWSC:\WINDOWS\hlaoq.datHigh
    CWSC:\WINDOWS\hmweo.datHigh
    CWSC:\WINDOWS\imeep.datHigh
    CWSC:\WINDOWS\ixwkd.datHigh
    CWSC:\WINDOWS\jbdxh.datHigh
    CWSC:\WINDOWS\jefha.datHigh
    CWSC:\WINDOWS\jfrog.datHigh
    CWSC:\WINDOWS\jkclk.datHigh
    CWSC:\WINDOWS\jkmhg.datHigh
    CWSC:\WINDOWS\jqydf.datHigh
    CWSC:\WINDOWS\kalov.datHigh
    CWSC:\WINDOWS\kdkxt.datHigh
    CWSC:\WINDOWS\kenpa.datHigh
    CWSC:\WINDOWS\klvyg.datHigh
    CWSC:\WINDOWS\laejt.datHigh
    CWSC:\WINDOWS\lnqtx.datHigh
    CWSC:\WINDOWS\lxzgq.datHigh
    CWSC:\WINDOWS\mhenz.datHigh
    CWSC:\WINDOWS\msijy.datHigh
    CWSC:\WINDOWS\mzxfs.datHigh
    CWSC:\WINDOWS\ncrmc.datHigh
    CWSC:\WINDOWS\nsxgh.datHigh
    CWSC:\WINDOWS\pcpcf.datHigh
    CWSC:\WINDOWS\porkw.datHigh
    CWSC:\WINDOWS\ppdgn.datHigh
    CWSC:\WINDOWS\qaicm.datHigh
    CWSC:\WINDOWS\qguky.datHigh
    CWSC:\WINDOWS\qpare.datHigh
    CWSC:\WINDOWS\qzawp.datHigh
    CWSC:\WINDOWS\rbnsz.datHigh
    CWSC:\WINDOWS\rkmvx.datHigh
    CWSC:\WINDOWS\safxn.datHigh
    CWSC:\WINDOWS\sgyiv.datHigh
    CWSC:\WINDOWS\tqtsq.datHigh
    CWSC:\WINDOWS\uvwdp.datHigh
    CWSC:\WINDOWS\uzcpz.datHigh
    CWSC:\WINDOWS\vqcre.datHigh
    CWSC:\WINDOWS\vxrub.datHigh
    CWSC:\WINDOWS\wfpde.datHigh
    CWSC:\WINDOWS\wnltn.datHigh
    CWSC:\WINDOWS\wypgg.datHigh
    CWSC:\WINDOWS\xfasd.datHigh
    CWSC:\WINDOWS\xqimy.datHigh
    CWSC:\WINDOWS\yeuxy.datHigh
    CWSC:\WINDOWS\ypbsp.datHigh
    CWSC:\WINDOWS\yypyf.datHigh
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponentHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##InstallerHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\ContainsHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\FilesHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dllHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dllHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformationHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASEHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INFHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersionHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModifiedHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponentHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}##InstallerHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\ContainsHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\FilesHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dllHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformationHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASEHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INFHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersionHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModifiedHigh
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated

    Scan Results:
    scan start:07/05/2006 19:00:02
    scan stop:07/05/2006 19:09:46
    scanned items:120934
    found items:241
    found and ignored:0
    tools used:General Scanner, Process Scanner, LSP
    Scanner, Startup Scanner, Registry Scanner,
    Hosts Scanner, Browser Scanner, Browser Activity
    Scanner, Disk Scanner, ActiveX Scanner

