Souri délirante

Résolu/Fermé
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006 - 21 juin 2006 à 18:25
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006 - 27 juin 2006 à 15:21
voici mon rapport hijack, merci 1000X de votre aide. je suis désespéré.

Logfile of HijackThis v1.99.1
Scan saved at 18:03:13, on 21/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\ELAN.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://internet.sunrise.ch/de/hom/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by sunrise freesurf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02889306-3C6D-4049-B636-9139437E2A6C} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [zierd32] C:\WINDOWS\System32\kolder.exe C:\WINDOWS\System32\dirote.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [spzoolxkxd] C:\WINDOWS\System32\lklz\f1ght.exe C:\WINDOWS\System32\lklz\dirote.exe
O4 - HKLM\..\Run: [spoolxkxd] C:\WINDOWS\System32\bids\f1ght.exe C:\WINDOWS\System32\bids\dirote.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [OSS] c:\windows\system32\rk.exe -boot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsofts Updates] wuamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] b0tsz.exe
O4 - HKLM\..\Run: [Microsoft Update] winsyst.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft Update Machine] b0tsz.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Awss] C:\Documents and Settings\Laurent Gros\Application Data\ueoc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://internet.sunrise.ch/de/hom/default.asp
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B24127A2-DC33-4365-868D-B074188589D6}: NameServer = 194.230.1.71 194.230.1.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\dexplore.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

25 réponses

green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
22 juin 2006 à 16:22
Salut

en effet, tu es très infecté ...

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02889306-3C6D-4049-B636-9139437E2A6C} - C:\WINDOWS\system32\ddcyx.dll (file missing)

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zierd32] C:\WINDOWS\System32\kolder.exe C:\WINDOWS\System32\dirote.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [spzoolxkxd] C:\WINDOWS\System32\lklz\f1ght.exe C:\WINDOWS\System32\lklz\dirote.exe
O4 - HKLM\..\Run: [spoolxkxd] C:\WINDOWS\System32\bids\f1ght.exe C:\WINDOWS\System32\bids\dirote.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsofts Updates] wuamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] b0tsz.exe
O4 - HKLM\..\Run: [Microsoft Update] winsyst.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft Update Machine] b0tsz.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\dexplore.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll (file missing)


ensuite :

*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
est cochée) puis clique sur "lancer le nettoyage"

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


et enfin fais le 1/ et 2/ de ce lien stp :

virus methode preliminaire de desinfection version fr


++
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
22 juin 2006 à 17:29
t'es le king en ce moment avec toutes lesréponses que tu donnes sur le forum. Ecoute, j'ai fais ce que tu m'as dit et voici les nouveaux résultats de hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 17:20:53, on 22/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\ELAN.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\IXP000.TMP\Setup.Exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdlite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by sunrise freesurf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://internet.sunrise.ch/de/hom/default.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{B24127A2-DC33-4365-868D-B074188589D6}: NameServer = 194.230.1.71 194.230.1.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

je crois bien que certains fichiers reviennent,mutent, etc...
tu as qqchose à direéventuellement. merci 1000x. Laurent
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
22 juin 2006 à 17:34
re

moi c'est elle pas il ;-)

fais le 1/ et 2/ de ce lien stp :

virus methode preliminaire de desinfection version fr

++

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
22 juin 2006 à 17:59
pardonnez "elle"!!! j'ai suivi vos recommendations, voici les résultats. merci.

