[Trojan] Infecté par VideoActiveXobject

Résolu
percy73 Messages postés 58 Date d'inscription   Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour à tous et à chacun,

Spybot me signale que je suis infecté par le trojan ZLOB.VideoActiveXobject
Je n' arrive pas à m' en débarrasser . J' ai corrigé le problème comme demandé par Spybot ,et il ne réapparait pas si je refais un scan dans la foulée; en revanche si je fais le scan après avoir relancé l' ordinateur le revoilà présent ! J' ai passé le scan d' Ad awer sans plus de succès. J'ai tourné longtemps sur le forum pour y trouver la solution et en désespoir de cause je joins à toute fin utile le log Hijakthis et celui de Smitfraudfix.

A noter que Bitdefender est désactvé et mon anti virus actif est AVAST

Je vous remercie de votre aide.

Logfile of HijackThis v1.99.1
Scan saved at 19:28:05, on 01/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT
O16 - DPF: {00330010-0000-0000-0000-000020160026} - http://207.234.185.217/installer/ABoxInst_int26.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

SmitFraudFix v2.144

Rapport fait à 19:33:50,17, 01/03/2007
Executé à partir de C:\Documents and Settings\nicolas.XXX\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nicolas.XXX

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\nicolas.XXX\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NICOLA~1.FAM\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
Configuration: Windows XP
Firefox 2.0.0.2

10 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Redemarre ton pc et copie colle le rapport de Spybot.

    a+
    1
    1. percy73 Messages postés 58 Date d'inscription   Statut Membre
       
      Bonjour Regis59 et merci de prendre en charge mon problème.

      Voici le rapport Spybot :

      ---- Search result list ---
      Zlob.VideoActiveXObject: Browser helper object (Clé du registre, nothing done)
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}

      Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
      C:\WINDOWS\SchedLgU.Txt

      Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
      C:\WINDOWS\System32\wbem\logs\wbemess.log

      Log: Shutdown: System32\wbem\logs\winmgmt.log (Sauver le fichier, nothing done)
      C:\WINDOWS\System32\wbem\logs\winmgmt.log

      Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
      C:\WINDOWS\System32\wbem\logs\wmiprov.log

      MS Media Player: Anonymous ID (Modification du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

      MS Direct3D: Most recent application (Modification du registre, nothing done)
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

      MS DirectDraw: Most recent application (Modification du registre, nothing done)
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

      MS Search Assistant: Typed search terms history (Clé du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Search Assistant\ACMru

      Windows Explorer: Recent wallpaper list (471 fichiers) (Clé du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

      Windows Explorer: User Assistant history IE (4 fichiers) (Clé du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

      Windows Explorer: User Assistant history files (34 fichiers) (Clé du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

      Windows Explorer: Recent file global history (Clé du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

      Windows Media SDK: Computer name (Modification du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

      Windows Media SDK: Unique ID (Modification du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

      Windows Media SDK: Volume serial number (Valeur du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

      WinZip: Number of times run (Modification du registre, nothing done)
      HKEY_USERS\S-1-5-21-1656570904-4111065519-4140757452-1006\Software\Nico Mak Computing\WinZip\rrs\Opened!=

      Cookie: Cookie (11) (Cookie, nothing done)


      Cache: Cache (130) (Cache, nothing done)



      --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

      2005-05-31 blindman.exe (1.0.0.1)
      2005-05-31 SpybotSD.exe (1.4.0.3)
      2005-05-31 TeaTimer.exe (1.4.0.2)
      2005-05-31 TeaTimer_original.exe (1.4.0.2)
      2007-02-27 unins000.exe (51.41.0.0)
      2005-05-31 Update.exe (1.4.0.0)
      2007-01-15 advcheck.dll (1.2.1.0)
      2005-05-31 aports.dll (2.1.0.0)
      2005-05-31 borlndmm.dll (7.0.4.453)
      2005-05-31 delphimm.dll (7.0.4.453)
      2005-05-31 SDHelper.dll (1.4.0.0)
      2007-01-02 Tools.dll (2.0.1.0)
      2005-05-31 UnzDll.dll (1.73.1.1)
      2005-05-31 ZipDll.dll (1.73.2.0)
      2007-02-28 Includes\Cookies.sbi (*)
      2006-12-08 Includes\Dialer.sbi (*)
      2007-02-28 Includes\DialerC.sbi (*)
      2007-02-07 Includes\Hijackers.sbi (*)
      2007-02-28 Includes\HijackersC.sbi (*)
      2006-10-27 Includes\Keyloggers.sbi (*)
      2007-02-28 Includes\KeyloggersC.sbi (*)
      2007-02-14 Includes\Malware.sbi (*)
      2007-02-28 Includes\MalwareC.sbi (*)
      2007-01-19 Includes\PUPS.sbi (*)
      2007-02-28 Includes\PUPSC.sbi (*)
      2007-02-28 Includes\Revision.sbi (*)
      2006-12-08 Includes\Security.sbi (*)
      2007-02-28 Includes\SecurityC.sbi (*)
      2007-02-02 Includes\Spybots.sbi (*)
      2007-02-28 Includes\SpybotsC.sbi (*)
      2005-02-17 Includes\Tracks.uti (*)
      2007-02-14 Includes\Trojans.sbi (*)
      2007-02-28 Includes\TrojansC.sbi (*)



