[VIRUS] infecté par serwab et Win

Résolu
anthony -  
 Regis59 -
Bonjour, j'ai eu a plusieurs reprises un message qui me disé que mon PC est infecté par le virus serwab. J'ai utilisé Ad-aware pour l'éliminer je pense que ca a marché mais il est revenus. Dans le compte rendu de Ad-aware le virus Win était présent aussi. J'ai fait un scane avec Hijackthis. Voici ce qu'il ma donné:

Logfile of HijackThis v1.99.1
Scan saved at 12:36:27, on 28/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\lssas.exe
C:\kybrdff_e38.exe
C:\nwnmff_e38.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\FNTS~1\winspool.exe
C:\Program Files\?dobe\w?wexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Hbtools\HBTV\HBTV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HbTools\Bin\4.8.2.0\HbtSrv.exe
C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e38.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e38.exe
O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\g2040cdqef0e0.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe

J'ai aussi parfois un messsage qui me dit que la sécurité de ma carte bancaire, que mon mariage et que mon avenir peuvent être en danger car il ya des traces de mes parcours sur internet. Aidez moi svp. Je n'y connait vraiment pas grand chose en informatique. Mon anti virus est Norton 2004, et j'ai cru comprendre qu'il n'est pas trés éfficace.
J'ai encore un autre problème quand je suis sue internet j'ai trés souvent des pages publicitaire qui s'affiche? comment y remédier.
Merçi d'avance à tout ceux qui pourront m'aider.

67 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Plusieurs signes indiquent une infection étendue, avec des alertes et des redirections liées à des barres d’outils et à des modules publicitaires, et un antivirus ancien peut être inefficace. Les éléments du diagnostic montrent des entrées de démarrage et des composants suspects tels i-Nav et des DLL, nécessitant une procédure de désinfection approfondie et la soumission de rapports pour vérification. La solution préconisée privilégie l’installation d’un pare-feu et l’exécution d’un tutoriel de désinfection demandant le collage de trois rapports, afin de guider la procédure étape par étape. En complément, l’utilisation d’outils comme ewido et la mise à jour de l’antivirus renforcent la prévention, tandis que l’affichage publicitaire fréquent et des alertes sensibles peuvent révéler des tentatives de vol de données.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    slt,

    Vire ceci :

    C:\Program Files\HbTools

    Télécharges smitfraudfix :

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
    cela vas générer un rapport.
    Si tu vois des lignes avec PRESENT! Continue la manip qui suit.

    Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

    - Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l’option 2 et tu réponds oui à tout.

    Copie/colle le rapport sur le forum stp.

    a+
    0
  2. anthony
     
    J'ai essayé de virer le dossier Hb Tools mais le Pc ne veut pas:
    HbtCoreSrv.dll Accés refusé.
    Je télécharge quand même smitfraudfix?

    Merci
    0
  3. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    oui lance Smitfraudfix quand meme et colle le rapport.

    Si Hbtools ne degage en mode normal vire le en mode sans echec

    Rappel :

    Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

    Désolé.

    Je suis absent tout le week end à partir de maintenant donc on verra pour la suite + tard ...

    Bon week end. ;-)

    a+
    0
  4. anthony
     
    voila le rapport:

    SmitFraudFix v2.115

    Rapport fait à 20:16:57,09, 28/10/2006
    Executé à partir de C:\Documents and Settings\Anthony Lenglet\Bureau\Nouveau dossier\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\drsmartload?.exe supprimé
    C:\MTE3NDI6ODoxNg.exe supprimé
    C:\WINDOWS\drsmartload2.dat supprimé
    C:\WINDOWS\keyboard1.dat supprimé
    C:\WINDOWS\newname.dat supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Hb tools a bien dégagé. Merci.

    J'atend ton retour pour la suite...

    Merci.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Kristopher Messages postés 3752 Statut Contributeur 106
     
    Bonsoir,

    Tu es énormément infecté...

    En attendant le retour de l'ami Séb fais ceci stp. :

    1/ Télécharge absolument un firewall.
    Par exemple, Sunbelt Kerio Personal Firewall : https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
    Tutorial là : https://forums.cnetfrance.fr

    2/ Ensuite, rends toi ici et fais exactement ce qui est demandé en collant les 3 rapports dans l'ordre :)

    virus methode preliminaire de desinfection version fr

    Bonne fin de week end
    0
  7. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Re,

    Alors ?

    slt Kris ;-)
    0
  8. anthony
     
    J'ai téléchargé kério et installé mais j'ai essayé de le tutoré mais il me manque l'onglet:
    "Sécurité du système". Donc je ne peut pas réaliser toute les étapes du tutorial.