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:27:39 21/06/2006

+ Scan result:



C:\Documents and Settings\USer\Local Settings\Temporary Internet Files\Content.IE5\3I34JWP2\bbi8025[1].exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\MediaLoads\v1\ML.exe -> Adware.DownloadWare : Cleaned with backup (quarantined).
C:\Documents and Settings\USer\Local Settings\Temporary Internet Files\Content.IE5\2G4TM7B6\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A28DC83C-5438-45BF-B23E-1D583ADF0879}\RP1\A0000259.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A28DC83C-5438-45BF-B23E-1D583ADF0879}\RP1\A0000256.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A28DC83C-5438-45BF-B23E-1D583ADF0879}\RP1\A0000258.EXE -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A28DC83C-5438-45BF-B23E-1D583ADF0879}\RP1\A0004525.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__d_e_x_p_l_o_r_e_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
[1012] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1176] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1196] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1272] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1316] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1360] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1448] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1480] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1524] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1560] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1664] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1668] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1808] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1824] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[1980] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2072] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[208] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2176] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[236] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2392] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2416] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2664] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2808] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2832] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2840] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2868] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2900] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[2948] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3004] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3028] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3128] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3344] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3396] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3420] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3496] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[3544] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[4088] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[424] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[492] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[524] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[540] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[604] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[660] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[704] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[876] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[924] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[936] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
[988] C:\WINDOWS\system32\dexplore.dll -> Adware.PurityScan : Error during cleaning.
C:\Documents and Settings\USer\Menu Démarrer\Programmes\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TFTP4348 -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A28DC83C-5438-45BF-B23E-1D583ADF0879}\RP1\A0000007.exe -> Dialer.Agent.d : Cleaned with backup (quarantined).
C:\Documents and Settings\USer\Cookies\user@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4767.tmp -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

et voici bitdefender.... freaky! j'ai peur de devoir tout réinstaller.



//-----------------------------------------------------------------
//
// Product: BitDefender 9 Standard
// Version: 9.5
//
// Créé le: 22/06/2006 07:56:54
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\WINDOWS\system32\
Dossiers : 264
Fichiers : 7753
Archives : 68
Fichiers empaquetés : 281
Virus trouvés : 15
Fichiers infectés : 34
Alertes : 0
Fichiers suspects : 1
Fichiers désinfectés : 0
Fichiers effacés : 2
Fichiers copiés : 1
Fichiers déplacés : 10
Fichiers renommés : 0
Erreurs I/O : 12
Temps d'analyse := 00:09:22
Fichiers/seconde :13

Statistiques Spywares

Processus Mémoire analysés : 58
Processus Mémoire infectés : 0
Clés de registres analysées : 874
Clés de registres infectés : 1
Cookies analysés : 37
Cookies infectés : 1
Fichiers spyware infectés : 0
Menaces Spyware détectées : 2


Définitions virus : 415061
Plugins d'analyse : 15
Plugins archives : 42
Plug-ins décompression : 5
Plug-ins messagerie : 6
Plug-ins système : 5

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Analyser les archives
[X] Analyser les fichiers en paquets
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Copier
[ ] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[ ] Copier
[X] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1150955813.log

Options d'analyse Spyware

[X] Processus mémoire
[X] Clés de registres
[X] Cookies


Sommaire :