      --- System information ---
      Windows XP (Build: 2600) Service Pack 1
      / Windows Media Player: Windows Media Update 819639
      / Windows Media Player: Windows Media Update 819756
      / Windows Media Player: Windows Media Update 823738
      / Windows XP / SP2: Correctif Windows XP - KB821557
      / Windows XP / SP2: Correctif Windows XP - KB823387
      / Windows XP / SP2: Correctif Windows XP - KB823559
      / Windows XP / SP2: Correctif Windows XP - KB824146
      / Windows XP / SP2: Correctif Windows XP - KB824920
      / Windows XP / SP2: Correctif Windows XP - KB828028
      / Windows XP / SP2: Correctif Windows XP - KB828035
      / Windows XP / SP2: Windows XP Hotfix (SP2) [See KB830786 for more information]
      / Windows XP / SP2: Package du correctif Windows XP [voir Q323255 pour plus de détails]
      / Windows XP / SP2: Correctif Windows XP (SP2) Q327979
      / Windows XP / SP2: Correctif Windows XP (SP2) Q328310
      / Windows XP / SP2: Correctif Windows XP (SP2) Q329112
      / Windows XP / SP2: Package du correctif Windows XP [voir Q329115 pour plus de détails]
      / Windows XP / SP2: Correctif Windows XP (SP2) Q329170
      / Windows XP / SP2: Package du correctif Windows XP [voir q329256 pour plus de détails]
      / Windows XP / SP2: Package du correctif Windows XP [voir Q329390 pour plus de détails]
      / Windows XP / SP2: Package du correctif Windows XP [voir Q329834 pour plus de détails]
      / Windows XP / SP2: Correctif Windows XP (SP2) Q329909
      / Windows XP / SP2: Correctif Windows XP (SP2) Q331953
      / Windows XP / SP2: Package du correctif Windows XP [voir Q331958 pour plus de détails]
      / Windows XP / SP2: Correctif Windows XP (SP2) Q810565
      / Windows XP / SP2: Correctif Windows XP (SP2) Q810577
      / Windows XP / SP2: Correctif Windows XP (SP2) Q810833
      / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q810934 for more information]
      / Windows XP / SP2: Correctif Windows XP (SP2) Q811009
      / Windows XP / SP2: Correctif Windows XP (SP2) Q811630
      / Windows XP / SP2: Correctif Windows XP (SP2) Q811632
      / Windows XP / SP2: Correctif Windows XP (SP2) Q811789
      / Windows XP / SP2: Correctif Windows XP (SP2) Q814033
      / Windows XP / SP2: Correctif Windows XP (SP2) Q814995
      / Windows XP / SP2: Correctif Windows XP (SP2) Q815021
      / Windows XP / SP2: Correctif Windows XP (SP2) Q815485
      / Windows XP / SP2: Correctif Windows XP (SP2) Q817287
      / Windows XP / SP2: Correctif Windows XP (SP2) Q817606
      / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q822688 for more information]
      / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q827356 for more information]
      / Windows XP / SP3: Windows Installer 3.1 (KB893803)


      --- Startup entries list ---
      Located: HK_LM:Run, !AVG Anti-Spyware
      command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      file:

      Located: HK_LM:Run, !AVG Anti-Spyware
      command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      file:

      Located: HK_LM:Run, avast!
      command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      size: 108160
      MD5: 26a15d8d5c81a3b053e82b01a5d8208e