    Je n'arive pas à m'enregistrer non plus car il me manque le numéro de licence. Il me demande le nombre de licence que j'ai acheté au prés de leurs service de vente. Ce n'est pas gratuit?

    Est ce que je fait la 2ème étape quand même?

    Merci
    0
  9. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ne tinscrit pas sinon tu va payer les services de Kério !

    Tu l'installe et c'est tout ensuite tu ne t'occupes pas de ce qui se passe.
    Au bout d'un certains temps tu vas perdre le filtrage Web qui n'est dispo que sur la version payante sinon tout fonctionnera normalement.
    0
  10. anthony
     
    Bonjour,
    Voilà les trois rapport:

    1°) il est en allemand car j'ai oublié de configurer la langue.

    ---------------------------------------------------------
    ewido anti-spyware - Scan-Bericht
    ---------------------------------------------------------

    + Erstellt um: 20:05:31 30/10/2006

    + Scan-Ergebnis:

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\bw2.com -> Adware.AdURL : Gesäubert.
    C:\WINDOWS\icont.exe -> Adware.AdURL : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052620.DLL -> Adware.CommAd : Gesäubert.
    C:\WINDOWS\QW50aG9ueSBMZW5nbGV0\command.exe -> Adware.CommAd : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052575.dll -> Adware.DriveCleaner : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053171.exe -> Adware.DriveCleaner : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053175.dll -> Adware.DriveCleaner : Gesäubert.
    C:\Program Files\Hotbar -> Adware.HotBar : Gesäubert.
    C:\Recycled\Dc3\bin\4.8.2.0\HbtHostOE.dll -> Adware.Hotbar : Gesäubert.
    C:\Recycled\Dc3\bin\4.8.2.0\HbtInstIE.dll -> Adware.HotBar : Gesäubert.
    C:\Recycled\Dc3\bin\4.8.2.0\bak\HbtOEAddOn.exe -> Adware.HotBar : Gesäubert.
    C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\AppID\WeatherOnTray.EXE -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtTools.HbMain -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtTools.HbMain.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtTools.HbMain\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\HbtTools.HbMain\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager.1 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools\Install -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools\MachineInfo -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools\Mail -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools\Updates -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\HbTools\Upgrade -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\Install -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\HbTools\Install\CmpMap -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsOutlookTools -> Adware.HotBar : Gesäubert.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsWebTools -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Common -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Common\Time -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Common\Updates -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\EUI -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\ImagesHistory -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Install -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\MachineInfo -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\PI -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\keren -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg860 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg861 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg887 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg888 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg889 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg910 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg914 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg915 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg940 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg941 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg942 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg943 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg946 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg947 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg948 -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\UserInfo -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Weather -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\dynamicFail -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\links -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\mail -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\options -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\updates -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HostOI -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HostOI\Updates -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Install -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Install\Icons -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Install\Links -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostIE -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostIE\Updates -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOI -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOI\Updates -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOL -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOL\Updates -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol\Mail -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol\Updates -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol\soho -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hotbar -> Adware.HotBar : Gesäubert.
    HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hotbar\MultiUrl -> Adware.HotBar : Gesäubert.
    C:\Installer4.exe -> Adware.Look2Me : Gesäubert.
    C:\Installer5.exe -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052576.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052586.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052593.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052602.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052605.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052610.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052621.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052641.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052643.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052656.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052668.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052960.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052971.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053176.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053183.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053189.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053192.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053200.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053206.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053221.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053233.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053241.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053255.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053272.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053274.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053286.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053287.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053295.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053417.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053426.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053436.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053446.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053454.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053457.dll -> Adware.Look2Me : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053471.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\dmauth.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\dznwsock.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\gpn6l35s1.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\iacvid.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\ineshare.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\kldur.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\tHpi.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\uhrcoina.dll -> Adware.Look2Me : Gesäubert.