    Infection NameLocationRisk
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
    Instant
    AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
    AccessHigh
    IST Unknown
    VariantHKCU\software\microsoft\windows\currentversion\run##start
    wingman profilerMedium
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
    Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
    Helper ObjectaHigh
    Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
    Helper Objecta##High
    Known Bad SitesC:\Documents and
    Settings\Propriétaire\Favoris\antivirus test
    online.urlHigh
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@2o7[2].txtLow
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@cgi-bin[2].txtLow
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@opodo.122.2o7[1].txtLow
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@xiti[1].txtLow
    AdvertisingC:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@overture[2].txtLow
    Tracking Cookie(s)C:\Documents and
    Settings\Propriétaire\Cookies\propriétaire@estat[1].txtLow
    PSGuard Desktop HijackerC:\Documents and Settings\All
    Users\Menu Démarrer\Security Troubleshooting.urlHigh
    PSGuard Desktop HijackerC:\Documents and
    Settings\Propriétaire\Favoris\Antivirus Test
    Online.urlHigh
    Kazaa Promotional ItemsC:\Documents and
    Settings\Propriétaire\Menu Démarrer\Programs\Altnet\Peer
    Points Manager.lnkMedium
    Instant AccessC:\WINDOWS\Downloaded Program
    Files\EGAUTH.infHigh
    Instant AccessC:\WINDOWS\system32\eglivecam_1030.dllHigh
    Backdoor.AgobotC:\WINDOWS\system32\winhl32.exeHigh
    Instant AccessC:\WINDOWS\tmlpcert2005High
    CWSC:\WINDOWS\ajele.datHigh
    CWSC:\WINDOWS\aqgvi.datHigh
    CWSC:\WINDOWS\ayzfc.datHigh
    CWSC:\WINDOWS\bibcc.datHigh
    CWSC:\WINDOWS\bmfuo.datHigh
    CWSC:\WINDOWS\brlil.datHigh
    CWSC:\WINDOWS\buiot.datHigh
    CWSC:\WINDOWS\byivh.datHigh
    CWSC:\WINDOWS\cacon.datHigh
    CWSC:\WINDOWS\ccrju.datHigh
    CWSC:\WINDOWS\cegur.datHigh
    CWSC:\WINDOWS\crzmu.datHigh
    CWSC:\WINDOWS\cteax.datHigh
    CWSC:\WINDOWS\czzis.datHigh
    CWSC:\WINDOWS\elqyf.datHigh
    CWSC:\WINDOWS\erpsj.datHigh
    CWSC:\WINDOWS\errdi.datHigh
    CWSC:\WINDOWS\fffbl.datHigh
    CWSC:\WINDOWS\fknrn.datHigh
    CWSC:\WINDOWS\gwivm.datHigh
    CWSC:\WINDOWS\gxbup.datHigh
    CWSC:\WINDOWS\hlaoq.datHigh
    CWSC:\WINDOWS\hmweo.datHigh
    CWSC:\WINDOWS\imeep.datHigh
    CWSC:\WINDOWS\ixwkd.datHigh
    CWSC:\WINDOWS\jbdxh.datHigh
    CWSC:\WINDOWS\jefha.datHigh
    CWSC:\WINDOWS\jfrog.datHigh
    CWSC:\WINDOWS\jkclk.datHigh
    CWSC:\WINDOWS\jkmhg.datHigh
    CWSC:\WINDOWS\jqydf.datHigh
    CWSC:\WINDOWS\kalov.datHigh
    CWSC:\WINDOWS\kdkxt.datHigh
    CWSC:\WINDOWS\kenpa.datHigh
    CWSC:\WINDOWS\klvyg.datHigh
    CWSC:\WINDOWS\laejt.datHigh
    CWSC:\WINDOWS\lnqtx.datHigh
    CWSC:\WINDOWS\lxzgq.datHigh
    CWSC:\WINDOWS\mhenz.datHigh
    CWSC:\WINDOWS\msijy.datHigh
    CWSC:\WINDOWS\mzxfs.datHigh
    CWSC:\WINDOWS\ncrmc.datHigh
    CWSC:\WINDOWS\nsxgh.datHigh
    CWSC:\WINDOWS\pcpcf.datHigh
    CWSC:\WINDOWS\porkw.datHigh
    CWSC:\WINDOWS\ppdgn.datHigh
    CWSC:\WINDOWS\qaicm.datHigh
    CWSC:\WINDOWS\qguky.datHigh
    CWSC:\WINDOWS\qpare.datHigh
    CWSC:\WINDOWS\qzawp.datHigh
    CWSC:\WINDOWS\rbnsz.datHigh
    CWSC:\WINDOWS\rkmvx.datHigh
    CWSC:\WINDOWS\safxn.datHigh
    CWSC:\WINDOWS\sgyiv.datHigh
    CWSC:\WINDOWS\tqtsq.datHigh
    CWSC:\WINDOWS\uvwdp.datHigh
    CWSC:\WINDOWS\uzcpz.datHigh
    CWSC:\WINDOWS\vqcre.datHigh
    CWSC:\WINDOWS\vxrub.datHigh
    CWSC:\WINDOWS\wfpde.datHigh
    CWSC:\WINDOWS\wnltn.datHigh
    CWSC:\WINDOWS\wypgg.datHigh
    CWSC:\WINDOWS\xfasd.datHigh
    CWSC:\WINDOWS\xqimy.datHigh
    CWSC:\WINDOWS\yeuxy.datHigh
    CWSC:\WINDOWS\ypbsp.datHigh
    CWSC:\WINDOWS\yypyf.datHigh
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
    CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
    CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
    CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
    CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
    CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
    CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponentHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##InstallerHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\ContainsHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\FilesHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dllHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dllHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformationHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASEHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INFHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersionHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModifiedHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponentHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}##InstallerHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\ContainsHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\FilesHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dllHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformationHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASEHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INFHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersionHigh
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##High
    Instant AccessHKLM\Software\Microsoft\Code Store
    Database\Distribution
    Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModifiedHigh
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
    Instant
    AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
    Instant
    AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
    SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
    SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated

    Scan Results:
    scan start:07/05/2006 20:09:59
    scan stop:07/05/2006 20:22:07
    scanned items:144827
    found items:241
    found and ignored:0
    tools used:General Scanner, Process Scanner, LSP
    Scanner, Startup Scanner, Registry Scanner,
    Hosts Scanner, Browser Scanner, Browser Activity
    Scanner, Disk Scanner, ActiveX Scanner

    Infection NameLocationRisk
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
    CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
    Instant
    AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
    AccessHigh
    IST Unknown
    VariantHKCU\software\microsoft\windows\currentversion\run##start
    wingman profilerMedium
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
    RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
    SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
    SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
    SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
    SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
    SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDA
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Bonjour à tous

    Merci Inco ;-)

    non, hijackthis, c'est le rapport que tu as posté dans ton 1er message

    colle en un nouveau stp

    ++
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Bonjour Green Day, et à tous,

      Non, je n'ai pas négligé le PC, mais le boulot de la semaine ne m'a pas encouragé à me connecter: j'aime bien tes citations, toujours optimistes: je t'en sort une, de moi: "il faut distinguer le savoir du faire": je sais que je sais peu, et que dans le PC, je ne fais quasiment rien, sauf des bêtises éventuellement....

      Je te joins Hijackthis: c'est toujours aussi abscons (d'où ma citation, n'en plaise à Voltaire...)

      Logfile of HijackThis v1.99.1
      Scan saved at 21:17:05, on 13/05/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\ewido anti-malware\ewidoguard.exe
      C:\WINDOWS\System32\GEARSEC.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GF8XKD67\HijackThis[1].exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
      O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - https://www.afternic.com/domains/downloadv3.com
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
      O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
      O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
      O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

      Bon courage Mlle....

      Merci de contribuer au lent développement de mon savoir!

      Bonne fin de WE
      0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    lol !

    Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_FR_XP.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab

    ==> recherche et supprime ce prog : ALCXMNTR.EXE

    ensuite, repasse un pti coup de ewido, et avec ce prog :

    *Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

    *Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
    est cochée) puis clique sur "lancer le nettoyage"

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    et enfin :

    scan en ligne : colle rapport entier ( s’il y a quelque chose) :

    http://www.bitdefender.fr/bd/site/search.php#

    bon courage, @+

    ;-)

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Bonjour Green Day
      La recherche en ligne étant un peu longue, Morphée m'a pris avant la fin...
      Merci de tes recommandations, suivies à la lettre.
      Ci-joint le rapport de Bitdefender, que j'accompagne d'une question: depuis sa connection, j'ai récupéré une barre d'outil Yahoo, qui ne me sert à rien: quelle est la solution de nettoyage?