      Located: HK_LM:Run, BDAgent
      command: "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      file: C:\Program Files\Softwin\BitDefender10\bdagent.exe
      size: 49152
      MD5: a50f7fee4d3ee86b18bfc3828c7ae573

      Located: HK_LM:Run, BDMCon
      command: "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      file: C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      size: 286720
      MD5: c34aa92483c727cca7407e81608e8ad4

      Located: HK_LM:Run, CamMonitor
      command: c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      file: c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      size: 90112
      MD5: c0de87745c950f2966394837c3683ae5

      Located: HK_LM:Run, ehTray
      command: C:\WINDOWS\ehome\ehtray.exe
      file: C:\WINDOWS\ehome\ehtray.exe
      size: 48128
      MD5: 5d3494ff7afdc1c75d9c56c17f57c0e7

      Located: HK_LM:Run, EPSON Stylus DX4200 Series
      command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
      file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
      size: 98304
      MD5: 118506090766f47b0eafe78e4680f30b

      Located: HK_LM:Run, HotKeysCmds
      command: C:\WINDOWS\System32\hkcmd.exe
      file: C:\WINDOWS\System32\hkcmd.exe
      size: 118784
      MD5: fdf30e15dfc8da6449fdc54946aa83ea

      Located: HK_LM:Run, HPHmon05
      command: C:\WINDOWS\System32\hphmon05.exe
      file: C:\WINDOWS\System32\hphmon05.exe
      size: 483328
      MD5: c39fcb57279d2c4d3235d31e43be4196

      Located: HK_LM:Run, hpsysdrv
      command: c:\windows\system\hpsysdrv.exe
      file: c:\windows\system\hpsysdrv.exe
      size: 52736
      MD5: 06a1ecb63df139ec639e084d4ab3c9d7

      Located: HK_LM:Run, KernelFaultCheck
      command: %systemroot%\system32\dumprep 0 -k
      file: C:\WINDOWS\system32\dumprep.exe
      size: 9216
      MD5: 71818ace5594a3b16d050b61f15ef7f1

      Located: HK_LM:Run, Microsoft Works Update Detection
      command: C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      file: C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      size: 50688
      MD5: 25d60f3cd198007541b422cd34e677ce

      Located: HK_LM:Run, NvCplDaemon
      command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      file: C:\WINDOWS\system32\RUNDLL32.EXE
      size: 32256
      MD5: ac0f912ea7571e9c1ad7b64c83f72bd9

      Located: HK_LM:Run, nwiz
      command: nwiz.exe /installquiet /keeploaded /nodetect
      file: C:\WINDOWS\system32\nwiz.exe
      size: 323584
      MD5: e9e39cbf6d6aade3cc82b6227157c548

      Located: HK_LM:Run, QuickTime Task
      command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
      file: C:\Program Files\QuickTime\qttask.exe
      size: 282624
      MD5: 383145864f6543c97a7e1b78505d2f1c

      Located: HK_LM:Run, Recguard
      command: C:\WINDOWS\SMINST\RECGUARD.EXE
      file: C:\WINDOWS\SMINST\RECGUARD.EXE
      size: 212992
      MD5: d3cc7a3813123e955b3a497c04b404e2

      Located: HK_LM:Run, Sunkist2k
      command: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      file: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      size: 139264
      MD5: 334e242417b1e66ecaf45d9dc62b288a

      Located: HK_LM:Run, WinLogon
      command: C:\WINDOWS\logon.exe
      file:

      Located: HK_LM:Run, WinMsg
      command: C:\WINDOWS\winmsgr.exe
      file:

      Located: HK_LM:Run, NeroFilterCheck (DISABLED)
      command: C:\WINDOWS\System32\NeroCheck.exe
      file: C:\WINDOWS\System32\NeroCheck.exe
      size: 155648
      MD5: 3e4c03cefad8de135263236b61a49c90

      Located: HK_CU:Run, Acme.PCHButton
      command: C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
      file: C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
      size: 155648
      MD5: 004e6249d5b93fae00b583af6afe98be

      Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
      command: "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      file: C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      size: 94208
      MD5: 7460f8a9edec9b00cf20dc401b7df6e2

      Located: HK_CU:Run, MSMSGS
      command: "C:\Program Files\Messenger\msmsgs.exe" /background
      file: C:\Program Files\Messenger\msmsgs.exe
      size: 1670144
      MD5: d494a82a823d155a182b1955aa71ad08

