Sujet Précédent Sujet Suivant

Iworm_attck

Magar Messages postés 21 Statut Membre -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention - 23 juil. 2006 à 21:44

Bonjour,
j'avais "iworm_attck_v122.02 a" et "OHPE ver 4.12_23" qui apparaissaient dans ma barre des taches.

J'ai suivi votre procédure, et je vous soumets donc les rapports d'analyse.
Je vous remercie d'avance, et vous félicite pour ce service que vous rendez aux "pieds tendres" de l'informatique.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:48:52 16/07/2006

+ Scan result:

C:\WINDOWS\system32\__delete_on_reboot__a_t_m_c_l_k_._e_x_e_ -> Downloader.Zlob.rk : No action taken.
C:\WINDOWS\system32\simpole.tlb -> Downloader.Zlob.rk : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@microsoftconsumermarketing.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ads18.bpath[2].txt -> TrackingCookie.Bpath : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ehg-apcc.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@programs.wegcash[2].txt -> TrackingCookie.Wegcash : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5064.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCFDA.tmp -> Trojan.Small : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.

::Report end

BitDefender Online Scanner
Scan report generated at: Sun, Jul 16, 2006 - 17:07:23

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics
Time 04:28:07
Files 402156
Folders 4843
Boot Sectors 3
Archives 19414
Packed Files 27719

Results
Identified Viruses 7
Infected Files 15
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 26

Engines Info
Virus Definitions 408010
Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins 13
Archive plugins 39
Unpack plugins 5
E-mail plugins 6
System plugins 1

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File Status
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02D361D1.tmp=>(Quarantine-2) Infected with: Trojan.Zlob.AG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02D361D1.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02D361D1.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03126A21.tmp=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.LN
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03126A21.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03126A21.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\290B00E7.tmp=>(Quarantine-2) Infected with: Trojan.Zlob.AG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\290B00E7.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\290B00E7.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43C97CE8.tmp=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.LN
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43C97CE8.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43C97CE8.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44425740.tmp=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.LN
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44425740.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44425740.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A58163F.tmp=>(Quarantine-2) Infected with: Trojan.Zlob.AG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A58163F.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A58163F.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\523D1B8E.exe=>(Quarantine-2) Infected with: Trojan.Zlob.AI
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\523D1B8E.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\523D1B8E.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52953C9F.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.LN
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52953C9F.exe=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52953C9F.exe=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\590B18B1.dll=>(Quarantine-2) Infected with: Trojan.Fakealert.CE
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\590B18B1.dll=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\590B18B1.dll=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\597B3398.tmp=>(Quarantine-2) Infected with: Trojan.Zlob.AG
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\597B3398.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\597B3398.tmp=>(Quarantine-2) Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64524F1C.tmp=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.LN
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64524F1C.tmp=>(Quarantine-2) Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64524F1C.tmp=>(Quarantine-2) Deleted
C:\hp\bin\Terminator.exe Infected with: Trojan.Killapp.30208.A
C:\hp\bin\Terminator.exe Disinfection failed
C:\hp\bin\Terminator.exe Deleted
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056002.exe Infected with: Trojan.Zlob.AJ
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056002.exe Disinfection failed
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056002.exe Deleted
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056006.tlb Infected with: Trojan.Zlob.AH
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056006.tlb Disinfection failed
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056006.tlb Deleted
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056009.exe Infected with: Trojan.Killapp.30208.A
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056009.exe Disinfection failed
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP459\A0056009.exe Deleted
C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\portcls.sys Clean
C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\stream.sys Clean
C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\wdmaud.drv Clean
C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\cpu.inf Clean
C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\cpu.inf=>(unicode) Clean
C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\cpu.PNF Clean
C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\processr.sys Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\hid.dll Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\hidclass.sys Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\hidparse.sys Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\hidusb.sys Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\Sai0464.cat Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\sai0464.dll Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\sai0464.inf Clean
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\sai0464.PNF Clean
C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\apcups.inf Clean
C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\apcups.PNF Clean
C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\APC_PCP1.cat Clean
C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\Sai0464.cat Clean
C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\sai0464.inf Clean
C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\sai0464.PNF Clean
C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\SaiH0464.sys Clean
C:\WINDOWS\system32\remotepg.dll Clean
C:\WINDOWS\system32\remotesp.tsp Clean
C:\WINDOWS\system32\rend.dll Clean
C:\WINDOWS\system32\REnum.exe Clean
C:\WINDOWS\system32\replace.exe Clean
C:\WINDOWS\system32\reset.exe Clean
C:\WINDOWS\system32\Restore\filelist.xml Clean
C:\WINDOWS\system32\Restore\MachineGuid.txt Clean
C:\WINDOWS\system32\Restore\MachineGuid.txt=>REMOVED_NULLS Clean
C:\WINDOWS\system32\Restore\rstrlog.dat Clean
C:\WINDOWS\system32\Restore\rstrui.exe Clean
C:\WINDOWS\system32\Restore\srdiag.exe Clean
C:\WINDOWS\system32\Restore\srframe.mmf Clean
C:\WINDOWS\system32\resutils.dll Clean
C:\WINDOWS\system32\rexec.exe Clean
C:\WINDOWS\system32\riched20.dll Clean
C:\WINDOWS\system32\riched32.dll Clean
C:\WINDOWS\system32\rmoc3260.dll Clean
C:\WINDOWS\system32\rnaph.dll Clean
C:\WINDOWS\system32\rnr20.dll Clean
C:\WINDOWS\system32\rob10_d3d.dll Clean
C:\WINDOWS\system32\rob10_d3dCaps.dll Clean
C:\WINDOWS\system32\rob10_gl.dll Clean
C:\WINDOWS\system32\rob10_none.dll Clean
C:\WINDOWS\system32\rob10_tess.dll Clean
C:\WINDOWS\system32\rob10_util.dll Clean
C:\WINDOWS\system32\route.exe Clean
C:\WINDOWS\system32\routemon.exe Clean
C:\WINDOWS\system32\routetab.dll Clean
C:\WINDOWS\system32\rpcns4.dll Clean
C:\WINDOWS\system32\rpcrt4.dll Clean
C:\WINDOWS\system32\rpcss.dll Clean
C:\WINDOWS\system32\rsaci.rat Clean
C:\WINDOWS\system32\rsaenh.dll Clean
C:\WINDOWS\system32\rsh.exe Clean
C:\WINDOWS\system32\rshx32.dll Clean
C:\WINDOWS\system32\rsm.exe Clean
C:\WINDOWS\system32\rsmps.dll Clean
C:\WINDOWS\system32\rsmsink.exe Clean
C:\WINDOWS\system32\rsmui.exe Clean
C:\WINDOWS\system32\rsvp.exe Clean
C:\WINDOWS\system32\rsvp.ini Clean
C:\WINDOWS\system32\rsvpcnts.h Clean
C:\WINDOWS\system32\rsvpmsg.dll Clean
C:\WINDOWS\system32\rsvpperf.dll Clean
C:\WINDOWS\system32\rsvpsp.dll Clean
C:\WINDOWS\system32\rtcshare.exe Clean
C:\WINDOWS\system32\rtipxmib.dll Clean

