StealthSWs114.h!dll
Résolu
GPAT
Messages postés
20
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
bonjour, le titre du message indique le problème. Je suis néophite, voire nul: NORTON 2004 régulièrement mis à jour, SPYBOT, rien n'y fait. GOOGLE m'a renvoyé sur votre site que je découvre: la lecture des aides aux messages identiques m'a permis d'utiliser HijackThis dont le log est joint: trop complexe pour moi: je crois comprendre que certaines instructions ne devraient pas figurer et indiquent des connexions non maîtrisées...Pouvez vous m'aider SVP, de manière simple? Merci beaucoup. Pardonnez moi si je commets quelques erreurs d'utilisation du forum: manque d'habitude!
Logfile of HijackThis v1.99.1
Scan saved at 17:39:48, on 29/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7EG6JLWE\HijackThis[1].exe
C:\WINDOWS\system32\ntvdm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpBB80.tmp
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:39:48, on 29/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7EG6JLWE\HijackThis[1].exe
C:\WINDOWS\system32\ntvdm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hpBB80.tmp
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
A voir également:
- StealthSWs114.h!dll
- Télécharger logiciel dvr h 264 gratuit - Télécharger - Sécurité
- Xinput1_3.dll - Forum Jeux PC
- Dimension l x l x h - Forum Photoshop
- Train 1000 km/h - Guide
- Advapi32.dll ccleaner - Forum Windows 7
22 réponses
Salut
belle infection !!!
commence par ceci stp :
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
a+
***Le deuxieme mot le plus important apres Aimer, c'est Aider! ...***
belle infection !!!
commence par ceci stp :
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
a+
***Le deuxieme mot le plus important apres Aimer, c'est Aider! ...***
Salut
as tu un parfeu ???
autre problème récurrent: au démarrage de windows, j'ai le message suivant: erreur de chargement p2esocks_1021.dll: je réponds OK, et je n'ai jamais rien constaté!
oui c'est le très connu trojan Instant Access
d'ailleurs, on le voit très bien dans le hijackthis :
[Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
reste de l'infection ...
#Désactiver la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
ensuite : "peti" nettoyage
télécharge ceci :
1) Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
2) Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/AdAware/AdAware.htm
3) Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
tuto : (merci à Ballatrap )
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
4) A-squared (nécéssite un enregistrement gratuit en ligne pour obtenir la clé d'activation) :
https://www.emsisoft.com/fr/
5) Ewido (gratuit) :
https://www.avg.com/en-ww/free-antivirus-download
fais un copier/coller du rapport ici stp
tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
6) CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm
mets tout à jour,lance les scans en mode sans echec : pour cela redemarre en appuillant sur le touche F8 ou F5
puis :
*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
https://www.01net.com/404/
tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et enfin reposte un nouveau hijackthis stp
bon courage, @+
***Le deuxieme mot le plus important apres Aimer, c'est Aider! ...***
as tu un parfeu ???
autre problème récurrent: au démarrage de windows, j'ai le message suivant: erreur de chargement p2esocks_1021.dll: je réponds OK, et je n'ai jamais rien constaté!
oui c'est le très connu trojan Instant Access
d'ailleurs, on le voit très bien dans le hijackthis :
[Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
reste de l'infection ...
#Désactiver la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
ensuite : "peti" nettoyage
télécharge ceci :
1) Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
2) Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/AdAware/AdAware.htm
3) Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
tuto : (merci à Ballatrap )
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
4) A-squared (nécéssite un enregistrement gratuit en ligne pour obtenir la clé d'activation) :
https://www.emsisoft.com/fr/
5) Ewido (gratuit) :
https://www.avg.com/en-ww/free-antivirus-download
fais un copier/coller du rapport ici stp
tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
6) CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm
mets tout à jour,lance les scans en mode sans echec : pour cela redemarre en appuillant sur le touche F8 ou F5
puis :
*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
https://www.01net.com/404/
tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et enfin reposte un nouveau hijackthis stp
bon courage, @+
***Le deuxieme mot le plus important apres Aimer, c'est Aider! ...***
Bonsoir Green Day
as tu reçu mon message (très long) de ce matin?
Sinon je recommence un copié collé (très très long) des différents rapports.
Y a-t-il une limitation en taille des messages
@+
Merci
as tu reçu mon message (très long) de ce matin?
Sinon je recommence un copié collé (très très long) des différents rapports.
Y a-t-il une limitation en taille des messages
@+
Merci
Salut à vous
Gpat : non je n'ai pas recu de message ???
tu l'as envoyé/posté où ???
++
Gpat : non je n'ai pas recu de message ???
tu l'as envoyé/posté où ???
++
Bonjour Green Day
La valeur n'attend pas le nombre des années....
j'ai essayé de t'envoyer les logs des différents scan, avant et après nettoyage: je crois que c'était tellement gros que ça n'a pas marché. Boulepat62 m'a conseillé de faire un Highjack et Ewido et de l'envoyer: ce que je fais ci-dessous. Je constate que chaque scan trouve son lot de pb (parfois par millier d'occurences...), fait ce qu'il peut, mais il en reste toujours: ex p2esocks_1021.dll est toujours là!
Dans l'ordre: parfeu: en principe (!!) j'en ai un: j'ai un modem routeur Linksys sans fil WAG354G, dont on m'a dit qu'il est intégré(??): aussi ai-je déconnecté le parefeu WINDOWS.
J'ai ensuite procédé dans l'ordre que tu m'as indiqué, et j'ai cru comprendre que les premiers scan devaient se faire en mode normal (et pas sans échec): ce fut long!!! au passage SPYBOT s'arrête au 1/4 de la recherche; je suis ensuite repassé en mode sans échec, et ai recommencé les scans: Spybot fonctionne (!!?)
Scan Results:
scan start: 05/05/2006 02:03:16
scan stop: 05/05/2006 02:26:35
scanned items: 143512
found items: 217
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I## High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstance High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000## High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Service High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Legacy High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlags High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Class High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUID High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDesc High
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402} Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32 Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Version Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B} Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32 Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Version Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3} Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32 Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Version Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B} Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32 Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Version Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3} Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32 Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Version Elevated
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta## High
PSGuard Desktop Hijacker C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url High
Instant Access C:\WINDOWS\Downloaded Program Files\EGAUTH.inf High
Instant Access C:\WINDOWS\system32\eglivecam_1030.dll High
Backdoor.Agobot C:\WINDOWS\system32\winhl32.exe High
Instant Access C:\WINDOWS\tmlpcert2005 High
CWS C:\WINDOWS\ajele.dat High
CWS C:\WINDOWS\aqgvi.dat High
CWS C:\WINDOWS\ayzfc.dat High
CWS C:\WINDOWS\bibcc.dat High
CWS C:\WINDOWS\bmfuo.dat High
CWS C:\WINDOWS\brlil.dat High
CWS C:\WINDOWS\buiot.dat High
CWS C:\WINDOWS\byivh.dat High
CWS C:\WINDOWS\cacon.dat High
CWS C:\WINDOWS\ccrju.dat High
CWS C:\WINDOWS\cegur.dat High
CWS C:\WINDOWS\crzmu.dat High
CWS C:\WINDOWS\cteax.dat High
CWS C:\WINDOWS\czzis.dat High
CWS C:\WINDOWS\elqyf.dat High
CWS C:\WINDOWS\erpsj.dat High
CWS C:\WINDOWS\errdi.dat High
CWS C:\WINDOWS\fffbl.dat High
CWS C:\WINDOWS\fknrn.dat High
CWS C:\WINDOWS\gwivm.dat High
CWS C:\WINDOWS\gxbup.dat High
CWS C:\WINDOWS\hlaoq.dat High
CWS C:\WINDOWS\hmweo.dat High
CWS C:\WINDOWS\imeep.dat High
CWS C:\WINDOWS\ixwkd.dat High
CWS C:\WINDOWS\jbdxh.dat High
CWS C:\WINDOWS\jefha.dat High
CWS C:\WINDOWS\jfrog.dat High
CWS C:\WINDOWS\jkclk.dat High
CWS C:\WINDOWS\jkmhg.dat High
CWS C:\WINDOWS\jqydf.dat High
CWS C:\WINDOWS\kalov.dat High
CWS C:\WINDOWS\kdkxt.dat High
CWS C:\WINDOWS\kenpa.dat High
CWS C:\WINDOWS\klvyg.dat High
CWS C:\WINDOWS\laejt.dat High
CWS C:\WINDOWS\lnqtx.dat High
CWS C:\WINDOWS\lxzgq.dat High
CWS C:\WINDOWS\mhenz.dat High
CWS C:\WINDOWS\msijy.dat High
CWS C:\WINDOWS\mzxfs.dat High
CWS C:\WINDOWS\ncrmc.dat High
CWS C:\WINDOWS\nsxgh.dat High
CWS C:\WINDOWS\pcpcf.dat High
CWS C:\WINDOWS\porkw.dat High
CWS C:\WINDOWS\ppdgn.dat High
CWS C:\WINDOWS\qaicm.dat High
CWS C:\WINDOWS\qguky.dat High
CWS C:\WINDOWS\qpare.dat High
CWS C:\WINDOWS\qzawp.dat High
CWS C:\WINDOWS\rbnsz.dat High
CWS C:\WINDOWS\rkmvx.dat High
CWS C:\WINDOWS\safxn.dat High
CWS C:\WINDOWS\sgyiv.dat High
CWS C:\WINDOWS\tqtsq.dat High
CWS C:\WINDOWS\uvwdp.dat High
CWS C:\WINDOWS\uzcpz.dat High
CWS C:\WINDOWS\vqcre.dat High
CWS C:\WINDOWS\vxrub.dat High
CWS C:\WINDOWS\wfpde.dat High
CWS C:\WINDOWS\wnltn.dat High
CWS C:\WINDOWS\wypgg.dat High
CWS C:\WINDOWS\xfasd.dat High
CWS C:\WINDOWS\xqimy.dat High
CWS C:\WINDOWS\yeuxy.dat High
CWS C:\WINDOWS\ypbsp.dat High
CWS C:\WINDOWS\yypyf.dat High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}## High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data## High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0 High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2 High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32 High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32## High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}## High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data## High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0 High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2 High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32 High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32## High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}## High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data## High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0 High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2 High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32 High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32## High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}## High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data## High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0 High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2 High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32 High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32## High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}## High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data## High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32 High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32## High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}## High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data## High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32 High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponent High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##Installer High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dll High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dll High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASE High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INF High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModified High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C} High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponent High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}##Installer High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dll High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASE High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INF High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModified High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459} High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}## High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32 High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32## High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModel High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459} High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}## High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32 High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32## High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModel High
ci-dessous ewido:
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 09:54:27, 06/05/2006
+ Somme de contrôle: C4996528
+ Résultats du scan:
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
J'ai gardé les autres scans: je peux les envoyer dans l'ordre que tu souhaites
Petite remarque: depuis ces nettoyages, linksys a du mal à trouver une adresse IP: connexion très longue à se faire.