    C:\WINDOWS\system32\wpfeman.dll -> Adware.Look2Me : Gesäubert.
    [1808] C:\WINDOWS\system32\sosinv.dll -> Adware.Look2Me : Gesäubert.
    [1960] C:\WINDOWS\system32\sosinv.dll -> Adware.Look2Me : Gesäubert.
    C:\Program Files\Deskbar -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\Cache -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\about.html -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\options.html -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Gesäubert.
    C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052635.exe -> Adware.Softomate : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052636.dll -> Adware.Softomate : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053262.exe -> Adware.Softomate : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053263.dll -> Adware.Softomate : Gesäubert.
    C:\deskbar.exe -> Adware.Softomate : Gesäubert.
    C:\deskbar_e37.exe/deskbar.exe -> Adware.Softomate : Gesäubert.
    C:\deskbar_e41.exe/deskbar.exe -> Adware.Softomate : Gesäubert.
    HKLM\SOFTWARE\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Gesäubert.
    HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : Gesäubert.
    HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : Gesäubert.
    HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : Gesäubert.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Gesäubert.
    C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Gesäubert.
    C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Gesäubert.
    C:\WINDOWS\system32\lssas.exe -> Backdoor.IRCBot.xn : Gesäubert.
    [2076] C:\WINDOWS\System32\lssas.exe -> Backdoor.IRCBot.xn : Fehler während der Säuberung.
    C:\bak\nwnmff_e37.exe -> Downloader.Adload.fk : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP305\A0050429.exe -> Downloader.Adload.fu : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050501.exe -> Downloader.Adload.fu : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0051543.exe -> Downloader.Adload.fu : Gesäubert.
    C:\mc44a37.exe -> Downloader.Adload.fu : Gesäubert.
    C:\mc44a38.exe -> Downloader.Adload.fu : Gesäubert.
    C:\mc44a41.exe -> Downloader.Adload.fu : Gesäubert.
    C:\bak\kybrdff_e37.exe -> Downloader.Adload.fy : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052543.exe -> Downloader.Adload.hg : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052591.exe -> Downloader.Adload.hg : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052632.exe -> Downloader.Adload.hg : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053261.exe -> Downloader.Adload.hg : Gesäubert.
    C:\WINDOWS\Fοnts\bak\winspool.exe -> Downloader.PurityScan.db : Gesäubert.
    C:\WINDOWS\Fοnts\winspool.exe -> Downloader.PurityScan.db : Gesäubert.
    [2108] C:\WINDOWS\FNTS~1\winspool.exe -> Downloader.PurityScan.db : Fehler während der Säuberung.
    C:\VSL.dl_.exe -> Downloader.Small.ajc : Gesäubert.
    C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053291.exe -> Downloader.Small.buy : Gesäubert.
    C:\VSL.dl_ -> Downloader.Small.ctp : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP302\A0048863.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP303\A0048959.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP303\A0049959.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP303\A0049971.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP305\A0050342.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP305\A0050428.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050452.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050473.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050499.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050525.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0051522.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0051535.EXE -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052540.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052585.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052601.EXE -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052629.exe -> Downloader.Small.duf : Gesäubert.
    C:\WINDOWS\algs.exe -> Downloader.Small.duf : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052639.exe -> Hijacker.Small.jf : Gesäubert.
    C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Gesäubert.
    C:\WINDOWS\Temp\ICD1.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\8NFNSG7R\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\installdrivecleanerstart_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Gesäubert.
    C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert.
    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052655.EXE -> Not-A-Virus.Monitor.Win32.NetMon.a : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@247realmedia[1].txt -> TrackingCookie.247realmedia : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@247realmedia[2].txt -> TrackingCookie.247realmedia : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@2o7[2].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@2o7[3].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@boonty.122.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@advertising[1].txt -> TrackingCookie.Advertising : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@atdmt[2].txt -> TrackingCookie.Atdmt : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@casalemedia[1].txt -> TrackingCookie.Casalemedia : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@casalemedia[2].txt -> TrackingCookie.Casalemedia : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@casinotropez[1].txt -> TrackingCookie.Casinotropez : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.epilot[1].txt -> TrackingCookie.Epilot : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@estat[1].txt -> TrackingCookie.Estat : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@as1.falkag[2].txt -> TrackingCookie.Falkag : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@as1.falkag[3].txt -> TrackingCookie.Falkag : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ehg-sonyesolutions.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ehg-sonyeu.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@hitbox[3].txt -> TrackingCookie.Hitbox : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@mediaplex[1].txt -> TrackingCookie.Mediaplex : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@overture[2].txt -> TrackingCookie.Overture : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ads1.revenue[1].txt -> TrackingCookie.Revenue : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@revenue[1].txt -> TrackingCookie.Revenue : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@revenue[3].txt -> TrackingCookie.Revenue : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@serving-sys[1].txt -> TrackingCookie.Serving-sys : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@tacoda[1].txt -> TrackingCookie.Tacoda : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@webstat[1].txt -> TrackingCookie.Web-stat : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@weborama[1].txt -> TrackingCookie.Weborama : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Gesäubert.
    C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Gesäubert.