Logfile of HijackThis v1.99.1
Scan saved at 17:26:07, on 16/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ups.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://customer.symantec.com/cgi-bin/privacy.pl?Country=FR&ISOLang=FR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/030aae9615bd98c3df06/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Afficher la suite

42 réponses

Réponse 21 / 42

Magar Messages postés 21 Statut Membre

Rebonjour Lyonnais92, bonjour Régis59,

voici le rapport HijackThis, avec mes excuses:

Logfile of HijackThis v1.99.1
Scan saved at 14:54:44, on 20/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ups.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://customer.symantec.com/cgi-bin/privacy.pl?Country=FR&ISOLang=FR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/030aae9615bd98c3df06/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B845702B-4AB1-47FD-9E27-34F7971AD677}: NameServer = 80.10.246.5 80.10.246.136
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Sinon, pour ce qui est du fonctionnement du PC, j'avais déjà constaté une amélioration après avoir exécuté la procédure initiale, et depuis, tout ce qu'on a fait m'a encore fait gagner de la vitesse, il me semble bien (je n'ai pas assez "surfé" pour m'en rendre vraiment compte).

Les seuls petits problèmes, je les ai eu après le démarrage en mode normal qui a suivi le démarrage en mode sans échec:
-Changement de la page de démarrage (MSN messenger (ou windows messenger?) au lieu de la page d'acceuil Wanadoo).
-Remplacement du papier peint par le fond bleu, sur le bureau.
Mais ça ne doit pas être très grave, et de toute façon, c'est résolu.

Par contre, j'ai scanné le PC avec le shareware XoftSpy; et il a trouvé ce qui suit:
-Le rapport est plutôt "fouilli", alors pour résumer, il y a un "Smitfraud" (type: Regitry key), et un "Central-24 Dialer (type: Folder), plus quatre cookies.