Comment faire pour ne plus être infecté sans maîtriser quoi que ce soit, et sans t'embêter???
@+
Bon WE
La valeur n'attend pas le nombre des années....
j'ai essayé de t'envoyer les logs des différents scan, avant et après nettoyage: je crois que c'était tellement gros que ça n'a pas marché. Boulepat62 m'a conseillé de faire un Highjack et Ewido et de l'envoyer: ce que je fais ci-dessous. Je constate que chaque scan trouve son lot de pb (parfois par millier d'occurences...), fait ce qu'il peut, mais il en reste toujours: ex p2esocks_1021.dll est toujours là!
Dans l'ordre: parfeu: en principe (!!) j'en ai un: j'ai un modem routeur Linksys sans fil WAG354G, dont on m'a dit qu'il est intégré(??): aussi ai-je déconnecté le parefeu WINDOWS.
J'ai ensuite procédé dans l'ordre que tu m'as indiqué, et j'ai cru comprendre que les premiers scan devaient se faire en mode normal (et pas sans échec): ce fut long!!! au passage SPYBOT s'arrête au 1/4 de la recherche; je suis ensuite repassé en mode sans échec, et ai recommencé les scans: Spybot fonctionne (!!?)
Scan Results:
scan start: 05/05/2006 02:03:16
scan stop: 05/05/2006 02:26:35
scanned items: 143512
found items: 217
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I## High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstance High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000## High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Service High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Legacy High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlags High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##Class High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUID High
CWS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDesc High
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402} Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32 Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib## Elevated
RXToolbar HKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Version Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B} Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32 Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib## Elevated
Slagent HKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Version Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3} Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32 Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib## Elevated
Slagent HKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Version Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B} Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32 Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib## Elevated
Slagent HKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Version Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3} Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32 Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib## Elevated
Slagent HKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Version Elevated
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta High
Trojan.Popuper HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta## High
PSGuard Desktop Hijacker C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url High
Instant Access C:\WINDOWS\Downloaded Program Files\EGAUTH.inf High
Instant Access C:\WINDOWS\system32\eglivecam_1030.dll High
Backdoor.Agobot C:\WINDOWS\system32\winhl32.exe High
Instant Access C:\WINDOWS\tmlpcert2005 High
CWS C:\WINDOWS\ajele.dat High
CWS C:\WINDOWS\aqgvi.dat High
CWS C:\WINDOWS\ayzfc.dat High
CWS C:\WINDOWS\bibcc.dat High
CWS C:\WINDOWS\bmfuo.dat High
CWS C:\WINDOWS\brlil.dat High
CWS C:\WINDOWS\buiot.dat High
CWS C:\WINDOWS\byivh.dat High
CWS C:\WINDOWS\cacon.dat High
CWS C:\WINDOWS\ccrju.dat High
CWS C:\WINDOWS\cegur.dat High
CWS C:\WINDOWS\crzmu.dat High
CWS C:\WINDOWS\cteax.dat High
CWS C:\WINDOWS\czzis.dat High
CWS C:\WINDOWS\elqyf.dat High
CWS C:\WINDOWS\erpsj.dat High
CWS C:\WINDOWS\errdi.dat High
CWS C:\WINDOWS\fffbl.dat High
CWS C:\WINDOWS\fknrn.dat High
CWS C:\WINDOWS\gwivm.dat High
CWS C:\WINDOWS\gxbup.dat High
CWS C:\WINDOWS\hlaoq.dat High
CWS C:\WINDOWS\hmweo.dat High
CWS C:\WINDOWS\imeep.dat High
CWS C:\WINDOWS\ixwkd.dat High
CWS C:\WINDOWS\jbdxh.dat High
CWS C:\WINDOWS\jefha.dat High
CWS C:\WINDOWS\jfrog.dat High
CWS C:\WINDOWS\jkclk.dat High
CWS C:\WINDOWS\jkmhg.dat High
CWS C:\WINDOWS\jqydf.dat High
CWS C:\WINDOWS\kalov.dat High
CWS C:\WINDOWS\kdkxt.dat High
CWS C:\WINDOWS\kenpa.dat High
CWS C:\WINDOWS\klvyg.dat High
CWS C:\WINDOWS\laejt.dat High
CWS C:\WINDOWS\lnqtx.dat High
CWS C:\WINDOWS\lxzgq.dat High
CWS C:\WINDOWS\mhenz.dat High
CWS C:\WINDOWS\msijy.dat High
CWS C:\WINDOWS\mzxfs.dat High
CWS C:\WINDOWS\ncrmc.dat High
CWS C:\WINDOWS\nsxgh.dat High
CWS C:\WINDOWS\pcpcf.dat High
CWS C:\WINDOWS\porkw.dat High
CWS C:\WINDOWS\ppdgn.dat High
CWS C:\WINDOWS\qaicm.dat High
CWS C:\WINDOWS\qguky.dat High
CWS C:\WINDOWS\qpare.dat High
CWS C:\WINDOWS\qzawp.dat High
CWS C:\WINDOWS\rbnsz.dat High
CWS C:\WINDOWS\rkmvx.dat High
CWS C:\WINDOWS\safxn.dat High
CWS C:\WINDOWS\sgyiv.dat High
CWS C:\WINDOWS\tqtsq.dat High
CWS C:\WINDOWS\uvwdp.dat High
CWS C:\WINDOWS\uzcpz.dat High
CWS C:\WINDOWS\vqcre.dat High
CWS C:\WINDOWS\vxrub.dat High
CWS C:\WINDOWS\wfpde.dat High
CWS C:\WINDOWS\wnltn.dat High
CWS C:\WINDOWS\wypgg.dat High
CWS C:\WINDOWS\xfasd.dat High
CWS C:\WINDOWS\xqimy.dat High
CWS C:\WINDOWS\yeuxy.dat High
CWS C:\WINDOWS\ypbsp.dat High
CWS C:\WINDOWS\yypyf.dat High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}## High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data## High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0 High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2 High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32 High
CWS HKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32## High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}## High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data## High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0 High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2 High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32 High
CWS HKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32## High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}## High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data## High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0 High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2 High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32 High
CWS HKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32## High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}## High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data## High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0 High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2 High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32 High
CWS HKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32## High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}## High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data## High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32 High
CWS HKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32## High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}## High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data## High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32 High
CWS HKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponent High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##Installer High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dll High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dll High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASE High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INF High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModified High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C} High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponent High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}##Installer High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dll High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASE High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INF High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion## High
Instant Access HKLM\Software\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModified High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459} High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}## High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32 High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32## High
Instant Access HKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModel High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459} High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}## High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32 High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32## High
Instant Access HKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModel High
ci-dessous ewido:
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 09:54:27, 06/05/2006
+ Somme de contrôle: C4996528
+ Résultats du scan:
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
J'ai gardé les autres scans: je peux les envoyer dans l'ordre que tu souhaites
Petite remarque: depuis ces nettoyages, linksys a du mal à trouver une adresse IP: connexion très longue à se faire.
