[Dialer] Programme indésirable

Altäriel Messages postés 43 Statut Membre -  
Kristopher Messages postés 3752 Statut Contributeur -
Bonjour,
depuis peu, un programme se lance, et fait apparaitre une fenêtre nommée " Dialer ", et me dit ( en Italien ): " la connexion est impossible, le programme va être arrêté ".

Je vous donne un rapport HiJackThis :

Logfile of HijackThis v1.99.1
Scan saved at 10:22:40, on 24/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
C:\Program Files\a?sembly\w?auboot.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\TEMP\win5D50.tmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\your user name\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
O4 - HKCU\..\Run: [Tos] C:\Program Files\a?sembly\w?auboot.exe
O4 - Startup: Moniteur & Configuration.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

Voilà, merci de me venir en aide :)
A+

20 réponses

  1. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Hello

    1/ Si tu n'en n'as pas, télécharge absolument un firewall.
    Par exemple, Sunbelt Kerio Personal Firewall : https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
    Tutorial là : https://forums.cnetfrance.fr

    2/ Télécharge et nettoie ton PC avec CCLEANER :

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
    Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).

    3/ Lance Ewido et mets le logiciel à jour (clique sur "Start update").
    Effectue un scan complet du PC (choisis "Complete System Scan").
    Copie/colle le rapport

    4/ Scanne ton PC avec cet antivirus en ligne :
    https://www.bitdefender.com/toolbox/
    Clique sur "I Agree" et scanne tout le PC.
    Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
    Copie/colle le rapport sur le forum.

    5/ Remets un nouveau log HijackThis.

    Courage, Kristopher
    0
  2. Altäriel Messages postés 43 Statut Membre
     
    Re, voivi les rapport :

    Ewido :

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 16:56:36 24/08/2006

    + Scan result:

    HKU\S-1-5-21-1708537768-1644491937-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1708537768-1644491937-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
    C:\Program Files\aѕsembly\wυauboot.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mmc.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    [2424] C:\Program Files\aѕsembly\wυauboot.exe -> Adware.PurityScan : Error during cleaning.
    :mozilla.12:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.13:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.9:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.11:C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\your user name\Cookies\your user name@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

    ::Report end

    *****
    Bit defender :

    Statistics

    Time

    00:58:39

    Files

    296129

    Folders

    3962

    Boot Sectors

    2

    Archives

    1851

    Packed Files

    43388

    Results

    Identified Viruses

    21

    Infected Files

    66

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    64

    Engines Info

    Virus Definitions

    450539

    Engine build

    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins

    13

    Archive plugins

    39

    Unpack plugins

    5

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe

    Infected with: Trojan.PornDialer.K

    C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe

    Disinfection failed

    C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\BOYQFANL\srvagp[1].exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075245.dll

    Infected with: Trojan.Zlob.AZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075245.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP290\A0075246.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075319.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075320.dll

    Infected with: Trojan.Zlob.AZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP291\A0075320.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075680.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075681.dll

    Infected with: Trojan.Zlob.AZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0075681.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076625.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076626.dll

    Infected with: Trojan.Zlob.AZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076626.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe

    Infected with: Trojan.CLSpring.BD

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0076641.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077624.dll

    Infected with: Trojan.Zlob.AZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077624.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077625.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077641.dll

    Infected with: Trojan.Zlob.AZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077641.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077642.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe

    Infected with: Trojan.Zlob.AZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077647.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe

    Infected with: Trojan.Agent.TC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP293\A0077648.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077666.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll

    Infected with: Trojan.Downloader.Zlob.ZC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077667.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077717.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll

    Infected with: Trojan.Downloader.Zlob.ZC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077718.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077731.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll

    Infected with: Trojan.Downloader.Zlob.ZC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077732.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077743.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll

    Infected with: Trojan.Downloader.Zlob.ZC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP295\A0077744.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077811.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll

    Infected with: Trojan.Downloader.Zlob.ZC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP296\A0077812.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077974.exe

    Infected with: Trojan.Zlob.BA

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077974.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe

    Infected with: Trojan.Downloader.Zlob.ZC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077975.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll

    Infected with: Trojan.Downloader.Zlob.ZC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077976.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077981.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP297\A0077982.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078001.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078002.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078009.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe

    Infected with: Trojan.Downloader.Zlob.QF

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078010.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe

    Infected with: Trojan.Downloader.Zlob.SV

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078011.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe

    Infected with: Trojan.Downloader.Zlob.SZD

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078012.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP298\A0078013.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe

    Infected with: Trojan.Starter.V

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078155.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe

    Infected with: Trojan.Downloader.Purityscan.CO

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078156.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll

    Infected with: Trojan.FakeAlert.CO

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078157.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe

    Infected with: Trojan.Downloader.Purityscan.CO

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP299\A0078185.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe

    Infected with: Trojan.Downloader.Purityscan.CO

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP301\A0078798.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081198.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081199.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe

    Infected with: Trojan.Downloader.Zlob.TZ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081203.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081205.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll

    Infected with: Trojan.Agent.TH

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081206.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat

    Detected with: Adware.Safetybar.B

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081207.bat

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081212.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081213.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081221.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081222.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe

    Infected with: Generic.Zlob.268C7CBC

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081228.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081229.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe

    Infected with: Trojan.Agent.Zlob.G

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081230.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081231.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll

    Infected with: Trojan.Zlob.Gen

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP308\A0081232.dll

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat

    Detected with: Adware.Safetybar.B

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP309\A0081296.bat

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe

    Detected with: Adware.PurityScan.D

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP316\A0081544.exe

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe

    Infected with: Trojan.Downloader.Purityscan.CQ

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP325\A0084853.exe

    Deleted

    C:\WINDOWS\Temp\idd5FCE.tmp.exe

    Infected with: Trojan.PornDialer.K

    C:\WINDOWS\Temp\idd5FCE.tmp.exe

    Disinfection failed

    C:\WINDOWS\Temp\idd5FCE.tmp.exe

    Deleted

    C:\WINDOWS\Temp\idd6268.tmp.exe

    Infected with: Trojan.PornDialer.K

    C:\WINDOWS\Temp\idd6268.tmp.exe

    Disinfection failed

    C:\WINDOWS\Temp\idd6268.tmp.exe

    Delete failed

    C:\WINDOWS\Temp\win5FCD.tmp.exe

    Infected with: Trojan.PornDialer.K

    C:\WINDOWS\Temp\win5FCD.tmp.exe

    Disinfection failed

    C:\WINDOWS\Temp\win5FCD.tmp.exe

    Deleted

    C:\WINDOWS\Temp\win5FD5.tmp.exe

    Infected with: Trojan.Downloader.Agent.XXX

    C:\WINDOWS\Temp\win5FD5.tmp.exe

    Disinfection failed

    C:\WINDOWS\Temp\win5FD5.tmp.exe

    Deleted

    C:\WINDOWS\Temp\win6267.tmp.exe

    Infected with: Trojan.PornDialer.K

    C:\WINDOWS\Temp\win6267.tmp.exe

    Disinfection failed

    C:\WINDOWS\Temp\win6267.tmp.exe

    Delete failed

    ******
    Et Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 18:03:21, on 24/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wlancfg.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\??mbols\?hkdsk.exe
    C:\WINDOWS\TEMP\win6267.tmp.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\your user name\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
    O4 - HKCU\..\Run: [Uhepsde] C:\WINDOWS\system32\??mbols\?hkdsk.exe
    O4 - Startup: Moniteur & Configuration.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
    O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

    Voilà, pour le firewall je suis en train de l'installer.
    Votre diagnostic docteur ? :s
    Merci pour votre aide
    A+
    0
  3. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Coucou

    Malheureusement la désinfection préliminaire n'a pas fonctionné comme prévu à cause de ton manque d'attention.

    Je t'ai marqué en effet des manipulations dans un certain ordre qu'il aurait fallu respecté, or tu as ignoré l'étape 1/ et 2/

    Si tu veux que ton PC soit désinfecté, il faut que tu fasses ce que je t'écris et dans l'ordre que je t'écris !

    Refais la manip depuis le début comme il faut

    Allez, bonne chance ;)

    a+
    0
  4. Altäriel Messages postés 43 Statut Membre
     
    Arf, je suis vraiment désolé :s, pour la peine je vais aller me faire fouetter.
    Plus sérieusement, j'ai effectivement effectué l'etape 1 en dernier, mais j'avais bel et bien fait un nettoyage avec CCleaner.