<?xml version = "1.0"?>
<Session START = "20 Jul 06 14:39:12" END = "20 Jul 06 14:39:12">
<Information Version = "4.22" DatabaseVersion = "193" DataBaseDate = "2006/07/13"/>
<Information OS = "Win XP"/>
<Information ServicePack = "Service Pack 2"/>
<Information WorkingDirectory = "C:\Program Files\XoftSpy\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "OFF"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information Option = "Automatic Database Update" State = "ON"/>
<Information Option = "Automatic Program Update" State = "ON"/>
<Information Option = "Automatic Removal" State = "OFF"/>
<Information Option = "Exit When Finished" State = "OFF"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "NVIEW" Data = "rundll32.exe nview.dll,nViewLoadHook"/>
<Information Value = "MoneyAgent" Data = "c:\Program Files\Microsoft Money\System\mnyexpr.exe" MD5 = "e289b9f8721d0bcc4117c4cc973c75ee" Path = ""/>
<Information Value = "MSMSGS" Data = "C:\Program Files\Messenger\msmsgs.exe /background" MD5 = "74e6e96c6f0e2eca4edbb7f7a468f259" Path = ""/>
<Information Value = "ctfmon.exe" Data = "C:\WINDOWS\system32\ctfmon.exe" MD5 = "64e41e8fee655b03e3f19ded21ba5118" Path = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "hpsysdrv" Data = "c:\windows\system\hpsysdrv.exe" MD5 = "06a1ecb63df139ec639e084d4ab3c9d7" Path = ""/>
<Information Value = "ATIModeChange" Data = "Ati2mdxx.exe" MD5 = "fae95d6d7651b5629c4e19adbc9a3863" Path = "C:\WINDOWS\system32\Ati2mdxx.exe"/>
<Information Value = "KBD" Data = "C:\HP\KBD\KBD.EXE" MD5 = "4a95f15b706b8fd9ec8715b6401eab7b" Path = ""/>
<Information Value = "StorageGuard" Data = "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe /r" MD5 = "4d04efdcb8548fdb3b29ab9154480b7b" Path = ""/>
<Information Value = "Recguard" Data = "C:\WINDOWS\SMINST\RECGUARD.EXE" MD5 = "d3cc7a3813123e955b3a497c04b404e2" Path = ""/>
<Information Value = "HotKeysCmds" Data = "C:\WINDOWS\System32\hkcmd.exe" MD5 = "4ec9b66aa45683b89d58c3b2c3e64e49" Path = ""/>
<Information Value = "ccApp" Data = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" MD5 = "8c5d5b71e4e8a1fb8f1fa6cc57fe411e" Path = ""/>
<Information Value = "NvCplDaemon" Data = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"/>
<Information Value = "nwiz" Data = "nwiz.exe /installquiet /keeploaded /nodetect"/>
<Information Value = "ATIPTA" Data = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" MD5 = "8d8bd6155a97aeac818bddd70c1fbc8e" Path = ""/>
<Information Value = "ShowShifter TVTV EPG Daemon" Data = "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe" MD5 = "edad476c9ab682e26ebb8e5c3621d448" Path = ""/>
<Information Value = "PS2" Data = "C:\WINDOWS\system32\ps2.exe" MD5 = "c4c523e78774e05d06efe3e10017cf6d" Path = ""/>
<Information Value = "Microsoft Works Update Detection" Data = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" MD5 = "7ebfae0a6d73d2d9c9a970a80935fd8f" Path = ""/>
<Information Value = "HPDJ Taskbar Utility" Data = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" MD5 = "efa425c96f30751fcd79d7787fe4b075" Path = ""/>
<Information Value = "HP Software Update" Data = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" MD5 = "821f73b833c4daebc33c1a9a4b16bb5a" Path = ""/>
<Information Value = "DeviceDiscovery" Data = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" MD5 = "7d750887e39563620bc5f057295a501d" Path = ""/>
<Information Value = "AlcxMonitor" Data = "ALCXMNTR.EXE"/>
<Information Value = "WooCnxMon" Data = "C:\PROGRA~1\Wanadoo\CnxMon.exe" MD5 = "92b7b96a77d5feef8f2bacc1278ebc9f" Path = ""/>
<Information Value = "MessagerStarter Wanadoo" Data = "C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo" MD5 = "2aafe1a08ea95e9e6730968a87ccc901" Path = ""/>
<Information Value = "WOOWATCH" Data = "C:\PROGRA~1\Wanadoo\Watch.exe" MD5 = "05f92e4e352a674662e357819a34047c" Path = ""/>
<Information Value = "WOOTASKBARICON" Data = "C:\Program Files\Wanadoo\taskbaricon.exe" MD5 = "2e4d2ce113a106aee640d5960f8e07e2" Path = ""/>
<Information Value = "QuickTime Task" Data = "C:\Program Files\QuickTime\qttask.exe -atboottime" MD5 = "76a3a30b58405c2c6d833895253a51a9" Path = ""/>
<Information Value = "Symantec NetDriver Monitor" Data = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" MD5 = "ee77f6613cef0f7a118d8b14a630c919" Path = ""/>
<Information Value = "REGSHAVE" Data = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" MD5 = "552e9ca7b91120fb7d49cd5c10018dc3" Path = ""/>
<Information Value = "Profiler" Data = "C:\Program Files\Saitek\Software\Profiler.exe" MD5 = "58d46a5defd57285ade9765d3690d258" Path = ""/>
<Information Value = "SaiSmart" Data = "C:\Program Files\Saitek\Software\SaiSmart.exe" MD5 = "4136c54ac91ccc9b104bf74ba5f03078" Path = ""/>