    ::Berichtende

    2°)

    BitDefender Online Scanner

    Scan report generated at: Tue, Oct 31, 2006 - 08:51:50

    Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;

    Statistics

    Time
    01:20:02

    Files
    417281

    Folders
    5992

    Boot Sectors
    2

    Archives
    7554

    Packed Files
    63676

    Results

    Identified Viruses
    22

    Infected Files
    80

    Suspect Files
    5

    Warnings
    0

    Disinfected
    0

    Deleted Files
    102

    Engines Info

    Virus Definitions
    479421

    Engine build
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins
    13

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
    Disinfection failed

    C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
    Deleted

    C:\WINDOWS\system32\enp8l17u1.dll
    Infected with: Trojan.Candebe.CZ

    C:\WINDOWS\system32\enp8l17u1.dll
    Disinfection failed

    C:\WINDOWS\system32\enp8l17u1.dll
    Deleted

    C:\WINDOWS\system32\i
    Infected with: Generic.Botget.CCBE999D

    C:\WINDOWS\system32\i
    Deleted

    C:\WINDOWS\system32\wu.exe
    Suspected of: BehavesLike:Trojan.Downloader

    C:\WINDOWS\system32\wu.exe
    Disinfection failed

    C:\WINDOWS\system32\wu.exe
    Deleted

    C:\WINDOWS\system32\NeroCheck.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\WINDOWS\system32\NeroCheck.exe
    Disinfection failed

    C:\WINDOWS\system32\NeroCheck.exe
    Deleted

    C:\WINDOWS\system32\gccdklme.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\WINDOWS\system32\gccdklme.exe
    Disinfection failed

    C:\WINDOWS\system32\gccdklme.exe
    Deleted

    C:\WINDOWS\wt\wcmdmgrl.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\WINDOWS\wt\wcmdmgrl.exe
    Disinfection failed

    C:\WINDOWS\wt\wcmdmgrl.exe
    Deleted

    C:\WINDOWS\FNTS~1\winspool.exe
    Infected with: Trojan.Downloader.PurityScan.BP

    C:\WINDOWS\FNTS~1\winspool.exe
    Disinfection failed

    C:\WINDOWS\FNTS~1\winspool.exe
    Delete failed

    C:\RDFX4.exe
    Infected with: Trojan.Downloader.Small.CTP

    C:\RDFX4.exe
    Disinfection failed

    C:\RDFX4.exe
    Deleted

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk=>C:\Program Files\Real\RealPlayer\realplay.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk=>C:\Program Files\Real\RealPlayer\realplay.exe
    Disinfection failed

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk=>C:\Program Files\Real\RealPlayer\realplay.exe
    Deleted

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk
    Update failed

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\!update.exe
    Infected with: Trojan.Downloader.PurityScan.BP

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\!update.exe
    Disinfection failed

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\!update.exe
    Deleted

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\!update-4295[1].0000
    Infected with: Trojan.Downloader.PurityScan.BP

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\!update-4295[1].0000
    Disinfection failed

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\!update-4295[1].0000
    Deleted

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\6NY7Q5AR\checkin[1].htm
    Infected with: Exploit.ADODB.Stream.AO

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\6NY7Q5AR\checkin[1].htm
    Disinfection failed

    C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\6NY7Q5AR\checkin[1].htm
    Deleted

    C:\Documents and Settings\Anthony Lenglet\Bureau\Remove Spyware.url
    Infected with: Trojan.QUrl.C

    C:\Documents and Settings\Anthony Lenglet\Bureau\Remove Spyware.url
    Disinfection failed

    C:\Documents and Settings\Anthony Lenglet\Bureau\Remove Spyware.url
    Deleted

    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    Disinfection failed

    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    Deleted

    C:\Program Files\QuickTime\qttask.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\Program Files\QuickTime\qttask.exe
    Disinfection failed

    C:\Program Files\QuickTime\qttask.exe
    Deleted

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    Disinfection failed

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    Delete failed

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    Disinfection failed

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    Deleted

    C:\Program Files\Ahead\InCD\InCD.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\Program Files\Ahead\InCD\InCD.exe
    Disinfection failed

    C:\Program Files\Ahead\InCD\InCD.exe
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\036D16A9.exe=>(Quarantine-2)
    Infected with: DeepScan:Generic.Malware.SN!!.948370C5

    C:\Program Files\Norton AntiVirus\Quarantine\036D16A9.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\036D16A9.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0004
    Infected with: Trojan.Downloader.IstBar.OK

    C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0004
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0004
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)
    Update failed