    Enfin je m'y remet tout de suite, encore désolé;

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Kristopher Messages postés 3752 Statut Contributeur 106
     
    he he pas de problèmes ;)

    Si tu as des questions n'hésites pas, mais ne doute pas sur l'ordre des manipulations à effectuer mdr

    On gagnera du temps, et ton PC devrait être guéri plus rapidement ;)

    Bonne soirée, on attend tous les rapports.
    0
  7. Altäriel Messages postés 43 Statut Membre
     
    Re, avant que je refasse les scans, je voulais savoir comment régler efficacement Kerio, j'ai lu le tuto que tu as mis en lien mais quand ils disent :
    "Si vous êtes perdu à cette étape, testez les lignes une par une et voyez ce qui se passe. Si vous ne pouvez plus vous connecter c'est que cette application doit pouvoir acceder à internet."
    C'est pas très evident :)

    Voilà, je ne sais pas si j'aurais le tps de faire les manip ce soir, je suis de sortie.
    Merci pour ton aide; A+
    0
  8. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Oki ;)

    bye bye
    0
  9. Altäriel Messages postés 43 Statut Membre
     
    Salut :)

    Désolé de n'avoir pas posté hier mais jai eu une grosse journée de boulot et j'avais pas envie de me prendre la tête sur mon ordi toute la soirée.
    Enfin bref, je m'y met aujourd'hui,

    A toute :)

    PS : pour ce qui est de l'etape 2, tu veux un rapport CCleaner ? parce que tu ne l'as pas précisé.
    0
  10. Altäriel Messages postés 43 Statut Membre
     
    Re,

    cette fois ci j'ai bien suivi toutes tes instructions à la lettre, voici les rapports :

    ***
    Ewido :

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 15:46:27 26/08/2006

    + Scan result:

    Nothing found.

    ::Report end

    ****
    Bitdefender :

    Statistics

    Time

    00:55:23

    Files

    295978

    Folders

    3954

    Boot Sectors

    2

    Archives

    1856

    Packed Files

    43384

    Results

    Identified Viruses

    1

    Infected Files

    4

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    8

    Engines Info

    Virus Definitions

    450834

    Engine build

    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins

    13

    Archive plugins

    39

    Unpack plugins

    5

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)

    Infected with: DeepScan:Generic.Malware.dld!!.88E7622E

    C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)

    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\2D070BB4.exe=>(Quarantine-2)

    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)

    Infected with: DeepScan:Generic.Malware.dld!!.88E7622E

    C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)

    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\3F962D47.exe=>(Quarantine-2)

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)

    Infected with: DeepScan:Generic.Malware.dld!!.88E7622E

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085039.exe=>(Quarantine-2)

    Deleted

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)

    Infected with: DeepScan:Generic.Malware.dld!!.88E7622E

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)

    Disinfection failed

    C:\System Volume Information\_restore{FCA4E0F0-6465-44B7-B653-4FC12C89FE3B}\RP326\A0085040.exe=>(Quarantine-2)

    Deleted

    ****
    HiJackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:48:02, on 26/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
    C:\WINDOWS\system32\??mbols\?hkdsk.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wlancfg.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\your user name\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
    O4 - Startup: Moniteur & Configuration.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
    O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

    Voilà voilà, j'attends tes prochaines instructions :)

    A+
    0
  11. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Coucou Altäriel,

    Merci d'avoir enfin tout fais comme il faut :)

    Pour le rapport de CCLEANER - pas besoin.

    1/ Vide la quarantaine de Norton AntiVirus (s'il reste quelque chose).

    2/ Clique droit sur "Poste de travail" -> "Propriétés" -> onglet "Restauration du système" -> tu coches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "Oui".

    Ensuite, tu décoches "Désactiver la Restauration du système sur tous les lecteurs" -> "Appliquer" -> "OK".

    3/ Affiche tous les fichiers et dossiers :

    Clique sur "démarrer" -> "Panneau de configuration" -> "Outils" (tout en haut) -> "Options des dossiers..." -> "Affichage".

    Coche :
    "afficher les fichiers et dossiers cachés"
    Décoche les cases :
    "masquer les fichiers protégés du système d'exploitation (recommandé)"
    "masquer les extensions dont le type est connu"

    Clique sur "Appliquer", puis "Ok"

    4/ Rends toi sur http://www.virustotal.com/flash/index_en.html
    Clique sur "Parcourir..." et cherche le fichier en gras :
    C:\WINDOWS\system32\??mbols\?hkdsk.exe
    Attends que le rectangle soit vert (à droite) et clique sur "Send".
    Une fois le scan terminé, copie/colle le rapport sur le forum.