<Information Value = "TkBellExe" Data = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot" MD5 = "f9b47f830dd55fedd6ef27d063c29a42" Path = ""/>
<Information Value = "!ewido" Data = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe /minimized" MD5 = "10c40f37ac87a18f624143d4fe6e8dec" Path = ""/>
<Information Value = "Windows Defender" Data = "C:\Program Files\Windows Defender\MSASCui.exe -hide" MD5 = "3207bba7a51043ff2c5d64df4c3b6310" Path = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"/>
<Information Value = "Userinit" Data = "C:\WINDOWS\system32\userinit.exe,"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon"/>
<Information Value = "Shell" Data = "Explorer.exe"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "load" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "AppInit_DLLs" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"/>
<Information Value = "PostBootReminder" Data = "{7849596a-48ea-486e-8937-a2a3009f31a9}"/>
<Information Value = "CDBurn" Data = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"/>
<Information Value = "WebCheck" Data = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"/>
<Information Value = "SysTray" Data = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler"/>
<Information Value = "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" Data = "Pré-chargeur Browseui"/>
<Information Value = "{8C7461EF-2B13-11d2-BE35-3078302C2030}" Data = "Démon de cache des catégories de composant"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\OLE"/>
<Information Value = "DefaultLaunchPermission" Data = ""/>
<Information Value = "EnableDCOM" Data = "Y"/>
<Information Value = "MachineLaunchRestriction" Data = ""/>
<Information Value = "MachineAccessRestriction" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "NoJITSetup" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Do404Search" Data = ""/>
<Information Value = "Local Page" Data = "C:\windows\system32\blank.htm"/>
<Information Value = "Search Page" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Use Custom Search URL" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "Window_Placement" Data = ""/>
<Information Value = "AddToFavoritesExpanded" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "HistoryViewType" Data = ""/>
<Information Value = "Show image placeholders" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "UseThemes" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NoWebJITSetup" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "Page_Transitions" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NscSingleExpand" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Force Offscreen Composition" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "AllowWindowReuse" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "SmoothScroll" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "AutoSearch" Data = "(DWORD) 0x4 0 0 0"/>
<Information Value = "LastCheckedHi" Data = "(DWORD) 0x46 95 c6 1"/>
<Information Value = "Start Page" Data = "https://www.orange.fr/portail"/>
<Information Value = "Window Title" Data = "Wanadoo"/>
<Information Value = "HistoryTopNSitesView" Data = "(DWORD) 0x14 0 0 0"/>
<Information Value = "StatusBarOther" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "StatusBarWeb" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "First Home Page" Data = "http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Search Page" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Cache_Percent_of_Disk" Data = ""/>
<Information Value = "Local Page" Data = "C:\windows\system32\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Start Page" Data = "http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"/>
<Information Value = "CompanyName" Data = "Microsoft Corporation"/>
<Information Value = "Custom_Key" Data = "MICROSO"/>
<Information Value = "Wizard_Version" Data = "6.00.2800.1017"/>
<Information Value = "BigBitmap" Data = "C:\PROGRA~1\Wanadoo\static38.bmp" MD5 = "48e5621858b3aa95a091346a1683303e" Path = ""/>
<Information Value = "SmallBitmap" Data = "C:\PROGRA~1\Wanadoo\static22.bmp" MD5 = "c11464e8d029b5885b4cb505b16fcb27" Path = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"/>
<Information Value = "CustomizeSearch" Data = "https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\SearchURL"/>
<Information Value = "provider" Data = "yaho"/>
<Information Value = "" Data = "http://home.microsoft.com/access/autosearch.asp?p=%s"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" Data = ""/>
<Information Value = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Toolbar"/>
<Information Value = "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Data = ""/>