<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@autoaff3[1].txt Détecté: Cookie.CGI-Bin
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@autoaff3[1].txt Effacé
<System> Mise à jour
<System>=>HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76} Détecté: KaZaA
<System>=>HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76} Effacé
<System> Mise à jour impossible
C:\WINDOWS\system32\090-ntpass.xpn Infecté avec: Virtool.Xscan.Plugin
C:\WINDOWS\system32\090-ntpass.xpn Désinfection impossible
C:\WINDOWS\system32\090-ntpass.xpn Déplacé
C:\WINDOWS\system32\calcu.exe Détecté: Spyware.Prcview.A
C:\WINDOWS\system32\calcu.exe Désinfection impossible
C:\WINDOWS\system32\calcu.exe Déplacé
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>090-ntpass.xpn Infecté avec: Virtool.Xscan.Plugin
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>090-ntpass.xpn Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>090-ntpass.xpn Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>calcu.exe Détecté: Spyware.Prcview.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>calcu.exe Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>calcu.exe Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>demo.xt Infecté avec: IRC.Worm.Randon.AX
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>demo.xt Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>demo.xt Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>dirote.exe Infecté avec: Trojan.IRCFlood.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>dirote.exe Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>dirote.exe Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>easy_user.dic Infecté avec: Trojan.RemoteData.Cfg
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>easy_user.dic Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>easy_user.dic Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>emoti.bat Infecté avec: Win32.Randon.K@mm.BAT
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>emoti.bat Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>emoti.bat Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>kolder.exe=>(CExe r)=>(MS-Compress 5) Infecté avec: Virtool.HiddenRun.B
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>kolder.exe=>(CExe r)=>(MS-Compress 5) Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>niamz Infecté avec: IRC-Worm.Randon.T
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>niamz Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>niamz Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>nt_pass.dic Infecté avec: Trojan.Ircflood.Data.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>nt_pass.dic Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>nt_pass.dic Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>nt_user.dic Infecté avec: Trojan.Ircflood.Data.B
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>nt_user.dic Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>nt_user.dic Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>roudSTID.EXE Infecté avec: Trojan.Inflator.B
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>roudSTID.EXE Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>roudSTID.EXE Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>van32.exe Infecté avec: VirTool.HiddenRun.D
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>van32.exe Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIJ4L6V\rashed[1].exe=>(CAB Sfx o)=>van32.exe Déplacement impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTMVO9U3\exit.multiservers[1].htm Suspect avec: HTML.MediaTickets.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTMVO9U3\exit.multiservers[1].htm Copié
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJFBCX98\index[1].htm Infecté avec: HTML.MediaTickets.A
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJFBCX98\index[1].htm Désinfection impossible
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJFBCX98\index[1].htm Déplacé
C:\WINDOWS\system32\dat\easy_user.dic Infecté avec: Trojan.RemoteData.Cfg
C:\WINDOWS\system32\dat\easy_user.dic Désinfection impossible
C:\WINDOWS\system32\dat\easy_user.dic Déplacé
C:\WINDOWS\system32\dat\nt_pass.dic Infecté avec: Trojan.Ircflood.Data.A
C:\WINDOWS\system32\dat\nt_pass.dic Désinfection impossible
C:\WINDOWS\system32\dat\nt_pass.dic Déplacé
C:\WINDOWS\system32\dat\nt_user.dic Infecté avec: Trojan.Ircflood.Data.B
C:\WINDOWS\system32\dat\nt_user.dic Désinfection impossible
C:\WINDOWS\system32\dat\nt_user.dic Déplacé
C:\WINDOWS\system32\easy_user.dic Infecté avec: Trojan.RemoteData.Cfg
C:\WINDOWS\system32\easy_user.dic Désinfection impossible
C:\WINDOWS\system32\easy_user.dic Déplacé
C:\WINDOWS\system32\nt_pass.dic Infecté avec: Trojan.Ircflood.Data.A
C:\WINDOWS\system32\nt_pass.dic Désinfection impossible
C:\WINDOWS\system32\nt_pass.dic Déplacé
C:\WINDOWS\system32\nt_user.dic Infecté avec: Trojan.Ircflood.Data.B
C:\WINDOWS\system32\nt_user.dic Désinfection impossible
C:\WINDOWS\system32\nt_user.dic Déplacé
C:\WINDOWS\system32\plugin\090-ntpass.xpn Infecté avec: Virtool.Xscan.Plugin
C:\WINDOWS\system32\plugin\090-ntpass.xpn Désinfection impossible
C:\WINDOWS\system32\plugin\090-ntpass.xpn Déplacé
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>090-ntpass.xpn Infecté avec: Virtool.Xscan.Plugin
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>090-ntpass.xpn Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>090-ntpass.xpn Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>calcu.exe Détecté: Spyware.Prcview.A
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>calcu.exe Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>calcu.exe Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>demo.xt Infecté avec: IRC.Worm.Randon.AX
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>demo.xt Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>demo.xt Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>dirote.exe Infecté avec: Trojan.IRCFlood.A
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>dirote.exe Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>dirote.exe Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>easy_user.dic Infecté avec: Trojan.RemoteData.Cfg
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>easy_user.dic Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>easy_user.dic Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>emoti.bat Infecté avec: Win32.Randon.K@mm.BAT
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>emoti.bat Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>emoti.bat Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>kolder.exe=>(CExe r)=>(MS-Compress 5) Infecté avec: Virtool.HiddenRun.B
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>kolder.exe=>(CExe r)=>(MS-Compress 5) Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>niamz Infecté avec: IRC-Worm.Randon.T
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>niamz Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>niamz Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>nt_pass.dic Infecté avec: Trojan.Ircflood.Data.A
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>nt_pass.dic Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>nt_pass.dic Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>nt_user.dic Infecté avec: Trojan.Ircflood.Data.B
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>nt_user.dic Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>nt_user.dic Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>roudSTID.EXE Infecté avec: Trojan.Inflator.B
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>roudSTID.EXE Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>roudSTID.EXE Déplacement impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>van32.exe Infecté avec: VirTool.HiddenRun.D
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>van32.exe Désinfection impossible
C:\WINDOWS\system32\rshed.exe=>(CAB Sfx o)=>van32.exe Déplacement impossible