Comment faire pour ne plus être infecté sans maîtriser quoi que ce soit, et sans t'embêter???
@+
Bon WE
Salut Boulepate, et Green Day
Encore merci de votre contribution, et j'ai l'impression qu'il faut beaucoup de docteurs pour éliminer mes virus!.....c'est désespérant!
2ième tentative d'ajout depuis 24H!!!
Ci-dessous les logs demandés par Boulepate: comme d'hab, je comprends que c'est infecté, mais rien n'érradique! Bon courage pour l'interprétation: cela me dépasse!
Les logs sont dans l'ordre demandé:
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sun, May 07, 2006 - 15:28:11</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:45:43</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">569821</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6814</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">21776</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">67987</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">23</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">192</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">243</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">373676</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">39</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0597318A</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0597318A</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\08F463D6=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Bagle.AX@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\08F463D6=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0928039D</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0928039D</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0938558B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Bagle.AX@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0938558B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.V</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.HR</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\132122C2=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.ClassLoader.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\132122C2=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\133122A8.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\133122A8.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.V</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25D0779F</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25D0779F</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25E177E7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25E177E7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\26AB6F97</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\26AB6F97</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\28B70281</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\28B70281</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Exploit.Html.MhtRedir.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F21BD.dll=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Wintrim.CB</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F21BD.dll=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dialer.FU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Exploit.Html.MhtRedir.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\
Encore merci de votre contribution, et j'ai l'impression qu'il faut beaucoup de docteurs pour éliminer mes virus!.....c'est désespérant!
2ième tentative d'ajout depuis 24H!!!
Ci-dessous les logs demandés par Boulepate: comme d'hab, je comprends que c'est infecté, mais rien n'érradique! Bon courage pour l'interprétation: cela me dépasse!
Les logs sont dans l'ordre demandé:
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sun, May 07, 2006 - 15:28:11</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:45:43</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">569821</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6814</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">21776</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">67987</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">23</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">192</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">243</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">373676</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">39</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-26f44593-10df0577.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-69f14c81-55a7ebbd.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Byteverify.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Propriétaire\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7e6c2c09-2d12f345.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0597318A</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0597318A</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\08F463D6=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Bagle.AX@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\08F463D6=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0928039D</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0928039D</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0938558B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Bagle.AX@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0938558B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0B23627E.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7236EA.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.V</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\0E7560E7.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.HR</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\116A6B5B=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\12BE2241.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\132122C2=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.ClassLoader.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\132122C2=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\133122A8.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\133122A8.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Z</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\16774726.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.V</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\1B6D26D1.class=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25D0779F</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25D0779F</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25E177E7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\25E177E7</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\26AB6F97</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\26AB6F97</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\28B70281</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Netsky.B@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\28B70281</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Exploit.Html.MhtRedir.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A6A524E.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F21BD.dll=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Wintrim.CB</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F21BD.dll=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Dialer.FU</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B2F4101=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Exploit.Html.MhtRedir.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B454F5D.gif=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
Pour avancer Mlle Green Day et Boulepate, que je salue au passge, merci de refaire un hijackthis et de coller le rapport ici.
Bon courage à tous.
A+
Pour avancer Mlle Green Day et Boulepate, que je salue au passge, merci de refaire un hijackthis et de coller le rapport ici.
Bon courage à tous.
A+
Bonjour à tous, Dont Incognito:
Ci-joint le log de Spyware doctor (highjack?).
Il faut noter qu'à la fin du scan, il y a un pgm "résident" qui dit refuser les modifications de spyware doctor: je comprends que les pgm se marchent sur les pieds: que fait on dans ce cas là?