<Information Value = "{C4069E3A-68F1-403E-B40E-20066696354B}" Data = "Norton AntiVirus"/>
<Information Value = "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" Data = ""/>
<Information Value = "{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" Data = "Norton Personal Firewall 2006"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Toolbar"/>
<Information Value = "LinksFolderName" Data = "Liens"/>
<Information Value = "Locked" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "{1E796980-9CC5-11D1-A83F-00C04FC99D61}" Data = ""/>
<Information Value = "BrandBitmap" Data = "C:\PROGRA~1\Wanadoo\ani38.bmp" MD5 = "d85088f3338ecb2891e42b56c71b28bb" Path = ""/>
<Information Value = "SmBrandBitmap" Data = "C:\PROGRA~1\Wanadoo\ani22.bmp" MD5 = "49df66fd8845ff800094e862435ab278" Path = ""/>
<Information Value = "BigBitmap" Data = "C:\PROGRA~1\Wanadoo\static38.bmp" MD5 = "48e5621858b3aa95a091346a1683303e" Path = ""/>
<Information Value = "SmallBitmap" Data = "C:\PROGRA~1\Wanadoo\static22.bmp" MD5 = "c11464e8d029b5885b4cb505b16fcb27" Path = ""/>
<Information Value = "smBrandHeight" Data = "(DWORD) 0x16 0 0 0"/>
<Information Value = "BrandHeight" Data = "(DWORD) 0x26 0 0 0"/>
<Information Value = "Theater" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\exefile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\comfile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\batfile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\piffile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\scrfile\shell\open\command"/>
<Information Value = "" Data = "%1 /S"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\htafile\shell\open\command"/>
<Information Value = "" Data = "C:\WINDOWS\System32\mshta.exe %1 %*" MD5 = "a0565a0bba980f09406ed1a5930f0e8e" Path = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"/>
<Information Value = "ProxyEnable" Data = "(DWORD) 0 0 0 0"/>
<Information Directory = "C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\*" Program = "desktop.ini" MD5 = "d6a6856702e3f0953e7246a9b4a9fe35" />
<Information Directory = "C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\*" Program = "PowerReg Scheduler.exe" MD5 = "748492545412b161e3b1fd4d1b40f620" />
<Information Directory = "C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\*" Program = "wkcalrem.LNK" LinkFile = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe" MD5 = "1828f1775691d7ac520299739b52d82b"/>
<Information Directory = "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*" Program = "APC UPS Status.lnk" LinkFile = "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" MD5 = "0b81aff779a259847351dfe2c9856785"/>
<Information Directory = "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*" Program = "desktop.ini" MD5 = "d6a6856702e3f0953e7246a9b4a9fe35" />
<Information Directory = "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*" Program = "Hyperappel de l'Encyclopédie Universelle Larousse.lnk" LinkFile = "C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe" MD5 = "37f10b63abbc2165eff9145a24f8081d"/>
<Information Directory = "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*" Program = "Lancement rapide d'Adobe Reader.lnk" LinkFile = "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" MD5 = "43362b96870ce8649f4f2ec893da93f0"/>
<Scanning TIME = "20 Jul 06 14:39:12">
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "63dcde1a0d86eeb8924d6738ff616ead"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "259af82a0932eea4f316f92db94707b6"/>
<PROCESS NAME = "C:\WINDOWS\System32\Ati2evxx.exe" MD5 = "c8a62f6c8040a06423844464edbb9703"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "2979b03d5382a602623c0535b16ab9c0"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "2979b03d5382a602623c0535b16ab9c0"/>
<PROCESS NAME = "C:\Program Files\Windows Defender\MsMpEng.exe" MD5 = "e7e81c6bcd697f5921df6d6781d2673d"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "2979b03d5382a602623c0535b16ab9c0"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "2979b03d5382a602623c0535b16ab9c0"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "2979b03d5382a602623c0535b16ab9c0"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe" MD5 = "92c27887787e637185fec2ee43da390f"/>
<PROCESS NAME = "C:\WINDOWS\system32\Ati2evxx.exe" MD5 = "c8a62f6c8040a06423844464edbb9703"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "2a7bd330924252a2fd80344fc949bb72"/>