Fichiers analysés

<System> OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@google[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@remede[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@admajorem[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@www.hardavenue[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@startup.networktechs[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@pctools[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@process.networktechs[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@autoaff3[1].txt Détecté: Cookie.CGI-Bin
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@autoaff3[1].txt Effacé
<System> Mise à jour
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@symantec[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@www.dualforum[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@drivecleaner[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@compnet.us.intellitxt[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@www.networktechs[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@www.commentcamarche[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@bleepingcomputer[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@ext.infos-du-net[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@toolbar.google[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@forum[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@pcentraide[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@google[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@indexstats[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@www.regnow[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@82.98.235[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@zebulon[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@62.4.84[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@forum.hardware[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@google[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@59.148.220[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@82.98.235[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@xiti[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@1072556060[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@bleepingcomputer.us.intellitxt[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@idregie[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@stats.drivecleaner[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@xiti[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@izsecurite.free[1].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@infos-du-net[2].txt OK
<System>=>C:\Documents and Settings\Laurent Gros\Cookies\laurent gros@scanner.sysprotect[1].txt OK
<System>=>C:\WINDOWS\System32\smss.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\smss.exe (disk) OK
<System>=>C:\WINDOWS\System32\smss.exe (full dump) OK
<System>=>C:\WINDOWS\system32\csrss.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\csrss.exe (disk) OK
<System>=>C:\WINDOWS\system32\csrss.exe (full dump) OK
<System>=>C:\WINDOWS\system32\winlogon.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\winlogon.exe (disk) OK
<System>=>C:\WINDOWS\system32\winlogon.exe (full dump) OK
<System>=>C:\WINDOWS\system32\services.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\services.exe (disk) OK
<System>=>C:\WINDOWS\system32\services.exe (full dump) OK
<System>=>C:\WINDOWS\system32\lsass.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\lsass.exe (disk) OK
<System>=>C:\WINDOWS\system32\lsass.exe (full dump) OK
<System>=>C:\WINDOWS\system32\Ati2evxx.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\Ati2evxx.exe (disk) OK
<System>=>C:\WINDOWS\system32\Ati2evxx.exe (full dump) OK
<System>=>C:\WINDOWS\system32\svchost.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\svchost.exe (disk) OK
<System>=>C:\WINDOWS\system32\svchost.exe (full dump) OK
<System>=>C:\WINDOWS\system32\svchost.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\svchost.exe (disk) OK
<System>=>C:\WINDOWS\system32\svchost.exe (full dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (disk) OK
<System>=>C:\WINDOWS\System32\svchost.exe (full dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (disk) OK
<System>=>C:\WINDOWS\System32\svchost.exe (full dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (disk) OK
<System>=>C:\WINDOWS\System32\svchost.exe (full dump) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (memory dump) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (disk) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (full dump) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (memory dump) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (disk) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (full dump) OK
<System>=>C:\WINDOWS\system32\spoolsv.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\spoolsv.exe (disk) OK
<System>=>C:\WINDOWS\system32\spoolsv.exe (full dump) OK
<System>=>C:\Program Files\Norton AntiVirus\navapsvc.exe (memory dump) OK
<System>=>C:\Program Files\Norton AntiVirus\navapsvc.exe (disk) OK
<System>=>C:\Program Files\Norton AntiVirus\navapsvc.exe (full dump) OK
<System>=>C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (memory dump) OK
<System>=>C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (disk) OK
<System>=>C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (full dump) OK
<System>=>C:\Program Files\Spyware Doctor\sdhelp.exe (memory dump) OK
<System>=>C:\Program Files\Spyware Doctor\sdhelp.exe (disk) OK
<System>=>C:\Program Files\Spyware Doctor\sdhelp.exe (full dump) OK
<System>=>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (memory dump) OK
<System>=>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (disk) OK
<System>=>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (full dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (disk) OK
<System>=>C:\WINDOWS\System32\svchost.exe (full dump) OK
<System>=>C:\WINDOWS\system32\wdfmgr.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\wdfmgr.exe (disk) OK