Spyware Doctor ReportSpyware Doctor Activity Report
Generated on 07/05/2006 15:47:06Spyware Doctor HomepagePC
Tools HomepageTechnical Support
Scans (basic information only):
Scan Results:
scan start:07/05/2006 15:49:26
scan stop:07/05/2006 16:01:44
scanned items:145080
found items:239
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner
Infection NameLocationRisk
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
Instant
AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
AccessHigh
IST Unknown
VariantHKCU\software\microsoft\windows\currentversion\run##start
wingman profilerMedium
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper ObjectaHigh
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objecta##High
Known Bad SitesC:\Documents and
Settings\Propriétaire\Favoris\antivirus test
online.urlHigh
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@2o7[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@opodo.122.2o7[1].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@xiti[1].txtLow
AdvertisingC:\Documents and
Settings\Propriétaire\Cookies\propriétaire@overture[1].txtLow
PSGuard Desktop HijackerC:\Documents and Settings\All
Users\Menu Démarrer\Security Troubleshooting.urlHigh
PSGuard Desktop HijackerC:\Documents and
Settings\Propriétaire\Favoris\Antivirus Test
Online.urlHigh
Kazaa Promotional ItemsC:\Documents and
Settings\Propriétaire\Menu Démarrer\Programs\Altnet\Peer
Points Manager.lnkMedium
Instant AccessC:\WINDOWS\Downloaded Program
Files\EGAUTH.infHigh
Instant AccessC:\WINDOWS\system32\eglivecam_1030.dllHigh
Backdoor.AgobotC:\WINDOWS\system32\winhl32.exeHigh
Instant AccessC:\WINDOWS\tmlpcert2005High
CWSC:\WINDOWS\ajele.datHigh
CWSC:\WINDOWS\aqgvi.datHigh
CWSC:\WINDOWS\ayzfc.datHigh
CWSC:\WINDOWS\bibcc.datHigh
CWSC:\WINDOWS\bmfuo.datHigh
CWSC:\WINDOWS\brlil.datHigh
CWSC:\WINDOWS\buiot.datHigh
CWSC:\WINDOWS\byivh.datHigh
CWSC:\WINDOWS\cacon.datHigh
CWSC:\WINDOWS\ccrju.datHigh
CWSC:\WINDOWS\cegur.datHigh
CWSC:\WINDOWS\crzmu.datHigh
CWSC:\WINDOWS\cteax.datHigh
CWSC:\WINDOWS\czzis.datHigh
CWSC:\WINDOWS\elqyf.datHigh
CWSC:\WINDOWS\erpsj.datHigh
CWSC:\WINDOWS\errdi.datHigh
CWSC:\WINDOWS\fffbl.datHigh
CWSC:\WINDOWS\fknrn.datHigh
CWSC:\WINDOWS\gwivm.datHigh
CWSC:\WINDOWS\gxbup.datHigh
CWSC:\WINDOWS\hlaoq.datHigh
CWSC:\WINDOWS\hmweo.datHigh
CWSC:\WINDOWS\imeep.datHigh
CWSC:\WINDOWS\ixwkd.datHigh
CWSC:\WINDOWS\jbdxh.datHigh
CWSC:\WINDOWS\jefha.datHigh
CWSC:\WINDOWS\jfrog.datHigh
CWSC:\WINDOWS\jkclk.datHigh
CWSC:\WINDOWS\jkmhg.datHigh
CWSC:\WINDOWS\jqydf.datHigh
CWSC:\WINDOWS\kalov.datHigh
CWSC:\WINDOWS\kdkxt.datHigh
CWSC:\WINDOWS\kenpa.datHigh
CWSC:\WINDOWS\klvyg.datHigh
CWSC:\WINDOWS\laejt.datHigh
CWSC:\WINDOWS\lnqtx.datHigh
CWSC:\WINDOWS\lxzgq.datHigh
CWSC:\WINDOWS\mhenz.datHigh
CWSC:\WINDOWS\msijy.datHigh
CWSC:\WINDOWS\mzxfs.datHigh
CWSC:\WINDOWS\ncrmc.datHigh
CWSC:\WINDOWS\nsxgh.datHigh
CWSC:\WINDOWS\pcpcf.datHigh
CWSC:\WINDOWS\porkw.datHigh
CWSC:\WINDOWS\ppdgn.datHigh
CWSC:\WINDOWS\qaicm.datHigh
CWSC:\WINDOWS\qguky.datHigh
CWSC:\WINDOWS\qpare.datHigh
CWSC:\WINDOWS\qzawp.datHigh
CWSC:\WINDOWS\rbnsz.datHigh
CWSC:\WINDOWS\rkmvx.datHigh
CWSC:\WINDOWS\safxn.datHigh
CWSC:\WINDOWS\sgyiv.datHigh
CWSC:\WINDOWS\tqtsq.datHigh
CWSC:\WINDOWS\uvwdp.datHigh
CWSC:\WINDOWS\uzcpz.datHigh
CWSC:\WINDOWS\vqcre.datHigh
CWSC:\WINDOWS\vxrub.datHigh
CWSC:\WINDOWS\wfpde.datHigh
CWSC:\WINDOWS\wnltn.datHigh
CWSC:\WINDOWS\wypgg.datHigh
CWSC:\WINDOWS\xfasd.datHigh
CWSC:\WINDOWS\xqimy.datHigh
CWSC:\WINDOWS\yeuxy.datHigh
CWSC:\WINDOWS\ypbsp.datHigh
CWSC:\WINDOWS\yypyf.datHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModifiedHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModifiedHigh
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
Scan Results:
scan start:07/05/2006 19:00:02
scan stop:07/05/2006 19:09:46
scanned items:120934
found items:241
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner
Infection NameLocationRisk
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
Instant
AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
AccessHigh
IST Unknown
VariantHKCU\software\microsoft\windows\currentversion\run##start
wingman profilerMedium
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper ObjectaHigh
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objecta##High
Known Bad SitesC:\Documents and
Settings\Propriétaire\Favoris\antivirus test
online.urlHigh
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@2o7[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@cgi-bin[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@opodo.122.2o7[1].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@xiti[1].txtLow
AdvertisingC:\Documents and
Settings\Propriétaire\Cookies\propriétaire@overture[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@estat[1].txtLow
PSGuard Desktop HijackerC:\Documents and Settings\All
Users\Menu Démarrer\Security Troubleshooting.urlHigh
PSGuard Desktop HijackerC:\Documents and
Settings\Propriétaire\Favoris\Antivirus Test
Online.urlHigh
Kazaa Promotional ItemsC:\Documents and
Settings\Propriétaire\Menu Démarrer\Programs\Altnet\Peer
Points Manager.lnkMedium
Instant AccessC:\WINDOWS\Downloaded Program
Files\EGAUTH.infHigh
Instant AccessC:\WINDOWS\system32\eglivecam_1030.dllHigh
Backdoor.AgobotC:\WINDOWS\system32\winhl32.exeHigh
Instant AccessC:\WINDOWS\tmlpcert2005High
CWSC:\WINDOWS\ajele.datHigh
CWSC:\WINDOWS\aqgvi.datHigh
CWSC:\WINDOWS\ayzfc.datHigh
CWSC:\WINDOWS\bibcc.datHigh
CWSC:\WINDOWS\bmfuo.datHigh
CWSC:\WINDOWS\brlil.datHigh
CWSC:\WINDOWS\buiot.datHigh
CWSC:\WINDOWS\byivh.datHigh
CWSC:\WINDOWS\cacon.datHigh
CWSC:\WINDOWS\ccrju.datHigh
CWSC:\WINDOWS\cegur.datHigh
CWSC:\WINDOWS\crzmu.datHigh
CWSC:\WINDOWS\cteax.datHigh
CWSC:\WINDOWS\czzis.datHigh
CWSC:\WINDOWS\elqyf.datHigh
CWSC:\WINDOWS\erpsj.datHigh
CWSC:\WINDOWS\errdi.datHigh
CWSC:\WINDOWS\fffbl.datHigh
CWSC:\WINDOWS\fknrn.datHigh
CWSC:\WINDOWS\gwivm.datHigh
CWSC:\WINDOWS\gxbup.datHigh
CWSC:\WINDOWS\hlaoq.datHigh
CWSC:\WINDOWS\hmweo.datHigh
CWSC:\WINDOWS\imeep.datHigh
CWSC:\WINDOWS\ixwkd.datHigh
CWSC:\WINDOWS\jbdxh.datHigh
CWSC:\WINDOWS\jefha.datHigh
CWSC:\WINDOWS\jfrog.datHigh
CWSC:\WINDOWS\jkclk.datHigh
CWSC:\WINDOWS\jkmhg.datHigh
CWSC:\WINDOWS\jqydf.datHigh
CWSC:\WINDOWS\kalov.datHigh
CWSC:\WINDOWS\kdkxt.datHigh
CWSC:\WINDOWS\kenpa.datHigh
CWSC:\WINDOWS\klvyg.datHigh
CWSC:\WINDOWS\laejt.datHigh
CWSC:\WINDOWS\lnqtx.datHigh
CWSC:\WINDOWS\lxzgq.datHigh
CWSC:\WINDOWS\mhenz.datHigh
CWSC:\WINDOWS\msijy.datHigh
CWSC:\WINDOWS\mzxfs.datHigh
CWSC:\WINDOWS\ncrmc.datHigh
CWSC:\WINDOWS\nsxgh.datHigh
CWSC:\WINDOWS\pcpcf.datHigh
CWSC:\WINDOWS\porkw.datHigh
CWSC:\WINDOWS\ppdgn.datHigh
CWSC:\WINDOWS\qaicm.datHigh
CWSC:\WINDOWS\qguky.datHigh
CWSC:\WINDOWS\qpare.datHigh
CWSC:\WINDOWS\qzawp.datHigh
CWSC:\WINDOWS\rbnsz.datHigh
CWSC:\WINDOWS\rkmvx.datHigh
CWSC:\WINDOWS\safxn.datHigh
CWSC:\WINDOWS\sgyiv.datHigh
CWSC:\WINDOWS\tqtsq.datHigh
CWSC:\WINDOWS\uvwdp.datHigh
CWSC:\WINDOWS\uzcpz.datHigh
CWSC:\WINDOWS\vqcre.datHigh
CWSC:\WINDOWS\vxrub.datHigh
CWSC:\WINDOWS\wfpde.datHigh
CWSC:\WINDOWS\wnltn.datHigh
CWSC:\WINDOWS\wypgg.datHigh
CWSC:\WINDOWS\xfasd.datHigh
CWSC:\WINDOWS\xqimy.datHigh
CWSC:\WINDOWS\yeuxy.datHigh
CWSC:\WINDOWS\ypbsp.datHigh
CWSC:\WINDOWS\yypyf.datHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModifiedHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModifiedHigh
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
Scan Results:
scan start:07/05/2006 20:09:59
scan stop:07/05/2006 20:22:07
scanned items:144827
found items:241
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner
Infection NameLocationRisk
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
Instant
AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
AccessHigh
IST Unknown
VariantHKCU\software\microsoft\windows\currentversion\run##start
wingman profilerMedium
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDA
Ci-joint le log de Spyware doctor (highjack?).
Il faut noter qu'à la fin du scan, il y a un pgm "résident" qui dit refuser les modifications de spyware doctor: je comprends que les pgm se marchent sur les pieds: que fait on dans ce cas là?