<PROCESS NAME = "c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe" MD5 = "ff7daa264887e850abfdb8167a8685c9"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe" MD5 = "5d1e394ca7dd217580c15f2a34609224"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" MD5 = "ca9d4b6a5631ea958ffa843e2c6d37e5"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe" MD5 = "1567d41313bb856fe150cf6decc80174"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" MD5 = "2dcef866d958573de3d9960cd72e9a0c"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "da81ec57acd4cdc3d4c51cf3d409af9f"/>
<PROCESS NAME = "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" MD5 = "dc45ab27932447b598848b10650313c5"/>
<PROCESS NAME = "C:\Program Files\ewido anti-spyware 4.0\guard.exe" MD5 = "f8d982556a9e0795829632ff0812dc2d"/>
<PROCESS NAME = "C:\Program Files\Norton AntiVirus\navapsvc.exe" MD5 = "0b9744394fa53c720bce0d0de96070e7"/>
<PROCESS NAME = "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" MD5 = "a97a484576eeec8d99031bc340ab8f15"/>
<PROCESS NAME = "C:\WINDOWS\System32\wdfmgr.exe" MD5 = "c81b8635dee0d3ef5f64b3dd643023a5"/>
<PROCESS NAME = "C:\WINDOWS\System32\ups.exe" MD5 = "394c9b28c1a97e1ae0421be88ddac102"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 = "b43cc0f07752d456038cd0268e4d84e9"/>
<PROCESS NAME = "C:\windows\system\hpsysdrv.exe" MD5 = "06a1ecb63df139ec639e084d4ab3c9d7"/>
<PROCESS NAME = "C:\HP\KBD\KBD.EXE" MD5 = "4a95f15b706b8fd9ec8715b6401eab7b"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" MD5 = "8c5d5b71e4e8a1fb8f1fa6cc57fe411e"/>
<PROCESS NAME = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" MD5 = "8d8bd6155a97aeac818bddd70c1fbc8e"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" MD5 = "7ebfae0a6d73d2d9c9a970a80935fd8f"/>
<PROCESS NAME = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" MD5 = "efa425c96f30751fcd79d7787fe4b075"/>
<PROCESS NAME = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" MD5 = "821f73b833c4daebc33c1a9a4b16bb5a"/>
<PROCESS NAME = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" MD5 = "7d750887e39563620bc5f057295a501d"/>
<PROCESS NAME = "C:\PROGRA~1\Wanadoo\CnxMon.exe" MD5 = "92b7b96a77d5feef8f2bacc1278ebc9f"/>
<PROCESS NAME = "C:\PROGRA~1\MESSAG~1\StartMessager.exe" MD5 = "2aafe1a08ea95e9e6730968a87ccc901"/>
<PROCESS NAME = "C:\Program Files\Wanadoo\taskbaricon.exe" MD5 = "2e4d2ce113a106aee640d5960f8e07e2"/>
<PROCESS NAME = "C:\Program Files\QuickTime\qttask.exe" MD5 = "76a3a30b58405c2c6d833895253a51a9"/>
<PROCESS NAME = "C:\Program Files\Saitek\Software\Profiler.exe" MD5 = "58d46a5defd57285ade9765d3690d258"/>
<PROCESS NAME = "C:\Program Files\Saitek\Software\SaiSmart.exe" MD5 = "4136c54ac91ccc9b104bf74ba5f03078"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" MD5 = "f9b47f830dd55fedd6ef27d063c29a42"/>
<PROCESS NAME = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" MD5 = "10c40f37ac87a18f624143d4fe6e8dec"/>
<PROCESS NAME = "C:\Program Files\Windows Defender\MSASCui.exe" MD5 = "3207bba7a51043ff2c5d64df4c3b6310"/>
<PROCESS NAME = "C:\Program Files\Messenger\msmsgs.exe" MD5 = "74e6e96c6f0e2eca4edbb7f7a468f259"/>
<PROCESS NAME = "C:\WINDOWS\system32\ctfmon.exe" MD5 = "64e41e8fee655b03e3f19ded21ba5118"/>
<PROCESS NAME = "C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe" MD5 = "37f10b63abbc2165eff9145a24f8081d"/>
<PROCESS NAME = "C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE" MD5 = "47e0207bf8db5413959a8bf88098ca04"/>
<PROCESS NAME = "C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe" MD5 = "a9a5cdfda52257db4488f457c3f4022a"/>
<PROCESS NAME = "C:\Program Files\XoftSpy\XoftSpy.exe" MD5 = "f00dd2fc9e61d5a09f65777a4a7003f3"/>
<ScanningRegKeys>
</SW>
<SW NAME = "Smitfraud">
<REGKEYFOUND NAME = "software\microsoft\windows\currentversion\explorer\browser helper objecta"/>
<REGKEY NAME = "Smitfraud software\microsoft\windows\currentversion\explorer\browser helper objecta"/>
</ScanningRegKeys>
<ScanningRegValues>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<FILE PATH = "2o7.net Cookie C:\Documents and Settings\Propriétaire\Cookies\propriétaire@microsofteup.112.2o7[1].txt"/>
<FILE PATH = "C:\Documents and Settings\Propriétaire\Cookies\propriétaire@microsofteup.112.2o7[1].txt"/>
<FILE PATH = "2o7.net Cookie C:\Documents and Settings\Propriétaire\Cookies\propriétaire@msnportal.112.2o7[1].txt"/>
<FILE PATH = "C:\Documents and Settings\Propriétaire\Cookies\propriétaire@msnportal.112.2o7[1].txt"/>
<FILE PATH = "real cookie C:\Documents and Settings\Propriétaire\Cookies\propriétaire@realguide.real[2].txt"/>
<FILE PATH = "C:\Documents and Settings\Propriétaire\Cookies\propriétaire@realguide.real[2].txt"/>
<FILE PATH = "weborama cookie C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[2].txt"/>
<FILE PATH = "C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[2].txt"/>
<FOLDER PATH = "Central-24 Dialer C:\Program Files\dialers"/>
</Scanning>