    C:\Program Files\Norton AntiVirus\Quarantine\2ED55FBA=>(Quarantine-2)
    Infected with: Backdoor.Rbot.BIJ

    C:\Program Files\Norton AntiVirus\Quarantine\2ED55FBA=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\1E253C10.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\Program Files\Norton AntiVirus\Quarantine\1E253C10.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\1E253C10.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\1EDF1543.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Small.BOJ

    C:\Program Files\Norton AntiVirus\Quarantine\1EDF1543.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\1EDF1543.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\26BB1C9E.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Small.BOJ

    C:\Program Files\Norton AntiVirus\Quarantine\26BB1C9E.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\26BB1C9E.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\26BE469A.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Small.BOJ

    C:\Program Files\Norton AntiVirus\Quarantine\26BE469A.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\26BE469A.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\35E373F0.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\Program Files\Norton AntiVirus\Quarantine\35E373F0.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\35E373F0.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\772C5818.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\Program Files\Norton AntiVirus\Quarantine\772C5818.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\772C5818.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\745C09C2.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\Program Files\Norton AntiVirus\Quarantine\745C09C2.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\745C09C2.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\Norton AntiVirus\Quarantine\21631BA2.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\Program Files\Norton AntiVirus\Quarantine\21631BA2.exe=>(Quarantine-2)
    Disinfection failed

    C:\Program Files\Norton AntiVirus\Quarantine\21631BA2.exe=>(Quarantine-2)
    Deleted

    C:\Program Files\SymNetDrv\SNDMon.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\Program Files\SymNetDrv\SNDMon.exe
    Disinfection failed

    C:\Program Files\SymNetDrv\SNDMon.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052542.exe
    Suspected of: BehavesLike:Trojan.Downloader

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052542.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052542.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052574.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052574.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052574.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052588.exe
    Suspected of: BehavesLike:Trojan.Downloader

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052588.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052588.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052589.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052589.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052589.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052631.exe
    Suspected of: BehavesLike:Trojan.Downloader

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052631.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052631.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053290.exe
    Infected with: Trojan.Downloader.Adload.FJ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053290.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053290.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053479.exe
    Infected with: Generic.Sdbot.F001AFB6

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053479.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053480.exe
    Infected with: Trojan.Clspring.BE

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053480.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053480.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053481.exe
    Infected with: Trojan.Clspring.BE

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053481.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053481.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053482.exe
    Infected with: DeepScan:Generic.Malware.dld!!.F67304D8

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053482.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053482.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053483.exe
    Infected with: Trojan.Downloader.Adload.FG

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053483.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053483.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053484.exe
    Infected with: Trojan.Downloader.Adload.FG

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053484.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053484.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053485.exe
    Infected with: Trojan.Downloader.Adload.FJ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053485.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053485.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053486.exe
    Infected with: Trojan.Downloader.Small.BUY

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053486.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053487.exe
    Infected with: Trojan.Downloader.Small.AJC

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053487.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053487.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053488.exe
    Infected with: Trojan.Downloader.DollarRevenue.AD

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053488.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053488.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053489.exe
    Infected with: Trojan.Downloader.DollarRevenue.AD

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053489.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053489.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053490.exe
    Infected with: Trojan.Canbede.L

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053490.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053490.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053491.exe
    Infected with: Trojan.Canbede.L

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053491.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053491.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053493.dll
    Infected with: Trojan.Candebe.CZ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053493.dll
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053493.dll
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053495.dll
    Infected with: Trojan.Candebe.CZ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053495.dll
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053495.dll
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053496.dll
    Infected with: Trojan.Candebe.CZ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053496.dll
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053496.dll
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053498.dll
    Infected with: Trojan.Candebe.CZ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053498.dll
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053498.dll
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053500.dll
    Infected with: Trojan.Candebe.CZ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053500.dll
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053500.dll
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053511.exe
    Infected with: Trojan.Qurl.3

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053511.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053511.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053514.dll
    Infected with: Trojan.Candebe.CZ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053514.dll
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053514.dll
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053530.EXE
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053530.EXE
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053530.EXE
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053531.dll
    Infected with: Trojan.Candebe.CZ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053531.dll
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053531.dll
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053532.exe
    Suspected of: BehavesLike:Trojan.Downloader

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053532.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053532.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053533.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053533.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053533.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053534.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053534.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053534.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053535.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053535.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053535.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053536.exe
    Infected with: Trojan.Downloader.Small.CTP

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053536.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053536.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053537.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053537.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053537.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053538.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053538.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053538.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053539.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053539.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053539.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053540.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053540.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053540.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053541.exe
    Infected with: DeepScan:Generic.Mitglied.687CAF98