Spyware Doctor ReportSpyware Doctor Activity Report
Generated on 07/05/2006 15:47:06Spyware Doctor HomepagePC
Tools HomepageTechnical Support
Scans (basic information only):
Scan Results:
scan start:07/05/2006 15:49:26
scan stop:07/05/2006 16:01:44
scanned items:145080
found items:239
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner
Infection NameLocationRisk
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
Instant
AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
AccessHigh
IST Unknown
VariantHKCU\software\microsoft\windows\currentversion\run##start
wingman profilerMedium
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper ObjectaHigh
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objecta##High
Known Bad SitesC:\Documents and
Settings\Propriétaire\Favoris\antivirus test
online.urlHigh
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@2o7[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@opodo.122.2o7[1].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@xiti[1].txtLow
AdvertisingC:\Documents and
Settings\Propriétaire\Cookies\propriétaire@overture[1].txtLow
PSGuard Desktop HijackerC:\Documents and Settings\All
Users\Menu Démarrer\Security Troubleshooting.urlHigh
PSGuard Desktop HijackerC:\Documents and
Settings\Propriétaire\Favoris\Antivirus Test
Online.urlHigh
Kazaa Promotional ItemsC:\Documents and
Settings\Propriétaire\Menu Démarrer\Programs\Altnet\Peer
Points Manager.lnkMedium
Instant AccessC:\WINDOWS\Downloaded Program
Files\EGAUTH.infHigh
Instant AccessC:\WINDOWS\system32\eglivecam_1030.dllHigh
Backdoor.AgobotC:\WINDOWS\system32\winhl32.exeHigh
Instant AccessC:\WINDOWS\tmlpcert2005High
CWSC:\WINDOWS\ajele.datHigh
CWSC:\WINDOWS\aqgvi.datHigh
CWSC:\WINDOWS\ayzfc.datHigh
CWSC:\WINDOWS\bibcc.datHigh
CWSC:\WINDOWS\bmfuo.datHigh
CWSC:\WINDOWS\brlil.datHigh
CWSC:\WINDOWS\buiot.datHigh
CWSC:\WINDOWS\byivh.datHigh
CWSC:\WINDOWS\cacon.datHigh
CWSC:\WINDOWS\ccrju.datHigh
CWSC:\WINDOWS\cegur.datHigh
CWSC:\WINDOWS\crzmu.datHigh
CWSC:\WINDOWS\cteax.datHigh
CWSC:\WINDOWS\czzis.datHigh
CWSC:\WINDOWS\elqyf.datHigh
CWSC:\WINDOWS\erpsj.datHigh
CWSC:\WINDOWS\errdi.datHigh
CWSC:\WINDOWS\fffbl.datHigh
CWSC:\WINDOWS\fknrn.datHigh
CWSC:\WINDOWS\gwivm.datHigh
CWSC:\WINDOWS\gxbup.datHigh
CWSC:\WINDOWS\hlaoq.datHigh
CWSC:\WINDOWS\hmweo.datHigh
CWSC:\WINDOWS\imeep.datHigh
CWSC:\WINDOWS\ixwkd.datHigh
CWSC:\WINDOWS\jbdxh.datHigh
CWSC:\WINDOWS\jefha.datHigh
CWSC:\WINDOWS\jfrog.datHigh
CWSC:\WINDOWS\jkclk.datHigh
CWSC:\WINDOWS\jkmhg.datHigh
CWSC:\WINDOWS\jqydf.datHigh
CWSC:\WINDOWS\kalov.datHigh
CWSC:\WINDOWS\kdkxt.datHigh
CWSC:\WINDOWS\kenpa.datHigh
CWSC:\WINDOWS\klvyg.datHigh
CWSC:\WINDOWS\laejt.datHigh
CWSC:\WINDOWS\lnqtx.datHigh
CWSC:\WINDOWS\lxzgq.datHigh
CWSC:\WINDOWS\mhenz.datHigh
CWSC:\WINDOWS\msijy.datHigh
CWSC:\WINDOWS\mzxfs.datHigh
CWSC:\WINDOWS\ncrmc.datHigh
CWSC:\WINDOWS\nsxgh.datHigh
CWSC:\WINDOWS\pcpcf.datHigh
CWSC:\WINDOWS\porkw.datHigh
CWSC:\WINDOWS\ppdgn.datHigh
CWSC:\WINDOWS\qaicm.datHigh
CWSC:\WINDOWS\qguky.datHigh
CWSC:\WINDOWS\qpare.datHigh
CWSC:\WINDOWS\qzawp.datHigh
CWSC:\WINDOWS\rbnsz.datHigh
CWSC:\WINDOWS\rkmvx.datHigh
CWSC:\WINDOWS\safxn.datHigh
CWSC:\WINDOWS\sgyiv.datHigh
CWSC:\WINDOWS\tqtsq.datHigh
CWSC:\WINDOWS\uvwdp.datHigh
CWSC:\WINDOWS\uzcpz.datHigh
CWSC:\WINDOWS\vqcre.datHigh
CWSC:\WINDOWS\vxrub.datHigh
CWSC:\WINDOWS\wfpde.datHigh
CWSC:\WINDOWS\wnltn.datHigh
CWSC:\WINDOWS\wypgg.datHigh
CWSC:\WINDOWS\xfasd.datHigh
CWSC:\WINDOWS\xqimy.datHigh
CWSC:\WINDOWS\yeuxy.datHigh
CWSC:\WINDOWS\ypbsp.datHigh
CWSC:\WINDOWS\yypyf.datHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModifiedHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModifiedHigh
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
Scan Results:
scan start:07/05/2006 19:00:02
scan stop:07/05/2006 19:09:46
scanned items:120934
found items:241
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner
Infection NameLocationRisk
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
Instant
AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
AccessHigh
IST Unknown
VariantHKCU\software\microsoft\windows\currentversion\run##start
wingman profilerMedium
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper ObjectaHigh
Trojan.PopuperHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objecta##High
Known Bad SitesC:\Documents and
Settings\Propriétaire\Favoris\antivirus test
online.urlHigh
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@2o7[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@cgi-bin[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@opodo.122.2o7[1].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@xiti[1].txtLow
AdvertisingC:\Documents and
Settings\Propriétaire\Cookies\propriétaire@overture[2].txtLow
Tracking Cookie(s)C:\Documents and
Settings\Propriétaire\Cookies\propriétaire@estat[1].txtLow
PSGuard Desktop HijackerC:\Documents and Settings\All
Users\Menu Démarrer\Security Troubleshooting.urlHigh
PSGuard Desktop HijackerC:\Documents and
Settings\Propriétaire\Favoris\Antivirus Test
Online.urlHigh
Kazaa Promotional ItemsC:\Documents and
Settings\Propriétaire\Menu Démarrer\Programs\Altnet\Peer
Points Manager.lnkMedium
Instant AccessC:\WINDOWS\Downloaded Program
Files\EGAUTH.infHigh
Instant AccessC:\WINDOWS\system32\eglivecam_1030.dllHigh
Backdoor.AgobotC:\WINDOWS\system32\winhl32.exeHigh
Instant AccessC:\WINDOWS\tmlpcert2005High
CWSC:\WINDOWS\ajele.datHigh
CWSC:\WINDOWS\aqgvi.datHigh
CWSC:\WINDOWS\ayzfc.datHigh
CWSC:\WINDOWS\bibcc.datHigh
CWSC:\WINDOWS\bmfuo.datHigh
CWSC:\WINDOWS\brlil.datHigh
CWSC:\WINDOWS\buiot.datHigh
CWSC:\WINDOWS\byivh.datHigh
CWSC:\WINDOWS\cacon.datHigh
CWSC:\WINDOWS\ccrju.datHigh
CWSC:\WINDOWS\cegur.datHigh
CWSC:\WINDOWS\crzmu.datHigh
CWSC:\WINDOWS\cteax.datHigh
CWSC:\WINDOWS\czzis.datHigh
CWSC:\WINDOWS\elqyf.datHigh
CWSC:\WINDOWS\erpsj.datHigh
CWSC:\WINDOWS\errdi.datHigh
CWSC:\WINDOWS\fffbl.datHigh
CWSC:\WINDOWS\fknrn.datHigh
CWSC:\WINDOWS\gwivm.datHigh
CWSC:\WINDOWS\gxbup.datHigh
CWSC:\WINDOWS\hlaoq.datHigh
CWSC:\WINDOWS\hmweo.datHigh
CWSC:\WINDOWS\imeep.datHigh
CWSC:\WINDOWS\ixwkd.datHigh
CWSC:\WINDOWS\jbdxh.datHigh
CWSC:\WINDOWS\jefha.datHigh
CWSC:\WINDOWS\jfrog.datHigh
CWSC:\WINDOWS\jkclk.datHigh
CWSC:\WINDOWS\jkmhg.datHigh
CWSC:\WINDOWS\jqydf.datHigh
CWSC:\WINDOWS\kalov.datHigh
CWSC:\WINDOWS\kdkxt.datHigh
CWSC:\WINDOWS\kenpa.datHigh
CWSC:\WINDOWS\klvyg.datHigh
CWSC:\WINDOWS\laejt.datHigh
CWSC:\WINDOWS\lnqtx.datHigh
CWSC:\WINDOWS\lxzgq.datHigh
CWSC:\WINDOWS\mhenz.datHigh
CWSC:\WINDOWS\msijy.datHigh
CWSC:\WINDOWS\mzxfs.datHigh
CWSC:\WINDOWS\ncrmc.datHigh
CWSC:\WINDOWS\nsxgh.datHigh
CWSC:\WINDOWS\pcpcf.datHigh
CWSC:\WINDOWS\porkw.datHigh
CWSC:\WINDOWS\ppdgn.datHigh
CWSC:\WINDOWS\qaicm.datHigh
CWSC:\WINDOWS\qguky.datHigh
CWSC:\WINDOWS\qpare.datHigh
CWSC:\WINDOWS\qzawp.datHigh
CWSC:\WINDOWS\rbnsz.datHigh
CWSC:\WINDOWS\rkmvx.datHigh
CWSC:\WINDOWS\safxn.datHigh
CWSC:\WINDOWS\sgyiv.datHigh
CWSC:\WINDOWS\tqtsq.datHigh
CWSC:\WINDOWS\uvwdp.datHigh
CWSC:\WINDOWS\uzcpz.datHigh
CWSC:\WINDOWS\vqcre.datHigh
CWSC:\WINDOWS\vxrub.datHigh
CWSC:\WINDOWS\wfpde.datHigh
CWSC:\WINDOWS\wnltn.datHigh
CWSC:\WINDOWS\wypgg.datHigh
CWSC:\WINDOWS\xfasd.datHigh
CWSC:\WINDOWS\xqimy.datHigh
CWSC:\WINDOWS\yeuxy.datHigh
CWSC:\WINDOWS\ypbsp.datHigh
CWSC:\WINDOWS\yypyf.datHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKCR\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\DataHigh
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B}\LocalServer32##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKCR\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\DataHigh
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data0High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\Data##Data2High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688}\LocalServer32##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKCR\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\DataHigh
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\Data##High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32High
CWSHKLM\Software\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC}\LocalServer32##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\eglivecam_1028.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\Contains\Files##C:\WINDOWS\System32\EGAUTH.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}\InstalledVersion##LastModifiedHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##SystemComponentHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}##InstallerHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\ContainsHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\FilesHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\Contains\Files##C:\WINDOWS\System32\nethv32.dllHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformationHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##CODEBASEHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\DownloadInformation##INFHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersionHigh
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##High
Instant AccessHKLM\Software\Microsoft\Code Store
Database\Distribution
Units\{469C7080-8EC8-43A6-AD97-45848113743C}\InstalledVersion##LastModifiedHigh
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKCR\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##High
Instant
AccessHKLM\Software\Classes\CLSID\{DDF44FD9-749F-4761-89BB-E8A59339E459}\InprocServer32##ThreadingModelHigh
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCR\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##Elevated
SpyAxeHKCU\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32##ThreadingModelElevated
Scan Results:
scan start:07/05/2006 20:09:59
scan stop:07/05/2006 20:22:07
scanned items:144827
found items:241
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner
Infection NameLocationRisk
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`IHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I##NextInstanceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##High