Réponse 22 / 42

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

je vois encore la
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE à fixer ainsi que la O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file).

Pour XoftSpy, il a fait partie des "rogues", ces logiciels qui, au mieux, ajoutent des faux positifs pour se vendre, au pire sont carrément des malwares eux même. Je ne le trouve plus aujourd'hui dans cette liste. Ils ont du améliorer le produit et changer de politique commerciale. Tu as une version d'évaluation ? Car, à ma connaissance (Google), il est payant.

Ceux qui sont cités ici
securite proteger un ordinateur contre les malwares d internet
sont très bons. Mais on est dans le domaine du conseil. Je pense que Regis59 te donnera aussi son avis (meilleur que le mien).

@+

Réponse 23 / 42

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salute les amis

Oui fixe les et supprime ceci:
C:\WINDOWS\ALCXMNTR.EXE

Sinon comme anti spy, gardes ceux la:
spybot
ad aware
windows defender.

a+

Réponse 24 / 42

Magar Messages postés 21 Statut Membre

Voici le log d'après les deux nouvelles suppressions:

Logfile of HijackThis v1.99.1
Scan saved at 20:01:55, on 20/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ups.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://customer.symantec.com/cgi-bin/privacy.pl?Country=FR&ISOLang=FR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/030aae9615bd98c3df06/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B845702B-4AB1-47FD-9E27-34F7971AD677}: NameServer = 80.10.246.5 80.10.246.136
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Lyonnais92:

Pour XoftSpy, c'est une version gratuite de découverte du logiciel, mais qui ne comporte pas toutes les fonctionnalités (en l'occurence, il ne peut pas supprimer les menaces).
Si je ne me trompe, c'est ce qu'on appelle un: "shareware".
D'autres sharewares fonctionnent entièrement, mais pendant une durée limitée.

Régis59:

Pour supprimer ce que tu me dis, je vais carrément dans C:\WINDOWS\, je sélectionne ALCXMNTR.EXE et je le supprime?

A plus.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 42

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut

Oui c est bien cela pour la question que tu me poses.
Clik droit dessu < supprimer

Vide ensuite ta corbeille.

A+

Réponse 26 / 42

Magar Messages postés 21 Statut Membre

Salut Regis59

En lançant Windows explorer, j'ai trouvé "ALCXMNTR.EXE-30324980.pf" dans le dossier "C:\WINDOWS\Prefetch".
Je l'ai supprimé; c'était bien celui-ci?

Mais il reste encore ALCXMNTR dans:

C:\WINDOWS
C:\WINDOWS\system32\DRVSTORE\DFx.DriverAssembly...
C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles

A plus.

PS: Je n'ai pas encore vidé la corbeille, au cas où...

Réponse 27 / 42

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonjour,

Pas de souci pour le fichier de preftech (c'est un des dossiers qu'il faut nettoyer régulièrement);

Les trois que tu trouves ont la même taille ? (et est ce que ce sont des fichiers .exe ?).

Celui à détruire de préférence est celui de c:\windows;

Si tu as un doute, tu peux faire ceci : tu ouvres un dossier zip et tu y places le fichier. Il est devenu inactif mais, si tu en as besoin, tu dezippes.

Le fichier Alc... est un spyware de la société realtech qui informe cette société de la manière dont tu utilises ses produits. D'où les opinions controversées que l'on peut trouver sur le bien fondé de cet "espionnage". Pour ma part, je le détruirai sans scrupule.

@+

Réponse 28 / 42

Magar Messages postés 21 Statut Membre

Bonjour Lyonnais92,

Pour le "Preftech", si on ne le vide pas régulièrement, l'inconvénient est-il seulement un ralentissement du système et/ou un encombrement inutile de la mémoire ?

Oui, les trois ont la même taille (49 Ko), ce sont des applications, ils n'ont pas d'extension, mais ils ont une icône (un crabe bleu).

Je vais envoyer celui de "C:\windows" à la corbeille.

Comment crée-t-on un dossier zip ?

A plus.

Réponse 29 / 42

Magar Messages postés 21 Statut Membre

...

C'est pas la peine de m'expliquer pour le dossier zip, je viens de trouver.

A plus.