      <TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
      <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
      </HEAD>
      <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


      <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
      <tr>
      <td width="458">
      <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>
      <tr>
      <td colspan="3" width="912">
      <p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Mon, May 15, 2006 - 01:12:01</b></span></font></p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Statistiques</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Temps</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">01:49:21</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Fichiers</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">565641</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Directoires</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">6747</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Secteurs de boot</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">3</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Archives</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">21761</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Paquets programmes</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">67873</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>



      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Résultats</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Virus identifiés</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">8</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Fichiers infectés</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">56</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Fichiers suspects</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">0</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Avertissements</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">0</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Désinfectés</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">0</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Fichiers effacés</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">56</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Définition virus</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">374883</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Version des moteurs</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Analyse des plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">13</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Archive des plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">40</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Unpack des plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">4</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">E-mail plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">6</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Système plugins</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">1</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td width="458">
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="451" colspan="2" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Première action</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Désinfecté</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Seconde Action</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Heuristique</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Oui</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Acceptez les avertissements</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Oui</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Extensions analysées</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">*;</font></p>
      </td>
      </tr>

      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Excludez les extensions</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2"> </font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Analyse d'emails</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Oui</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Analyse des Archives</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Oui</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Analyser paquets programmes</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Oui</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Analyse des fichiers</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Oui</font></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">Analyse de boot</font></p>
      </td>
      <td width="43%" align="right">
      <p><font face="Arial" size="2">Oui</font></p>
      </td>
      </tr>
      </table>
      </td>
      <td width="40%">
      <p> </p>
      </td>
      <td width="10%">
      <p> </p>
      </td>
      </tr>

      <tr>
      <td colspan=2>  
      <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
      <tr>
      <td width="252" bgcolor="#CCCCCC">
      <p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
      </td>
      <td width="195" bgcolor="#CCCCCC" align="right">
      <p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
      </td>
      </tr>
      <tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.L</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Java.ClassLoader.D</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)=>creme_de_gruyere.jpg .scr</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Win32.Mabutu.A@mm</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)=>creme_de_gruyere.jpg .scr</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Supprimé</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Mis à jour</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left">
      <p><font face="Arial" size="2">Echec de la désinfection</font></p>
      </td>
      </tr><tr>
      <td width="57%">
      <p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
      </td>
      <td width="43%" align="left&
      0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    le rapport est en language codé 8-)

    vide ta quarantaine norton ...

    reposte un nouveau hijackthis et precise s'il te reste des soucis

    ++
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Bonjour Green Day: l'espoir demeure et fait avancer

      Avant la lecture de hijackthis, j'ai oublié de te mentionner que le programme "RESIDENT" de SPYBOT couine lorsque CCLEANER fait le ménage dans le registre, et s'oppose aux modifs: je l'ai désactivé, sans être sûr que cela soit suffisant. Si tu me conseilles de recommencer, pas de pb, car j'ai bien l'impression qu'un grand ménage a été fait grâce à toi (et aussi aux membres du forum).

      Ci-dessous le log Hijackthis.

      Merci, et bonne journée

      Logfile of HijackThis v1.99.1
      Scan saved at 09:55:54, on 16/05/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\WINDOWS\System32\GEARSEC.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\HIJACKTHIS\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    lol ! je suis bien d'accord avec toi ...

    euh ! dis moi, tu es sûr que c'est un nouveau rapport ?! ... lol

    Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum stp

    @+

    ;-)

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Bonsoir Green Day, Heu, oui, enfin.., je crois: mais si ce n'est pas le cas avec la liste ci-dessous, je dois être bon à ranger avec les dinosaures....

      Merci pour tout

      Logfile of HijackThis v1.99.1
      Scan saved at 20:33:19, on 18/05/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\WINDOWS\System32\GEARSEC.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\HIJACKTHIS\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, mais c'est vraiment bizzar ...

    alors : cf manip poste 14 ! ( sans les 08 et 016 )

    ensuite reposte un nouveau hijackthis et precise tes soucis

    bon courage, @+

    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Re-salut Green Day, bonsoir did

      J'ai repris le 14 comme demandé, en fermant le programme "Résident" de SPYBOT, qui empêche des modifs de registre: j'ai "fixé", et voici le log correspondant.