    5/ Télécharge LopXP :

    http://pageperso.aol.fr/balltrap34/lopxp.zip (Merci à Moe31 et Balltrap34).

    Dézippe-le (clic droit dessus > extraire tout) et lance lopxp.bat

    copie/colle
    le rapport sur le forum

    Courage, on progresse bien ;)
    0
  12. Altäriel Messages postés 43 Statut Membre
     
    Re, juste une précision, "Désactiver la Restauration du système lecteur" se nomme "Désactiver la Restauration du système", c'est la même chose ? :)
    Et je n'ai pas "Désactiver la Restauration du système sur tous les lecteurs", est-ce du au fait que je n'ai qu'un seul lecteur ?

    Merci pour ton aide, a tte.
    0
  13. Altäriel Messages postés 43 Statut Membre
     
    Voilà, j'ai bien procédé comme indiqué ( à part la question que j'ai soulevée dans mon post précédent :) ).

    Voici les rapports :

    Celui de virus total :

    Complete scanning result of "_hkdsk.exe", received in VirusTotal at 08.26.2006, 20:29:45 (CET).

    Antivirus Version Update Result
    AntiVir n - no virus found
    Authentium n - no virus found
    Avast n - no virus found
    AVG n - no virus found
    BitDefender n - no virus found
    CAT-QuickHeal n - no virus found
    ClamAV n - no virus found
    DrWeb n - no virus found
    eTrust-InoculateIT n - no virus found
    eTrust-Vet n - no virus found
    Ewido n - no virus found
    Fortinet n - no virus found
    F-Prot n - no virus found
    F-Prot4 n - no virus found
    Ikarus n - no virus found
    Kaspersky n - no virus found
    McAfee n - no virus found
    Microsoft n - no virus found
    NOD32v2 n - no virus found
    Norman n - no virus found
    Panda n - no virus found
    Sophos n - no virus found
    Symantec n - no virus found
    TheHacker n - no virus found
    UNA n - no virus found
    VBA32 n - no virus found
    VirusBuster n - no virus found

    Aditional Information
    File size: 0 bytes
    MD5: d41d8cd98f00b204e9800998ecf8427e
    SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

    ****
    Et celui de LopXP :

    Rapport fait à 20:33:47,32 le 26/08/2006

    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 98A9-7CBA

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    17/07/2006 15:46 <REP> Spybot - Search & Destroy
    15/07/2006 11:02 <REP> Windows Genuine Advantage
    20/12/2005 19:11 <REP> Skype
    21/08/2005 12:53 <REP> Symantec
    26/07/2005 17:30 <REP> CyberLink
    26/07/2005 17:18 <REP> Ahead
    26/07/2005 11:22 62 desktop.ini
    26/07/2005 11:22 <REP> Microsoft
    26/07/2005 11:22 <REP> ..
    26/07/2005 11:22 <REP> .
    24/05/2003 21:30 <REP> nView_Profiles
    1 fichier(s) 62 octets
    10 R‚p(s) 34155872256 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 98A9-7CBA

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    26/07/2005 11:22 62 desktop.ini
    26/07/2005 11:22 <REP> ..
    26/07/2005 11:22 <REP> Microsoft
    26/07/2005 11:22 <REP> .
    1 fichier(s) 62 octets
    3 R‚p(s) 34155872256 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 98A9-7CBA

    R‚pertoire de C:\Documents and Settings\your user name\Application Data

    15/07/2006 00:04 <REP> Lavasoft
    02/06/2006 19:47 <REP> Xfire
    13/04/2006 18:11 <REP> La Bataille pour la Terre du Milieu T II
    02/11/2005 11:59 <REP> Help
    01/09/2005 14:12 <REP> Ahead
    23/08/2005 11:33 <REP> InterTrust
    21/08/2005 12:54 <REP> Symantec
    21/08/2005 12:36 <REP> Sun
    06/08/2005 22:21 <REP> teamspeak2
    01/08/2005 20:26 <REP> vlc
    01/08/2005 19:28 <REP> CyberLink
    31/07/2005 19:17 <REP> Adobe
    29/07/2005 22:34 <REP> Macromedia
    29/07/2005 17:20 <REP> .bittorrent
    29/07/2005 11:20 <REP> Mozilla
    28/07/2005 20:44 <REP> La Bataille pour la Terre du Milieu
    28/07/2005 19:04 <REP> Ideazon
    28/07/2005 14:37 <REP> Skype
    26/07/2005 17:28 <REP> Creative
    26/07/2005 10:39 <REP> Identities
    26/07/2005 10:39 62 desktop.ini
    26/07/2005 10:39 <REP> ..
    26/07/2005 10:39 <REP> .
    26/07/2005 10:39 <REP> Microsoft
    1 fichier(s) 62 octets
    23 R‚p(s) 34155872256 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 98A9-7CBA