<System>=>C:\WINDOWS\system32\wdfmgr.exe (full dump) OK
<System>=>C:\WINDOWS\system32\MsPMSPSv.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\MsPMSPSv.exe (disk) OK
<System>=>C:\WINDOWS\system32\MsPMSPSv.exe (full dump) OK
<System>=>C:\WINDOWS\System32\alg.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\alg.exe (disk) OK
<System>=>C:\WINDOWS\System32\alg.exe (full dump) OK
<System>=>C:\WINDOWS\system32\Ati2evxx.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\Ati2evxx.exe (disk) OK
<System>=>C:\WINDOWS\system32\Ati2evxx.exe (full dump) OK
<System>=>C:\WINDOWS\Explorer.EXE (memory dump) OK
<System>=>C:\WINDOWS\Explorer.EXE (disk) OK
<System>=>C:\WINDOWS\Explorer.EXE (full dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\svchost.exe (disk) OK
<System>=>C:\WINDOWS\System32\svchost.exe (full dump) OK
<System>=>C:\WINDOWS\system32\RunDLL32.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\RunDLL32.exe (disk) OK
<System>=>C:\WINDOWS\system32\RunDLL32.exe (full dump) OK
<System>=>C:\WINDOWS\system32\rundll32.exe (memory dump) OK
<System>=>C:\WINDOWS\system32\rundll32.exe (disk) OK
<System>=>C:\WINDOWS\system32\rundll32.exe (full dump) OK
<System>=>C:\Program Files\iTunes\iTunesHelper.exe (memory dump) OK
<System>=>C:\Program Files\iTunes\iTunesHelper.exe (disk) OK
<System>=>C:\Program Files\iTunes\iTunesHelper.exe (full dump) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (memory dump) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (disk) OK
<System>=>C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (full dump) OK
<System>=>C:\Program Files\iPod\bin\iPodService.exe (memory dump) OK
<System>=>C:\Program Files\iPod\bin\iPodService.exe (disk) OK
<System>=>C:\Program Files\iPod\bin\iPodService.exe (full dump) OK
<System>=>C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (memory dump) OK
<System>=>C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (disk) OK
<System>=>C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (full dump) OK
<System>=>C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe (memory dump) OK
<System>=>C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe (disk) OK
<System>=>C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe (full dump) OK
<System>=>C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (memory dump) OK
<System>=>C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (disk) OK
<System>=>C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (full dump) OK
<System>=>C:\WINDOWS\System32\ELAN.exe (memory dump) OK
<System>=>C:\WINDOWS\System32\ELAN.exe (disk) OK
<System>=>C:\WINDOWS\System32\ELAN.exe (full dump) OK
<System>=>C:\Program Files\QuickTime\qttask.exe (memory dump) OK
<System>=>C:\Program Files\QuickTime\qttask.exe (disk) OK
<System>=>C:\Program Files\QuickTime\qttask.exe (full dump) OK
<System>=>C:\Program Files\Messenger\msmsgs.exe (memory dump) OK
<System>=>C:\Program Files\Messenger\msmsgs.exe (disk) OK
<System>=>C:\Program Files\Messenger\msmsgs.exe (full dump) OK
<System>=>C:\Program Files\Ahead\InCD\InCD.exe (memory dump) OK
<System>=>C:\Program Files\Ahead\InCD\InCD.exe (disk) OK
<System>=>C:\Program Files\Ahead\InCD\InCD.exe (full dump) OK
<System>=>C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (memory dump) OK
<System>=>C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (disk) OK
<System>=>C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (full dump) OK
<System>=>C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (memory dump) OK
<System>=>C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (disk) OK
<System>=>C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (full dump) OK
<System>=>C:\Program Files\Apoint2K\Apoint.exe (memory dump) OK
<System>=>C:\Program Files\Apoint2K\Apoint.exe (disk) OK
<System>=>C:\Program Files\Apoint2K\Apoint.exe (full dump) OK
<System>=>C:\WINDOWS\AGRSMMSG.exe (memory dump) OK
<System>=>C:\WINDOWS\AGRSMMSG.exe (disk) OK
<System>=>C:\WINDOWS\AGRSMMSG.exe (full dump) OK
<System>=>C:\Program Files\Creative\Shared Files\CamTray.exe (memory dump) OK
<System>=>C:\Program Files\Creative\Shared Files\CamTray.exe (disk) OK
<System>=>C:\Program Files\Creative\Shared Files\CamTray.exe (full dump) OK
<System>=>C:\Program Files\WinZip\WZQKPICK.EXE (memory dump) OK
<System>=>C:\Program Files\WinZip\WZQKPICK.EXE (disk) OK
<System>=>C:\Program Files\WinZip\WZQKPICK.EXE (full dump) OK
<System>=>C:\Program Files\Apoint2K\Apntex.exe (memory dump) OK
<System>=>C:\Program Files\Apoint2K\Apntex.exe (disk) OK
<System>=>C:\Program Files\Apoint2K\Apntex.exe (full dump) OK
<System>=>C:\Program Files\ewido anti-spyware 4.0\ewido.exe (memory dump) OK
<System>=>C:\Program Files\ewido anti-spyware 4.0\ewido.exe (disk) OK
<System>=>C:\Program Files\ewido anti-spyware 4.0\ewido.exe (full dump) OK
<System>=>C:\Program Files\Internet Explorer\iexplore.exe (memory dump) OK
<System>=>C:\Program Files\Internet Explorer\iexplore.exe (disk) OK
<System>=>C:\Program Files\Internet Explorer\iexplore.exe (full dump) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>comctl32.inf OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>prebind.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>comc95.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>comcnt.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>ADVPACK.DLL OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>W95INF32.DLL OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>W95INF16.DLL OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>40comupd.inf OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>comctl32.nt OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>comctl32.w95 OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>prebind.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>ADVPACK.DLL OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>W95INF32.DLL OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE)=>(CAB Sfx r)=>W95INF16.DLL OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded EXE) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB) OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>procinf.