Réponse 30 / 42

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

Pour Preftech, je te réponds ce soir. Il faut que je fasse des recherches. En plus, il y a un fichier à conserver.

Pour le zip, Pour ma part, je fais click droit sur le fichier et Windows me propose de le zipper. T choisis ajouter au zip et une boite de dialogue va s'ouvrir te demandant le nom du zip, ... Tu renseignes (et tu n'oublies pas le nom et l'emplacement en cas de besoin !!!).

Si tes fichiers n'ont pas de nom d'extension, cela signifie que tu as coché l'option "ne pas afficher l'extension des fichiers dont l'extension est connu". Le risque c'est de confondre a.jpg et a.jpg.exe (une image et un programme !!)

Pour corriger (merci regis59) :

Affiches tous les fichiers et dossiers :
cliques sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
.....

Décoches « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et « appliquer »

Réponse 31 / 42

Magar Messages postés 21 Statut Membre

Re.

J'ai fait la manipulation; c'était des fichiers ".EXE".

Dois-je restaurer le fichier "ALCXMNTR.EXE-30324980.pf" (message 29) ?

Pour faire un petit bilan, maintenant il reste:

-Un "ALCXMNTR.EXE" dans "C:\WINDOWS\system32\DRVSTORE\DFx.DriverAssembly..."

-Un "ALCXMNTR.EXE" dans "C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles ".

A plus.

Réponse 32 / 42

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

Oublie le fichier dans prefetch. Le seul risque, c'est qu'il revienne tout seul (lol).

Pour le reste, reboot le pc, repasse un Hijackthis et post le log.

Ca me permettra de voir si ALCXMNTR revient ou non et ça te permettra de voir comme ton pc se comporte (tu ajoutes ça au log, s'il est lent, normal, ...). Merci.

S'il revient, pas de panique, on les éradiquera tous les 3 ensemble.

@+

Réponse 33 / 42

Magar Messages postés 21 Statut Membre

Re,

"...reboot le pc...". C'est quoi, comment on fait ?

A plus.

Réponse 34 / 42

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

Toutes mes excuses, en français c'est beaucoup plus compréhensible.

"Tu fermes le pc et tu le redémarres normalement."

Le reste sans changeemnt lol.

A bientôt.

Réponse 35 / 42

Magar Messages postés 21 Statut Membre

Re,

Voici le log:

Logfile of HijackThis v1.99.1
Scan saved at 20:41:47, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ups.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://customer.symantec.com/cgi-bin/privacy.pl?Country=FR&ISOLang=FR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/030aae9615bd98c3df06/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Pour la vitesse, je dirais plus lent, notament le scan automatique Norton.

A plus.

Réponse 36 / 42

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonsoir,

Et bien je crois qu'on en voit la fin.

Ton log me semble clean.

Ensuite, le fichier à conserver dans les dossiers prefetch, c'est layout.ini.

Pour la vitesse, tu touveras d'excellentes suggestions ici :
windows xp mon pc rame que faire .

La suppression des fichiers inutiles, le nettoyage de la base de regsitre et la défragmentation du (ou des) disques dur(s) s'imposent. Pour la défragmentation, plutôt en mode sans échec. La défragmentation en dernier.

Voila, bonne suite, bon surf et encore à disposition (ou quelqu'un d'autre ) si besoin.
PS et remerciements à Regis59 pour ses précieux conseils

Ca s'écrit 10 + 10 = 100 et ça s'énonce deux plus deux égal quatre.

Réponse 37 / 42

Magar Messages postés 21 Statut Membre

Bonjour Lyonnais92,

Nettoyage de la base de registre ? Où ? Comment ? :-)

J'ai un petit problème en démarrage en mode sans échec: Le bureau apparait décallé en bas et à gauche (la colonne de gauche des icônes et la barre des tâches sont masquées).

A plus.

Réponse 38 / 42

Magar Messages postés 21 Statut Membre

...

Pour la base de registre, je viens de voir que c'est expliqué dans le lien que tu m'as donné: Je pense pouvoir m'en tirer.

A plus.

Réponse 39 / 42

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonjour,

Pour le nettoyage de registre, pas de raisons que tu n'y arrives pas.

Si nécessaire, on est là.

Poue le mode sans échec, je pense que c'est un simple problème de gros écart entre la résolution d'écran du mode sans échec et celle que tu utilises habituellement.

Si tu arrives à accéder aux programmes utile en sans échec, laisse comme ça.

@+

Réponse 40 / 42

Magar Messages postés 21 Statut Membre

Bonsoir,

Bon, d'accord; alors je vous dis un grand: "merci", à Regis59 et à toi.

A une prochaine fois peut-être.

Iworm_attck

42 réponses

Votre réponse

Newsletters