    R‚pertoire de C:\WINDOWS\Tasks

    21/08/2005 12:55 382 Symantec NetDetect.job
    26/07/2005 10:35 6 SA.DAT
    26/07/2005 10:30 65 desktop.ini
    26/07/2005 10:30 <REP> ..
    26/07/2005 10:30 <REP> .
    3 fichier(s) 453 octets
    2 R‚p(s) 34ÿ155ÿ859ÿ968 octets libres

    ******************************************
    Recherche dans Program files

    Le dossier C:\Program Files\C2Media n'existe pas

    *************** Fin du rapport *****************

    Voilou, j'attends pour la suite des hostilités ^_^ .
    A toute.
    0
  14. Altäriel Messages postés 43 Statut Membre
     
    Salut :)

    Que dois-je faire à présent ? J'ai bien remarqué que le programme ne se lancait plus, mais est-ce que les opérations sont terminées ?

    Merci de ton aide,
    a+
    0
  15. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Salut,

    Tu es sûre d'avoir scanné le fichier "?hkdsk.exe" car dans le rapport je lis "_hkdsk.exe" avec un "_" et non un "?" (or c'est très important).

    Ensuite, je vois que tu es toujours infectée, remets un nouveau log HT.

    a+
    0
  16. Altäriel Messages postés 43 Statut Membre
     
    Salut, désolé pour mon absence.

    Pour ce qui est du fichier "?hkdsk.exe", je pense effectivement avoir plutôt scanné "_hkdsk.exe", pour la simple raison que je trouvé pas le fichier avec le " ? " à cette adresse C:\WINDOWS\system32\??mbols\?hkdsk.exe .
    ( pas de dossier " ??mbols " , mais un dossier "symbols" )

    Voici le log HT :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:07:18, on 30/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\wlancfg.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\WINDOWS\?ppPatch\??xplore.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\your user name\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
    O4 - HKCU\..\Run: [Wekk] C:\WINDOWS\?ppPatch\??xplore.exe
    O4 - Startup: Moniteur & Configuration.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
    O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

    Merci :)
    A+
    0
  17. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Re ;)

    1/ Relance HT et fixe ces lignes :

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
    O4 - HKCU\..\Run: [Wekk] C:\WINDOWS\?ppPatch\??xplore.exe

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll

    2/ - Télécharge Pocket Killbox ici :
    http://www.downloads.subratam.org/KillBox.exe
    Déconnecte toi du net.

    Double clic sur killbox.exe (Pocket Killbox)

    - Coche : "Delete on reboot"
    - Dans "Full Path of File to Delete"
    copie et colle ceci :

    C:\WINDOWS\SYSTEM32\winjyp32.dll

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation : clique sur "YES"
    - une seconde fenêtre te demande si tu veux redémarrer : clique sur "YES"

    Laisse le PC redémarrer.
    Si tu as le message suivant : "pending file rename operations registry data has been removed by external process.", ignore-le et redémarre ton PC manuellement.
    En image : http://tinypic.com/images/goodbye.jpg

    3/ Scanne ton PC avec cet antivirus en ligne :
    https://www.kaspersky.fr/downloads
    - Choisis "Kaspersky Online Scanner"
    - Clique sur "Accept" -> "Next" -> "My computer"
    - Laisse le scan se faire et copie/colle le rapport ici (si infecté)

    4/
    Remets un nouveau log HijackThis.