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053541.exe
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053541.exe
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053542.exe=>(Quarantine-2)
    Infected with: DeepScan:Generic.Malware.SN!!.948370C5

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053542.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053542.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053543.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053543.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053543.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053544.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Small.BOJ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053544.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053544.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053545.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Small.BOJ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053545.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053545.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053546.exe=>(Quarantine-2)
    Infected with: Trojan.Downloader.Small.BOJ

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053546.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053546.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053547.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053547.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053547.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053548.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053548.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053548.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053549.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053549.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053549.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053550.exe=>(Quarantine-2)
    Infected with: MemScan:Trojan.Vundo.K

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053550.exe=>(Quarantine-2)
    Disinfection failed

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053550.exe=>(Quarantine-2)
    Deleted

    C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053551.exe
    Infected with: DeepScan:Generic.Mi
    0
  11. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    heureusement que j'ai un mon traducteur informatique ! lol

    Ou en sont tes probs ?

    Remet un log Hijack
    0
    1. Kristopher Messages postés 3752 Statut Contributeur 106
       
      Slt Séb ;)

      J'ai quelques notions principales de l'Allemand même si c'est un langue que je n'ai jamais étudié...

      Il me semble que Gesäubert = Nettoyé.

      Je suis presque certain qu'il reste encore pas mal de virus.

      J'espère que notre ami a installé un firewall comme je lui ai suggéré et il faudra lui faire changer d'antivirus car celui-ci semble être "troué" (euphémisme).

      Bonne journée,
      Kris
      0
      1. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430 > Kristopher Messages postés 3752 Statut Contributeur
         
        ok Kris ;-)

        Quand je disais que j'avais mon traducteur ce n'etait pas des connneries ! lol

        Gesäubert = Nettoyé
        j'avais vu sinon je lui aurait dit de refaire le scan.

        Bonne journée à toi aussi.

        @+
        0
  12. anthony
     
    Voici le log demandé:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:54:08, on 31/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\E_S00RP1.EXE
    C:\WINDOWS\FNTS~1\winspool.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\VeriSign\NAVI\naviagent.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\SAgent4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{68F8EDD4-A834-41B8-84A1-65C250B5D399}: NameServer = 86.64.145.140 84.103.237.140
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe

    Moi j'ai fait de l'allemand mais je n'y connais rien... Merci a vous 2.
    Je pense que vous n'êtes pas trop de 2 pour me sortir de là.Mdr.
    0
  13. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Pour vérif :

    Fais un clic droit sur l'outil HijackThis! >> "Renommer", puis renomme-le en scan.exe

    Lance HijackThis! (double clique scan.exe) puis clique "Do a system scan and save a logfile", puis poste le rapport ici.
    0
  14. anthony
     
    Voila le log:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:21:43, on 31/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\E_S00RP1.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\VeriSign\NAVI\naviagent.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\SAgent4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\FNTS~1\winspool.exe
    C:\Program Files\?dobe\w?wexec.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\msiexec.exe
    C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\scan.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{68F8EDD4-A834-41B8-84A1-65C250B5D399}: NameServer = 84.103.237.144 86.64.145.144
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe

    Je pense avoir bien fait la manip'.

    Merçi.
    0
  15. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Télécharge l2mfix :
    http://www.downloads.subratam.org/l2mfix.exe

    Quitter le net, le navigateur, et toutes autres fenêtres d’applications.
    Double clic sur l2mfix.exe pour lancer l'extraction.
    Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche "Entrée".
    Le bloc note va s'ouvrir avec le résultat du scan.
    Copie/colle le rapport sur le forum stp.

    --

    ***** Have a good day *****
    0
  16. anthony
     
    Re
    Voilà le rapport de l2mfix

    2MFIX find log 051206
    These are the registry keys present
    ********************************************************************

    **************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

    NT\CurrentVersion\Winlogon\Notify]
    "Asynchronous"=dword:00000000
    "DllName"=""
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    ********************************************************************

    **************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu

    rrentVersion\Internet Settings\User Agent\Post Platform]
    "{F74A6EDC-3CD0-75DA-7DF6-C23B8143273C}"=""