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ServiceHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##LegacyHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ConfigFlagsHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##ClassGUIDHigh
CWSHKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000##DeviceDescHigh
Instant
AccessHKCU\Software\Microsoft\Windows\CurrentVersion\Run##Instant
AccessHigh
IST Unknown
VariantHKCU\software\microsoft\windows\currentversion\run##start
wingman profilerMedium
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsidElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\ProxyStubClsid32##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLibElevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##Elevated
RXToolbarHKCR\Interface\{AC368F5F-6670-4DDE-A1A8-B9C064EA0402}\TypeLib##VersionElevated
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##High
SessoHKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FEF22E989A11FC64DA8EBAA19A0851D12A40D3D2##BlobHigh
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKCR\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsid32##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLibElevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##Elevated
SlagentHKCR\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\ProxyStubClsid32##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLibElevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##Elevated
SlagentHKLM\software\classes\interface\{0FD5FDC2-2080-4C47-9E7A-724A6201551B}\TypeLib##VersionElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}##Elevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDAE3}\ProxyStubClsidElevated
SlagentHKLM\software\classes\interface\{4C7F0895-6FD8-46EE-880E-053DF58DDA
Bonjour à tous
Merci Inco ;-)
non, hijackthis, c'est le rapport que tu as posté dans ton 1er message
colle en un nouveau stp
++
Merci Inco ;-)
non, hijackthis, c'est le rapport que tu as posté dans ton 1er message
colle en un nouveau stp
++
Bonjour Green Day, et à tous,
Non, je n'ai pas négligé le PC, mais le boulot de la semaine ne m'a pas encouragé à me connecter: j'aime bien tes citations, toujours optimistes: je t'en sort une, de moi: "il faut distinguer le savoir du faire": je sais que je sais peu, et que dans le PC, je ne fais quasiment rien, sauf des bêtises éventuellement....
Je te joins Hijackthis: c'est toujours aussi abscons (d'où ma citation, n'en plaise à Voltaire...)
Logfile of HijackThis v1.99.1
Scan saved at 21:17:05, on 13/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GF8XKD67\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Bon courage Mlle....
Merci de contribuer au lent développement de mon savoir!
Bonne fin de WE
Non, je n'ai pas négligé le PC, mais le boulot de la semaine ne m'a pas encouragé à me connecter: j'aime bien tes citations, toujours optimistes: je t'en sort une, de moi: "il faut distinguer le savoir du faire": je sais que je sais peu, et que dans le PC, je ne fais quasiment rien, sauf des bêtises éventuellement....
Je te joins Hijackthis: c'est toujours aussi abscons (d'où ma citation, n'en plaise à Voltaire...)
Logfile of HijackThis v1.99.1
Scan saved at 21:17:05, on 13/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GF8XKD67\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Bon courage Mlle....
Merci de contribuer au lent développement de mon savoir!
Bonne fin de WE
Salut
lol !
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_FR_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
==> recherche et supprime ce prog : ALCXMNTR.EXE
ensuite, repasse un pti coup de ewido, et avec ce prog :
*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et enfin :
scan en ligne : colle rapport entier ( s’il y a quelque chose) :
http://www.bitdefender.fr/bd/site/search.php#
bon courage, @+
;-)
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
lol !
Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_FR_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
==> recherche et supprime ce prog : ALCXMNTR.EXE
ensuite, repasse un pti coup de ewido, et avec ce prog :
*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .
*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
et enfin :
scan en ligne : colle rapport entier ( s’il y a quelque chose) :
http://www.bitdefender.fr/bd/site/search.php#
bon courage, @+
;-)
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
Bonjour Green Day
La recherche en ligne étant un peu longue, Morphée m'a pris avant la fin...
Merci de tes recommandations, suivies à la lettre.
Ci-joint le rapport de Bitdefender, que j'accompagne d'une question: depuis sa connection, j'ai récupéré une barre d'outil Yahoo, qui ne me sert à rien: quelle est la solution de nettoyage?
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Mon, May 15, 2006 - 01:12:01</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:49:21</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">565641</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6747</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">21761</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">67873</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">8</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">56</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">56</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">374883</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">40</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.L</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.ClassLoader.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)=>creme_de_gruyere.jpg .scr</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Mabutu.A@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)=>creme_de_gruyere.jpg .scr</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left&
La recherche en ligne étant un peu longue, Morphée m'a pris avant la fin...
Merci de tes recommandations, suivies à la lettre.
Ci-joint le rapport de Bitdefender, que j'accompagne d'une question: depuis sa connection, j'ai récupéré une barre d'outil Yahoo, qui ne me sert à rien: quelle est la solution de nettoyage?
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Mon, May 15, 2006 - 01:12:01</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:49:21</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">565641</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6747</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">21761</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">67873</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">8</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">56</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">56</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">374883</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">40</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2A50026B.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2B487959.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\2CBC6506.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Downloader.Java.Openconnection.L</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Beyond.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>counter.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.ClassLoader.D</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Exploit.Java.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)=>VerifierBug.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\34651FC9.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>GetAccess.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>InsecureClassLoader.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.OpenConnection.F</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)=>Installer.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\395D1406.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)=>creme_de_gruyere.jpg .scr</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Win32.Mabutu.A@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)=>creme_de_gruyere.jpg .scr</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\43D90B4C</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>a.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Mis à jour</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Java.Classloader.Dummy.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\Norton AntiVirus\Quarantine\52685775.zip=>(Quarantine-2)=>Dummy.class</font></p>
</td>
<td width="43%" align="left&
Salut
le rapport est en language codé 8-)
vide ta quarantaine norton ...
reposte un nouveau hijackthis et precise s'il te reste des soucis
++
le rapport est en language codé 8-)
vide ta quarantaine norton ...
reposte un nouveau hijackthis et precise s'il te reste des soucis
++
Bonjour Green Day: l'espoir demeure et fait avancer
Avant la lecture de hijackthis, j'ai oublié de te mentionner que le programme "RESIDENT" de SPYBOT couine lorsque CCLEANER fait le ménage dans le registre, et s'oppose aux modifs: je l'ai désactivé, sans être sûr que cela soit suffisant. Si tu me conseilles de recommencer, pas de pb, car j'ai bien l'impression qu'un grand ménage a été fait grâce à toi (et aussi aux membres du forum).
Ci-dessous le log Hijackthis.
Merci, et bonne journée
Logfile of HijackThis v1.99.1
Scan saved at 09:55:54, on 16/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Avant la lecture de hijackthis, j'ai oublié de te mentionner que le programme "RESIDENT" de SPYBOT couine lorsque CCLEANER fait le ménage dans le registre, et s'oppose aux modifs: je l'ai désactivé, sans être sûr que cela soit suffisant. Si tu me conseilles de recommencer, pas de pb, car j'ai bien l'impression qu'un grand ménage a été fait grâce à toi (et aussi aux membres du forum).