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>psapi.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>tdfolder.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>getfile.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>zlib.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdnews.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdnagent.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>avxdisk.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>avxs.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>avxt.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdc.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdcore.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdss.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdupd.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>libfn.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdmcon.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdswitch.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdinit.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>live.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>livesrv.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>upgrepl.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>httpgetf.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>quar.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>quarcore.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>agentreg.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>report.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>librtvr.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdlite.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>vscan.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>schcore.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>schface.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdshelxt.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>vshield.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>vsserv.exe OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>wsc.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdfsdrv.sys OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>filespy.vxd OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>filespy9x.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>mimeinf.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdsmtpp.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdpop3p.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>noscan.dat OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>bdrsdrv.sys OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>regspy.vxd OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>sockspy.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>tsiconfig.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>popup.dll OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_mconmain.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_mdefault.tsi OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_aslistsback.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_bdlite_skin.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_popup.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_graficdisableonex.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_update_popup.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_alert_av.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_alert_reg.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_alert_asy.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_icon_min.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_icon_exit.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_tab_on.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_tab_off.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_av_on.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_av_off.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_live_on.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_live_off.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_main_on.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_main_off.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_lite_min.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_lite_ext.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_buton_activ.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_buton_activ_small.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_buton_grey.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_buton_grey_small.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_lite_tab_on.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>blue_lite_tab_off.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_mconmain.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_mdefault.tsi OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_aslistsback.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_bdlite_skin.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_popup.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_graficdisableonex.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_update_popup.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_alert_av.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_alert_reg.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_alert_asy.bmp OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_icon_min.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_icon_exit.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_tab_on.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_tab_off.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi=>(Embedded CAB)=>grey_av_on.ico OK
<System>=>C:\Documents and Settings\Laurent Gros\Local Settings\Temporary Internet Files\Content.IE5\WLE38X23\bitdefender_std_v9[1].exe (memory dump)=>(CAB Sfx r)=>bdstandard.msi
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
22 juin 2006 à 18:21
re