    ********************************************************************

    **************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu

    rrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de

    propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de

    scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de

    s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des

    propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de

    l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL

    Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension

    Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension

    Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension

    Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de

    s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de

    compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire

    de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension

    copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de

    l'environnement pour les objets r‚seau de Microsoft

    Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion

    d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion

    d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de

    l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de

    l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu

    contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-docum

    ents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension

    ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de

    s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de

    l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display

    TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de

    cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de

    cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions

    r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions

    r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et

    appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs

    et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et

    appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs

    et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs

    et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote

    Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update

    Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions

    de l'interpr‚teur de commandes pour l'environnement

    d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de

    donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder

    Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder

    Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches

    planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des

    tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier

    ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils

    d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media

    Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media

    Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav

    Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties

    Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties

    Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video

    Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils

    Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du

    t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier

    Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du

    shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du

    navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de

    recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚

    de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche

    Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des

    options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte

    d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie

    semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImag

    eExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie

    semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie

    semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de

    progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de

    la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie

    semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie

    semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur

    de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site

    de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell

    DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du

    Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar

    BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance

    utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres

    du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites

    Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell

    Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell

    DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft

    Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcu

    t"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url

    History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary

    Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary

    Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url

    Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de

    d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF

    Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search

    Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet

    Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail

    service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail

    service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier

    ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription

    Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier

    Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckW

    ebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheck

    ChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code

    Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="Connection

    Agent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck

    SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire

    d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur

    d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication

    d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image

    Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image

    Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de

    miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnair

    e de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de

    miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image

    Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant

    Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande

    d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet

    Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir

    une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes

    d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed

    (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed

    (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de

    chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de

    chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel

    Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel

    Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel

    Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders

    Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft

    DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft

    DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft

    DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft

    DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft

    DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft

    DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory

    Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell

    properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory

    Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory

    Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory

    Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory

    Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs

    Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop

    Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs

    Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files

    Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files

    Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier

    Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft

    Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_Publish

    DropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon

    Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file

    viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des

    &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows

    Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows

    Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows

    Media Player Add to Playlist Context Menu Handler"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion

    Cache"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft

    Outlook Custom Icon Handler"
    "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAM

    P Music Converter 1"
    "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerA

    MP Music Converter"
    "{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension

    for CDRW"
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger

    Sharing Folders"
    "{CE000992-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN

    Resolver"
    "{CE000994-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN

    SearchHook"
    "{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}"="IZArc

    DragDrop Menu"
    "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"="IZArc Shell

    Context Menu"
    "{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}"=""
    "{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}"=""
    "{D71B94EB-B141-420F-88E8-F84CCC038DF0}"=""
    "{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}"=""
    "{C8B6262B-8C09-46FB-AAFC-AD31148A8089}"=""
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable

    Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable

    Media Devices Menu"

    ********************************************************************

    **************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

    2BCAC54ABCE}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

    2BCAC54ABCE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

    2BCAC54ABCE}\Implemented

    Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

    2BCAC54ABCE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

    00E0B65CB43}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

    00E0B65CB43}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

    00E0B65CB43}\Implemented

    Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

    00E0B65CB43}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dxnwsock.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

    CCC038DF0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

    CCC038DF0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

    CCC038DF0}\Implemented

    Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

    CCC038DF0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\igm32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

    2F8E70D91E4}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

    2F8E70D91E4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

    2F8E70D91E4}\Implemented

    Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

    2F8E70D91E4}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kfdpo.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

    D31148A8089}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

    D31148A8089}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

    D31148A8089}\Implemented

    Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

    D31148A8089}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sosinv.dll"
    "ThreadingModel"="Apartment"

    ********************************************************************

    **************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    ydpld.dll Wed 25 Oct 2006 15:25:02 A.... 126 976

    124,00 K
    m4460e~1.dll Mon 30 Oct 2006 19:20:30 ..S.R 235

    537 230,02 K
    cncs32.dll Fri 20 Oct 2006 11:30:34 A.... 172 032

    168,00 K
    s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904

    89,75 K

    4 items found: 4 files (1 H/S), 0 directories.
    Total of file sizes: 626 449 bytes 611,77 K
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 30 Oct 2006 21:53:00 A.... 236 004

    230,47 K
    atmtdd~1.tmp Thu 26 Oct 2006 19:08:26 A.... 0

    0,00 K

    2 items found: 2 files, 0 directories.
    Total of file sizes: 236 004 bytes 230,47 K
    ********************************************************************

    **************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 2B1B-1302

    R‚pertoire de C:\WINDOWS\System32

    30/10/2006 19:20 235ÿ537 m4460ehseh460.dll
    02/11/2004 08:39 <REP> Microsoft
    02/11/2004 08:18 <REP> dllcache
    1 fichier(s) 235ÿ537 octets
    2 R‚p(s) 50ÿ743ÿ967ÿ744 octets libres

    Encor merçi de ton aide.
    0
  17. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ok

    Ferme tous les programmes parce qu'il va y avoir reboot automatique.
    Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
    Ensuite choisis l'option 2 puis Entrée
    Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
    Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
    >> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
    Enfin poste ce 2ème rapport avec un nouveau rapport HijackThis.