      Je vais maintenant tester ce que propose Did71.

      Bonne nuit!

      Logfile of HijackThis v1.99.1
      Scan saved at 02:13:42, on 19/05/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\WINDOWS\System32\GEARSEC.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HIJACKTHIS\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      0
  13. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir à tous,

    green, si tu permets,

    cette ligne :

    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess , montre egdaccess

    Télécharge Blacklight (de F-Secure) :

    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse

    a+
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Re Bonsoir Did et Green Day

      Après la manip préconisée par Green, j'ai fait ce que tu proposes:
      miracle! Blacklight n'a rien trouvé! Ci dessous le log.

      Bonne nuit. Dodo!

      05/19/06 02:24:11 [Info]: BlackLight Engine 1.0.36 initialized
      05/19/06 02:24:11 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      05/19/06 02:24:11 [Note]: 7019 4
      05/19/06 02:24:11 [Note]: 7005 0
      05/19/06 02:24:17 [Note]: 7006 0
      05/19/06 02:24:17 [Note]: 7011 1704
      05/19/06 02:24:17 [Note]: 7026 0
      05/19/06 02:24:17 [Note]: 7026 0
      05/19/06 02:24:27 [Note]: FSRAW library version 1.7.1015
      05/19/06 02:31:34 [Note]: 2000 1006
      05/19/06 02:33:14 [Note]: 7007 0
      0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok; remets un nouveau hijackthis stp

    ++

    ***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Salut Green Day:
      Tout n'est pas rose: "Resident" couine encore et refuse de modifier le registre, alors que je l'avais fermé avant le "fix".

      La patience est-elle une vertue?

      Ci-dessous le dernier log

      Bonne nuit

      Logfile of HijackThis v1.99.1
      Scan saved at 23:42:34, on 19/05/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\WINDOWS\System32\GEARSEC.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\HP\KBD\KBD.EXE
      C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\HIJACKTHIS\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    t'inket ! ça prendra le temps qu'il faudra ;-)

    " un temps à chaque chose et chaque chose en son temps ! " :)

    je ne comprends pas pourquoi les lignes que tu fixes reviennent à chaque fois ???

    1) Désactiver la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    2) Redémarre en mode sans échec
    Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
    Choisis le mode sans échec dans les options et valide avec entrée.
    ( si F8 ne fonctionne pas essaie avec F5)

    3) Relance hijackthis :

    choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    demo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    ==> cf poste 14

    @+

    0
  16. GPAT Messages postés 20 Statut Membre 4
     
    Chère Green,
    Heureux celui qui a compris qu'il ne faut jamais chercher à comprendre....
    J'essaie quand même, et après avoir désinstallé Spybot et son fameux "Résident", j'ai fait ce que tu m'as conseillé, et voila ce que cela donne (note qd même que le message p2esock_1021.dll non trouvé existe toujours au démarrage, et là je ne comprends pas):

    Logfile of HijackThis v1.99.1
    Scan saved at 20:25:15, on 21/05/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\OUTILS NETTOYAGE-SCAN-VIRUS\HIJACKTHIS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    Merci de ton aide constante et toujours optimiste!

    BONNE SOIREE
    0
  17. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir à vous,

    je me permets d'intervenir car je vois toujours egdaccess, troublant d'ailleurs!

    vas dans menu démarrer>exécuter> tu écris msconfig > démarrage> dis moi si tu vois instant access

    a+
    0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Bonsoir :-)

    c'est bien mieux, en effet, mais je crois que egdaccess t'aimes et ne veux pas te quitter lol

    sinon : Did, il fauderai peut être chercher le fichier .dll et le supprimer ??? à moin qu'il y est un autre prog qui supprime aussi cette bébéte ???

    merci pour ton coup de main

    GPAT : courage !

    @+
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Bonsoir Green et Did71, et merci
      voici ce qu'on trouve dans démarrage qui m'interpelle, surtout la 2ième ligne, la 1ière connais pas:
      rundll32.exe nview.dll,nViewLoadHook
      rundll32.exe p2esocks_1021.dll,instant access
      Par contre rien sur egdaccess: quel est ce truc?