installe un parfeu si tu n'en as pas !

c'est pas jolie, jolie, mais on va tout faire pour ne pas formaté :)


# Désactiver la Restauration du système :

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

ensuite menage !

télécharge ceci : (
1) Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

2) Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html

tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/AdAware/AdAware.htm

3) Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

tuto : (merci à Ballatrap )
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

4) A-squared (nécessite un enregistrement gratuit en ligne pour obtenir la clé d'activation) :
https://www.emsisoft.com/fr/

5) Ewido (gratuit) :
https://www.avg.com/en-ww/free-antivirus-download

tuto : (merci à Moe) http://perso.wanadoo.fr/entraide-hijackthis/Ewido/

6) CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm


mets tout à jour,lance les scans en mode sans echec : pour cela redemarre en appuillant sur le touche F8 ou F5



et enfin reposte un nouveau hijackthis, bon courage, @+

0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
22 juin 2006 à 19:50
merci infiniment. je vais faire tout cela ce soir... trèsfatiguantvue ma souri incontrôlable... j'aurais sans doutes besoin de toi soit tard soit demain. merci de rester au contact demain. A bientôt
Par rapport à ton message, je passe régulièrement ad aware, j'ai le pare feu windows activé (même si certainement c'est une daub), j'ai spybot, ewido.... je me suis quand même bien fait éclaté pour le coup.
1000 merci encore pour ta patience avec des utilisateurs comme moi.
A+
Laurent
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
22 juin 2006 à 20:36
re

pas de soucis :)

installe un vrai parfeu comme zone alarme car celui de win ne sert pas rien !

++
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
23 juin 2006 à 09:35
Cher Green Day,
j'ai donc effectué les travaux recommandés et voici les résultats de hijackthis. Dans l'impatience de te lire, à très bientôt. Laurent

Logfile of HijackThis v1.99.1
Scan saved at 09:34:01, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\ELAN.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\upgrepl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by sunrise freesurf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://internet.sunrise.ch/de/hom/default.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{B24127A2-DC33-4365-868D-B074188589D6}: NameServer = 194.230.1.71 194.230.1.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
23 juin 2006 à 13:19
Salut

petite verification :