    Je dois m'absenter.

    a+
    0
  18. anthony
     
    voici le 1er rapport de l2mfix, je pense que je l'ai réalisé correctement:

    L2mfix 051206
    Creating Account.
    La commande s'est termin‚e correctement.

    Adding Administrative privleges.
    Checking for L2MFix account(0=no 1=yes):
    1
    Granting SeDebugPrivilege to L2MFIX ... successful

    Running From:
    C:\WINDOWS\system32

    Killing Processes!
    Killing 'smss.exe'
    \SystemRoot\System32\smss.exe (596)
    Killing 'winlogon.exe'
    winlogon.exe (1308)
    Killing 'explorer.exe'
    C:\WINDOWS\Explorer.EXE (2568)
    Killing 'rundll32.exe'
    Restoring Sedebugprivilege:
    Granting SeDebugPrivilege to Administrateurs ... successful

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    1 fichier(s) copi‚(s).
    1 fichier(s) copi‚(s).
    Deleting: C:\WINDOWS\system32\m4460ehseh460.dll
    Successfully Deleted: C:\WINDOWS\system32\m4460ehseh460.dll
    Deleting: C:\WINDOWS\system32\guard.tmp
    Successfully Deleted: C:\WINDOWS\system32\guard.tmp

    msg11?.dll
    0 fichier(s) copi‚(s).
    Desktop.ini sucessfully removed

    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    The following are the files found:
    ****************************************************************************
    C:\WINDOWS\system32\m4460ehseh460.dll
    C:\WINDOWS\system32\guard.tmp

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ****************************************************************************
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dxnwsock.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\igm32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kfdpo.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sosinv.dll"
    "ThreadingModel"="Apartment"

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}"=-
    "{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}"=-
    "{D71B94EB-B141-420F-88E8-F84CCC038DF0}"=-
    "{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}"=-
    "{C8B6262B-8C09-46FB-AAFC-AD31148A8089}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}]
    [-HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}]
    [-HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}]
    [-HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}]
    [-HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "SV1"=""
    ****************************************************************************
    Desktop.ini Contents:
    ****************************************************************************
    [.ShellClassInfo]
    CLSID={645FF040-5081-101B-9F08-00AA002F954E}
    ****************************************************************************
    Checking for L2MFix account(0=no 1=yes):
    0
    Zipping up files for submission:
    adding: dlls/m4460ehseh460.dll (deflated 5%)
    adding: dlls/guard.tmp (deflated 5%)
    adding: backregs/notibac.reg (deflated 54%)
    adding: backregs/shell.reg (deflated 73%)
    adding: backregs/6D601CAA-FC33-4E67-98DE-02BCAC54ABCE.reg (deflated 70%)
    adding: backregs/D77A6346-A22D-4D4C-BE6F-000E0B65CB43.reg (deflated 70%)
    adding: backregs/D71B94EB-B141-420F-88E8-F84CCC038DF0.reg (deflated 70%)
    adding: backregs/EA8C1EC9-E541-4543-97D3-02F8E70D91E4.reg (deflated 70%)
    adding: backregs/C8B6262B-8C09-46FB-AAFC-AD31148A8089.reg (deflated 70%)

    et voilà celui de hijacktis:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:49:25, on 31/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\E_S00RP1.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\VeriSign\NAVI\naviagent.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SAgent4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\FNTS~1\winspool.exe
    C:\Program Files\?dobe\w?wexec.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\PROGRA~1\HP\PRODUC~1\bin\hprblog.exe
    c:\program files\internet explorer\iexplore.exe
    C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\scan.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
    O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe

    Merci pour ton aide.
    0
  19. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ok on verra pour le reste demain, je dois m'absenter.

    a+
    0
  20. anthony
     
    Re:

    J'ai un objet qui m'interresse fortement sur ebay mais je ne suis pas certain que mes données personnelles soient protégées a cause des virus certainement encore présent sur mon Pc.
    Est ce que je peut quand même acheté l'objet sur le site Ebay?
    car il parait que c'est un site trés sécurisé (avec paypal).

    Je souhaiterais que l'on puisse me répondre assez rapidement car la vente ce termine a 19h50.

    Merci a celui qui pourra me repondre rapidement.
    0
  • 1
  • 2
  • 3
  • 4