Ci-dessous le log Hijackthis.
Merci, et bonne journée
Logfile of HijackThis v1.99.1
Scan saved at 09:55:54, on 16/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Salut
lol ! je suis bien d'accord avec toi ...
euh ! dis moi, tu es sûr que c'est un nouveau rapport ?! ... lol
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum stp
@+
;-)
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
lol ! je suis bien d'accord avec toi ...
euh ! dis moi, tu es sûr que c'est un nouveau rapport ?! ... lol
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum stp
@+
;-)
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
Bonsoir Green Day, Heu, oui, enfin.., je crois: mais si ce n'est pas le cas avec la liste ci-dessous, je dois être bon à ranger avec les dinosaures....
Merci pour tout
Logfile of HijackThis v1.99.1
Scan saved at 20:33:19, on 18/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci pour tout
Logfile of HijackThis v1.99.1
Scan saved at 20:33:19, on 18/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Salut
ok, mais c'est vraiment bizzar ...
alors : cf manip poste 14 ! ( sans les 08 et 016 )
ensuite reposte un nouveau hijackthis et precise tes soucis
bon courage, @+
ok, mais c'est vraiment bizzar ...
alors : cf manip poste 14 ! ( sans les 08 et 016 )
ensuite reposte un nouveau hijackthis et precise tes soucis
bon courage, @+
Re-salut Green Day, bonsoir did
J'ai repris le 14 comme demandé, en fermant le programme "Résident" de SPYBOT, qui empêche des modifs de registre: j'ai "fixé", et voici le log correspondant.
Je vais maintenant tester ce que propose Did71.
Bonne nuit!
Logfile of HijackThis v1.99.1
Scan saved at 02:13:42, on 19/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
J'ai repris le 14 comme demandé, en fermant le programme "Résident" de SPYBOT, qui empêche des modifs de registre: j'ai "fixé", et voici le log correspondant.
Je vais maintenant tester ce que propose Did71.
Bonne nuit!
Logfile of HijackThis v1.99.1
Scan saved at 02:13:42, on 19/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
bonsoir à tous,
green, si tu permets,
cette ligne :
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess , montre egdaccess
Télécharge Blacklight (de F-Secure) :
https://www.f-secure.com/en
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
a+
green, si tu permets,
cette ligne :
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess , montre egdaccess
Télécharge Blacklight (de F-Secure) :
https://www.f-secure.com/en
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
a+
Re Bonsoir Did et Green Day
Après la manip préconisée par Green, j'ai fait ce que tu proposes:
miracle! Blacklight n'a rien trouvé! Ci dessous le log.
Bonne nuit. Dodo!
05/19/06 02:24:11 [Info]: BlackLight Engine 1.0.36 initialized
05/19/06 02:24:11 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/19/06 02:24:11 [Note]: 7019 4
05/19/06 02:24:11 [Note]: 7005 0
05/19/06 02:24:17 [Note]: 7006 0
05/19/06 02:24:17 [Note]: 7011 1704
05/19/06 02:24:17 [Note]: 7026 0
05/19/06 02:24:17 [Note]: 7026 0
05/19/06 02:24:27 [Note]: FSRAW library version 1.7.1015
05/19/06 02:31:34 [Note]: 2000 1006
05/19/06 02:33:14 [Note]: 7007 0
Après la manip préconisée par Green, j'ai fait ce que tu proposes:
miracle! Blacklight n'a rien trouvé! Ci dessous le log.
Bonne nuit. Dodo!
05/19/06 02:24:11 [Info]: BlackLight Engine 1.0.36 initialized
05/19/06 02:24:11 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/19/06 02:24:11 [Note]: 7019 4
05/19/06 02:24:11 [Note]: 7005 0
05/19/06 02:24:17 [Note]: 7006 0
05/19/06 02:24:17 [Note]: 7011 1704
05/19/06 02:24:17 [Note]: 7026 0
05/19/06 02:24:17 [Note]: 7026 0
05/19/06 02:24:27 [Note]: FSRAW library version 1.7.1015
05/19/06 02:31:34 [Note]: 2000 1006
05/19/06 02:33:14 [Note]: 7007 0
Salut
ok; remets un nouveau hijackthis stp
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
ok; remets un nouveau hijackthis stp
++
***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
Salut Green Day:
Tout n'est pas rose: "Resident" couine encore et refuse de modifier le registre, alors que je l'avais fermé avant le "fix".
La patience est-elle une vertue?
Ci-dessous le dernier log
Bonne nuit
Logfile of HijackThis v1.99.1
Scan saved at 23:42:34, on 19/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Tout n'est pas rose: "Resident" couine encore et refuse de modifier le registre, alors que je l'avais fermé avant le "fix".
La patience est-elle une vertue?
Ci-dessous le dernier log
Bonne nuit
Logfile of HijackThis v1.99.1
Scan saved at 23:42:34, on 19/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Salut
t'inket ! ça prendra le temps qu'il faudra ;-)
" un temps à chaque chose et chaque chose en son temps ! " :)
je ne comprends pas pourquoi les lignes que tu fixes reviennent à chaque fois ???
1) Désactiver la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
2) Redémarre en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
( si F8 ne fonctionne pas essaie avec F5)
3) Relance hijackthis :
choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
demo : http://pageperso.aol.fr/balltrap34/demohijack.htm
==> cf poste 14
@+
t'inket ! ça prendra le temps qu'il faudra ;-)
" un temps à chaque chose et chaque chose en son temps ! " :)
je ne comprends pas pourquoi les lignes que tu fixes reviennent à chaque fois ???
1) Désactiver la Restauration du système
* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs
2) Redémarre en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
( si F8 ne fonctionne pas essaie avec F5)
3) Relance hijackthis :
choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :
demo : http://pageperso.aol.fr/balltrap34/demohijack.htm
==> cf poste 14
@+
Chère Green,
Heureux celui qui a compris qu'il ne faut jamais chercher à comprendre....
J'essaie quand même, et après avoir désinstallé Spybot et son fameux "Résident", j'ai fait ce que tu m'as conseillé, et voila ce que cela donne (note qd même que le message p2esock_1021.dll non trouvé existe toujours au démarrage, et là je ne comprends pas):
Logfile of HijackThis v1.99.1
Scan saved at 20:25:15, on 21/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OUTILS NETTOYAGE-SCAN-VIRUS\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci de ton aide constante et toujours optimiste!
BONNE SOIREE
Heureux celui qui a compris qu'il ne faut jamais chercher à comprendre....
J'essaie quand même, et après avoir désinstallé Spybot et son fameux "Résident", j'ai fait ce que tu m'as conseillé, et voila ce que cela donne (note qd même que le message p2esock_1021.dll non trouvé existe toujours au démarrage, et là je ne comprends pas):
Logfile of HijackThis v1.99.1
Scan saved at 20:25:15, on 21/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OUTILS NETTOYAGE-SCAN-VIRUS\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci de ton aide constante et toujours optimiste!
BONNE SOIREE
bonsoir à vous,
je me permets d'intervenir car je vois toujours egdaccess, troublant d'ailleurs!
vas dans menu démarrer>exécuter> tu écris msconfig > démarrage> dis moi si tu vois instant access
a+
je me permets d'intervenir car je vois toujours egdaccess, troublant d'ailleurs!
vas dans menu démarrer>exécuter> tu écris msconfig > démarrage> dis moi si tu vois instant access
a+
Bonsoir :-)
c'est bien mieux, en effet, mais je crois que egdaccess t'aimes et ne veux pas te quitter lol
sinon : Did, il fauderai peut être chercher le fichier .dll et le supprimer ??? à moin qu'il y est un autre prog qui supprime aussi cette bébéte ???
merci pour ton coup de main
GPAT : courage !
@+
c'est bien mieux, en effet, mais je crois que egdaccess t'aimes et ne veux pas te quitter lol
sinon : Did, il fauderai peut être chercher le fichier .dll et le supprimer ??? à moin qu'il y est un autre prog qui supprime aussi cette bébéte ???
merci pour ton coup de main
GPAT : courage !
@+
Hello
egdaccess = saloperie
methodologie à suivre :
Autre méthode: (Merci Philae)
* Télécharger Brute Force Uninstaller (de Merijn).
http://www.merijn.org/files/bfu.zip
Décompresse-le dans un dossier propre à lui (c:\BFU)
* FAIRE UN CLIC-DROIT ICI
http://metallica.geekstogo.com/EGDACCESS.bfu
et choisir "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..") afin de télécharger EGDACCESS Remover (de Metallica). Sauvegarder le dans le dossier créé (c:\BFU)
Démarrer "Brute Force Uninstaller" en double-cliquant BFU.exe
Sous scriptline to execute copie/coller c:\bfu\EGDACCESS.bfu
Cliquer sur execute et laisser-le faire son travail.