      Bonne nuit!
      0
  19. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    Hello
    egdaccess = saloperie

    methodologie à suivre :

    Autre méthode: (Merci Philae)

    * Télécharger Brute Force Uninstaller (de Merijn).
    http://www.merijn.org/files/bfu.zip
    Décompresse-le dans un dossier propre à lui (c:\BFU)

    * FAIRE UN CLIC-DROIT ICI
    http://metallica.geekstogo.com/EGDACCESS.bfu
    et choisir "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..") afin de télécharger EGDACCESS Remover (de Metallica). Sauvegarder le dans le dossier créé (c:\BFU)

    Démarrer "Brute Force Uninstaller" en double-cliquant BFU.exe

    Sous scriptline to execute copie/coller c:\bfu\EGDACCESS.bfu
    Cliquer sur execute et laisser-le faire son travail.

    Attendre que complete script execution apparaîsse et cliquer sur OK.

    *Recommencer avec ce fichier les mêmes manipulations
    http://metallica.geekstogo.com/p2pnetwork.bfu

    * Cliquer Exit pour fermer le programme BFU.

    * Redémarrer et poster un nouveau rapport HijackThis.
    0
  20. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonjour à vous,

    Exact c'est cette ligne qu'il faut supprimer du démarrage:

    rundll32.exe p2esocks_1021.dll,instant access

    Ensuite essaie de trouver cette DLL est de la supprimer:

    p2esocks_1021.dll

    Pour aranjuez le BFU ne fonctionnera pas car l'infection n'est pas active, blacklight l'aurais trouvé.

    Et le script p2pnetwork.bfu n'est pas lié à la désinfection de egdaccess mais p2pnetworking.exe, non présent dans ce sujet.

    a+
    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Bonsoir à tous: Did, Green, Aranjuez etc..
      Ben voila, c'est tout bête, mais comment fait-on pour supprimer une instruction dans le démarrage?
      J'imagine que lorsqu'on décoche celle-ci, cela permet de ne pas l'éxécuter, mais cela ne la supprime pas.
      Bref, j'ai un pb de savoir faire.
      Ne croyez pas à une infidélité quelconque pendant quelques jours, j'abandonne (provisoirement) le PC pour le WE!!

      Bonne nuit à tout le monde.

      A + quand je vais vous lire.
      0
  21. aranjuez31 Messages postés 8161 Date d'inscription   Statut Contributeur 354
     
    bsr

    ok did, compris

    GPAT
    ""comment fait-on pour supprimer une instruction dans le démarrage ? "
    déma>exécuter>tape msconfig>ok> va ds onglet démarrage

    Suis extrait tuto de zébulon :
    =========
    L'onglet "Démarrage"
    L'onglet "Démarrage" indique les programmes qui sont chargés à l'ouverture de session.

    Onglet Démarrage de msconfig

    C'est ici qu'il faut venir en premier pour désactiver des programmes suspects, vous retrouvez tous ces programmes dans votre gestionnaire des taches à l'onglet "Processus".
    Tout ces programmes sont inscrits dans votre base de registre dans les clés :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

    Si vous souhaitez que votre session démarre plus vite, vous pouvez supprimer tous les programmes superflus, seuls devraient rester votre antivirus, votre firewall et votre connexion USB.

    Comme vous pouvez le constater, cet outil offre de nombreuses possibilités et permet souvent de résoudre des problèmes rapidement. C'est le premier outil à utiliser en cas de problème...

    0
    1. GPAT Messages postés 20 Statut Membre 4
       
      Pour l'étalon, il faut prendre les mesures!.....
      Pour le bourricaut, t'inquiète pas, tu l'as trouvé!
      Par contre le bourricaut n'a pas trouvé dans l'onglet démarrage le p2esock_1021.dll qui m'ennuie depuis des mois: je l'ai cherché également avec l'outil "chercher" de Windows: rien trouvé! alors pour faire avancer le bourricaut, il faut une sacré carrotte, mais je ne suis pas dans l'agriculture!
      Quant à StealthSWs114..., il a disparu. Ouf!

      Allez, bonne journée à tous!
      0
  • 1
  • 2