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

++
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
23 juin 2006 à 18:39
hello green day, heureux de te lire. ecoute, à chanque fois que j'essaie il continu de m'afficher sous dos cette fenêtre ou est écrit, fichier process.exe absent et le truc plante. t'as une idée...??
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
23 juin 2006 à 18:45
re

il faut decompresser le ficher

++
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
23 juin 2006 à 19:13
sorry, suis pas une star... comme vous...
voici le rapport:
SmitFraudFix v2.64

Rapport fait à 19:13:33,85, 23/06/2006
Executé à partir de C:\unzipped\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Laurent Gros\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LAUREN~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ed39ecef-902e-4ed1-8434-71e8db89e5ca}"="decorin"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

A te lire,
cdlt
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
23 juin 2006 à 20:57
lol

si tu as téléchargé BitDefender, déinstalle le

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

sinon, pour ma part, le reste est ok

precise tes soucis s'il en reste

++

***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
24 juin 2006 à 02:14
hello, écoute, impossible de désinstaller bitdefender! Ya pas un truc pour forcer? il me met un message d'erreur qui apparait sous la forme d'une fenêtre windows genre impossible d'accéder à windows installer.... en cherchant et en faisant un delete manuel, je trouve que c'st softwin dontil me refuse d'effacer. j'ai fermé les autres appli en cours si jamais, mais rien n'y fait...

bon sinon, j'ai refait hijack et virer les éléments comme indiqué. j'ai aussi viré les éléments liés à bitdefender du coup...

mais tu sais, ma souri déire toujours...
bon alors voici un nouveau rapport hijackthis si tu vois qqchose. merci bcp Green Day.
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
24 juin 2006 à 02:16
Logfile of HijackThis v1.99.1
Scan saved at 02:17:35, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\ELAN.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by sunrise freesurf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://internet.sunrise.ch/de/hom/default.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{B24127A2-DC33-4365-868D-B074188589D6}: NameServer = 194.230.1.103 194.230.1.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
24 juin 2006 à 12:23
hello green day, j'ai réussi à virerbirdefender. j'ai fait ce que tu m'as dit, mais ma souri malheureusement délire toujours. voici mon dernier rapport highjack. A te lire, LO

Logfile of HijackThis v1.99.1
Scan saved at 12:24:45, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\ELAN.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by sunrise freesurf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\System32\ELAN.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://internet.sunrise.ch/de/hom/default.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
O17 - HKLM\System\CCS\Services\Tcpip\..\{B24127A2-DC33-4365-868D-B074188589D6}: NameServer = 194.230.1.71 194.230.1.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
24 juin 2006 à 16:08
Salut

ok, pour moi le log est clean, pour la sourie tu peux preciser un peu le soucis stp ?

essaye ceci déjà :

vas dans panneau de configuration<système<materiel<gestionnaire des périf et là : fais un clic droit et mise à jour des pilotes de la souris

@+


0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
24 juin 2006 à 19:10
D'abord je voudrais te remercier pour ton aide précieuse sans laquelle je serai désespéré à ce jour.
J'aimerais également finir cette histoire de souris car effectivement j'utilise le pads de mon laptop et le symptome est le suivant: le pointeur a la maladie de parkinson si tu vois ce que je veux dire...
j'ai fait la mise à jour du pilote mais rien. une autre idée peut-être?

A part cela, que me recommandes-tu comme pare-feu outre celui de windows donc?

A te lire,
Cdlt
Laurent
0
laurentgros Messages postés 28 Date d'inscription mardi 20 juin 2006 Statut Membre Dernière intervention 12 octobre 2006
24 juin 2006 à 19:36
c'est marie ton vrai nom? ecoutes, j'aimerais te faire parvenir quelque chose par courrier. il me faudrait tes coordonnées entières ainsi que ton email.
Cdlt
Laurent
0
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
25 juin 2006 à 00:52
re

non, je ne m'appelle pas Marie lol

et je ne suis joignable que via le forum !

pour la souris : diminue la vitesse du pointeur

panneau de configuration < souris < options du pointeur

@+
0