Attendre que complete script execution apparaîsse et cliquer sur OK.
*Recommencer avec ce fichier les mêmes manipulations
http://metallica.geekstogo.com/p2pnetwork.bfu
* Cliquer Exit pour fermer le programme BFU.
* Redémarrer et poster un nouveau rapport HijackThis.
egdaccess = saloperie
methodologie à suivre :
Autre méthode: (Merci Philae)
* Télécharger Brute Force Uninstaller (de Merijn).
http://www.merijn.org/files/bfu.zip
Décompresse-le dans un dossier propre à lui (c:\BFU)
* FAIRE UN CLIC-DROIT ICI
http://metallica.geekstogo.com/EGDACCESS.bfu
et choisir "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..") afin de télécharger EGDACCESS Remover (de Metallica). Sauvegarder le dans le dossier créé (c:\BFU)
Démarrer "Brute Force Uninstaller" en double-cliquant BFU.exe
Sous scriptline to execute copie/coller c:\bfu\EGDACCESS.bfu
Cliquer sur execute et laisser-le faire son travail.
Attendre que complete script execution apparaîsse et cliquer sur OK.
*Recommencer avec ce fichier les mêmes manipulations
http://metallica.geekstogo.com/p2pnetwork.bfu
* Cliquer Exit pour fermer le programme BFU.
* Redémarrer et poster un nouveau rapport HijackThis.
bonjour à vous,
Exact c'est cette ligne qu'il faut supprimer du démarrage:
rundll32.exe p2esocks_1021.dll,instant access
Ensuite essaie de trouver cette DLL est de la supprimer:
p2esocks_1021.dll
Pour aranjuez le BFU ne fonctionnera pas car l'infection n'est pas active, blacklight l'aurais trouvé.
Et le script p2pnetwork.bfu n'est pas lié à la désinfection de egdaccess mais p2pnetworking.exe, non présent dans ce sujet.
a+
Exact c'est cette ligne qu'il faut supprimer du démarrage:
rundll32.exe p2esocks_1021.dll,instant access
Ensuite essaie de trouver cette DLL est de la supprimer:
p2esocks_1021.dll
Pour aranjuez le BFU ne fonctionnera pas car l'infection n'est pas active, blacklight l'aurais trouvé.
Et le script p2pnetwork.bfu n'est pas lié à la désinfection de egdaccess mais p2pnetworking.exe, non présent dans ce sujet.
a+
Bonsoir à tous: Did, Green, Aranjuez etc..
Ben voila, c'est tout bête, mais comment fait-on pour supprimer une instruction dans le démarrage?
J'imagine que lorsqu'on décoche celle-ci, cela permet de ne pas l'éxécuter, mais cela ne la supprime pas.
Bref, j'ai un pb de savoir faire.
Ne croyez pas à une infidélité quelconque pendant quelques jours, j'abandonne (provisoirement) le PC pour le WE!!
Bonne nuit à tout le monde.
A + quand je vais vous lire.
Ben voila, c'est tout bête, mais comment fait-on pour supprimer une instruction dans le démarrage?
J'imagine que lorsqu'on décoche celle-ci, cela permet de ne pas l'éxécuter, mais cela ne la supprime pas.
Bref, j'ai un pb de savoir faire.
Ne croyez pas à une infidélité quelconque pendant quelques jours, j'abandonne (provisoirement) le PC pour le WE!!
Bonne nuit à tout le monde.
A + quand je vais vous lire.
bsr
ok did, compris
GPAT
""comment fait-on pour supprimer une instruction dans le démarrage ? "
déma>exécuter>tape msconfig>ok> va ds onglet démarrage
Suis extrait tuto de zébulon :
=========
L'onglet "Démarrage"
L'onglet "Démarrage" indique les programmes qui sont chargés à l'ouverture de session.
Onglet Démarrage de msconfig
C'est ici qu'il faut venir en premier pour désactiver des programmes suspects, vous retrouvez tous ces programmes dans votre gestionnaire des taches à l'onglet "Processus".
Tout ces programmes sont inscrits dans votre base de registre dans les clés :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Si vous souhaitez que votre session démarre plus vite, vous pouvez supprimer tous les programmes superflus, seuls devraient rester votre antivirus, votre firewall et votre connexion USB.
Comme vous pouvez le constater, cet outil offre de nombreuses possibilités et permet souvent de résoudre des problèmes rapidement. C'est le premier outil à utiliser en cas de problème...
ok did, compris
GPAT
""comment fait-on pour supprimer une instruction dans le démarrage ? "
déma>exécuter>tape msconfig>ok> va ds onglet démarrage
Suis extrait tuto de zébulon :
=========
L'onglet "Démarrage"
L'onglet "Démarrage" indique les programmes qui sont chargés à l'ouverture de session.
Onglet Démarrage de msconfig
C'est ici qu'il faut venir en premier pour désactiver des programmes suspects, vous retrouvez tous ces programmes dans votre gestionnaire des taches à l'onglet "Processus".
Tout ces programmes sont inscrits dans votre base de registre dans les clés :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Si vous souhaitez que votre session démarre plus vite, vous pouvez supprimer tous les programmes superflus, seuls devraient rester votre antivirus, votre firewall et votre connexion USB.
Comme vous pouvez le constater, cet outil offre de nombreuses possibilités et permet souvent de résoudre des problèmes rapidement. C'est le premier outil à utiliser en cas de problème...
Pour l'étalon, il faut prendre les mesures!.....
Pour le bourricaut, t'inquiète pas, tu l'as trouvé!
Par contre le bourricaut n'a pas trouvé dans l'onglet démarrage le p2esock_1021.dll qui m'ennuie depuis des mois: je l'ai cherché également avec l'outil "chercher" de Windows: rien trouvé! alors pour faire avancer le bourricaut, il faut une sacré carrotte, mais je ne suis pas dans l'agriculture!
Quant à StealthSWs114..., il a disparu. Ouf!
Allez, bonne journée à tous!
Pour le bourricaut, t'inquiète pas, tu l'as trouvé!
Par contre le bourricaut n'a pas trouvé dans l'onglet démarrage le p2esock_1021.dll qui m'ennuie depuis des mois: je l'ai cherché également avec l'outil "chercher" de Windows: rien trouvé! alors pour faire avancer le bourricaut, il faut une sacré carrotte, mais je ne suis pas dans l'agriculture!
Quant à StealthSWs114..., il a disparu. Ouf!
Allez, bonne journée à tous!
SmitFraudFix v2.37
Rapport fait à 0:00:25,15, 30/04/2006
Executé à partir de C:\Program Files\SMITFRAUDFIX\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\d3??.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dcomcfg.exe PRESENT !
C:\WINDOWS\system32\dfrgsrv.exe PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\ncompat.tlb PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\simpole.tlb PRESENT !
C:\WINDOWS\system32\sivudro.dll PRESENT !
C:\WINDOWS\system32\stdole3.tlb PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\SpywareQuake.com\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!! Attention, les clés qui suivent ne sont pas forcément infectées !!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}"="SivuWare"
[HKEY_CLASSES_ROOT\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32]
@="C:\WINDOWS\system32\sivudro.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}\InProcServer32]
@="C:\WINDOWS\system32\sivudro.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Deuxième rapport:
SmitFraudFix v2.37
Rapport fait à 0:09:55,06, 30/04/2006
Executé à partir de C:\Program Files\SMITFRAUDFIX\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\d3??.dll supprimé
C:\WINDOWS\system32\dcomcfg.exe supprimé
C:\WINDOWS\system32\dfrgsrv.exe supprimé
C:\WINDOWS\system32\hp????.tmp supprimé
C:\WINDOWS\system32\ld????.tmp supprimé
C:\WINDOWS\system32\ncompat.tlb supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\simpole.tlb supprimé
C:\WINDOWS\system32\sivudro.dll supprimé
C:\WINDOWS\system32\stdole3.tlb supprimé
C:\WINDOWS\system32\1024\ supprimé
C:\Program Files\SpywareQuake.com\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Le problème est-il complètement réglé?
autre problème récurrent: au démarrage de windows, j'ai le message suivant: erreur de chargement p2esocks_1021.dll: je réponds OK, et je n'ai jamais rien constaté!
Encore merci pour l'aide: il est tard: dodo
Reconnexion: 01/05/06 #19H
Bonne nuit, bon WE, MERCI pour tout!