    Courage, Kristopher
    0
  18. Altäriel Messages postés 43 Statut Membre
     
    Re, j'ai bien procédé comme tu me l'as indiqué, j'obtiens ceci :

    Rapport Kaspersky :

    KASPERSKY ONLINE SCANNER REPORT
    Saturday, September 02, 2006 9:44:59 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 2/09/2006
    Kaspersky Anti-Virus database records: 207479
    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true
    Scan Target My Computer
    A:\
    C:\
    D:\
    Scan Statistics
    Total number of scanned objects 60954
    Number of viruses found 2
    Number of infected objects 3 / 0
    Number of suspicious objects 0
    Duration of the scan process 00:46:06

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\history.dat Object is locked skipped
    C:\Documents and Settings\your user name\Application Data\Mozilla\Firefox\Profiles\56fybc5a.default\parent.lock Object is locked skipped
    C:\Documents and Settings\your user name\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\your user name\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\your user name\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\your user name\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\your user name\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
    C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\7GJ1JNEA\!update-4295[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.co skipped
    C:\Documents and Settings\your user name\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\your user name\Mes documents\&#1109;ecurity\rundll.exe Infected: Trojan-Downloader.Win32.PurityScan.dg skipped
    C:\Documents and Settings\your user name\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\your user name\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
    C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd3933.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.CDF Object is locked skipped
    Scan process completed.

    Et le log HiJackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 21:48:18, on 02/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wlancfg.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\?ppPatch\??xplore.exe
    C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
    C:\Documents and Settings\your user name\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {DFB6AA6F-4DD7-1807-A2D9-6D1332AE6DE6} - C:\WINDOWS\system32\dqng.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DFB6AA6F-4DD7-1807-A2D9-6D1332AE6DE6} - C:\WINDOWS\system32\dqng.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
    O4 - Startup: Moniteur & Configuration.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O20 - AppInit_DLLs: wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
    O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

    Voilà, que dois-je faire a présent ?
    Merci, A+

    PS : Reprise des cours Lundi, ce qui signifie donc que je ne pourrais répondre à tes message qu'en fin de semaine ( je suis en internat :s ).
    Voilà ^^
    0
  19. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Salut,

    C'est bientôt fini... Enfin ça va dépendre de Toi en fait.

    Télécharge Look2Me-Destroyer.exe sur ton Bureau.

    http://www.atribune.org/ccount/click.php?id=7

    * Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
    * Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
    * Coche "Run this program as a task"
    * Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique [OK]
    * Il se relancera après les 10 secondes, puis clique sur le bouton "Scan for L2M"; les icônes de ton Bureau vont disparaître : c'est normal !
    * Lorsque le scan termine, clique sur le bouton "Remove L2M"
    * Un message "Done Scanning" apparaîtra, clique [OK].
    * Un nouveau message s'affichera : "Done removing infected files! Look2Me-Destroyer will now shutdown your computer"; clique [OK].
    * Ton PC va maintenant s'éteindre.
    * Démarre ton PC normalement.
    * Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    #Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

    ##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte !

    ###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-dessous, et place-le dans le dossier C:\Windows\System32
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

    a+
    0
  20. Altäriel Messages postés 43 Statut Membre
     
    Salut,
    je suis désolé de n'avoir pas pu poster avant aujourd'hui, mais la reprise des cours a été difficile et j'ai eu très peu de temps a consacrer a mon ordi :'( .Enfin me revoici et j'espère que tu voudras bien m'aider à nouveau après mon absence.
    Enfin voilà, j'ai fait ce que tu avais demandé dans ton dernier message.

    Voici le rapport Look2Me-Destroyer :

    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 23/09/2006 14:24:08

    Attempting to delete infected files...

    Making registry repairs.

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file

    Restoring SeDebugPrivilege for Administrateurs - Succeeded

    Et le rapport HiJackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 14:33:31, on 23/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wlancfg.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe
    C:\WINDOWS\system32\?racle\w?aclt.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\your user name\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {DB8896D0-2139-75EC-1C75-57F00CBA3FE5} - C:\WINDOWS\system32\efwp.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DB8896D0-2139-75EC-1C75-57F00CBA3FE5} - C:\WINDOWS\system32\efwp.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Miom] "C:\DOCUME~1\YOURUS~1\MESDOC~1\ECURIT~1\rundll.exe" -vt ndrv
    O4 - HKCU\..\Run: [Rhhckzn] C:\WINDOWS\system32\?racle\w?aclt.exe
    O4 - Startup: Moniteur & Configuration.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O20 - AppInit_DLLs: wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
    O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

    Voilà :), merci d'avance, a bientôt, Altä.

    Ps : j'ai noté qu'un dossier nommé "security" s'était créé dans le dossier "Mes documents", il contient un dossier "ECURIT~1" et "rundll.exe" .
    0
  21. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Bonsoir,

    Encore des soucis ?
    0