      Located: HK_CU:Run, NVIEW
      command: rundll32.exe nview.dll,nViewLoadHook
      file: C:\WINDOWS\system32\rundll32.exe
      size: 32256
      MD5: ac0f912ea7571e9c1ad7b64c83f72bd9

      Located: HK_CU:Run, SpybotSD TeaTimer
      command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      size: 1415824
      MD5: 8f1862afc3c79c0ea37621e87cc2fe6e

      Located: Démarrage (tous utilisateurs), Docteur Club Internet.lnk
      command: C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
      file: C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
      size: 217088
      MD5: 90aebccb2e6ab9180113f21792d11c32

      Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk
      command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      size: 233472
      MD5: 5dc79fa6e8a946b425dcbfc2447807f0

      Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
      command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
      file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
      size: 83360
      MD5: 5bc65464354a9fd3beaa28e18839734a

      Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
      command: C:\Program Files\WinZip\WZQKPICK.EXE
      file: C:\Program Files\WinZip\WZQKPICK.EXE
      size: 122880
      MD5: 87f2c8b29ac2fe10dc61aae942e0e420

      Located: System.ini, crypt32chain
      command: crypt32.dll
      file: crypt32.dll

      Located: System.ini, cryptnet
      command: cryptnet.dll
      file: cryptnet.dll

      Located: System.ini, cscdll
      command: cscdll.dll
      file: cscdll.dll

      Located: System.ini, igfxcui
      command: igfxsrvc.dll
      file: igfxsrvc.dll

      Located: System.ini, ScCertProp
      command: wlnotify.dll
      file: wlnotify.dll

      Located: System.ini, Schedule
      command: wlnotify.dll
      file: wlnotify.dll

      Located: System.ini, sclgntfy
      command: sclgntfy.dll
      file: sclgntfy.dll

      Located: System.ini, SensLogn
      command: WlNotify.dll
      file: WlNotify.dll

      Located: System.ini, termsrv
      command: wlnotify.dll
      file: wlnotify.dll

      Located: System.ini, wlballoon
      command: wlnotify.dll
      file: wlnotify.dll



      --- Browser helper object list ---
      {4F7F2319-1C83-0389-44AC-9B0518199108} ()
      BHO name:
      CLSID name:

      {53707962-6F74-2D53-2644-206D7942484F} ()
      BHO name:
      CLSID name:
      description: Spybot-S&D IE Browser plugin
      classification: Legitimate
      known filename: SDhelper.dll
      info link: http://spybot.eon.net.au/
      info source: Patrick M. Kolla
      Path: C:\PROGRA~1\SPYBOT~1\
      Long name: SDHelper.dll
      Short name:
      Date (created): 27/02/2007 06:13:26
      Date (last access): 02/03/2007 05:31:54
      Date (last write): 31/05/2005 01:04:00
      Filesize: 853672
      Attributes: archive
      MD5: 250D787A5712D7768DDC133B3E477759
      CRC32: D4589A41
      Version: 1.4.0.0

      {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
      BHO name:
      CLSID name:

      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      BHO name:
      CLSID name: SSVHelper Class
      Path: C:\Program Files\Java\jre1.5.0_10\bin\
      Long name: ssv.dll
      Short name:
      Date (created): 09/11/2006 15:07:34
      Date (last access): 01/03/2007 20:33:06
      Date (last write): 09/11/2006 15:21:52
      Filesize: 440056
      Attributes: archive
      MD5: BC7A3C412FE12F471603473294CEEEBE
      CRC32: 40152D34
      Version: 5.0.100.3



      --- ActiveX list ---
      Microsoft XML Parser for Java (Microsoft XML Parser for Java)
      DPF name: Microsoft XML Parser for Java
      CLSID name:
      Installer:
      Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
      description:
      classification: Legitimate
      known filename: %WINDIR%\Java\classes\xmldso.cab
      info link:
      info source: Patrick M. Kolla

      {00330010-0000-0000-0000-000020160026} ()
      DPF name:
      CLSID name:
      Installer:
      Codebase: http://207.234.185.217/installer/ABoxInst_int26.exe

      {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
      DPF name:
      CLSID name: Checkers Class
      Installer:
      Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      description:
      classification: Legitimate
      known filename: msgrchkr.dll
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: msgrchkr.dll
      Short name:
      Date (created): 29/05/2003 14:00:18
      Date (last access): 02/03/2007 05:24:14
      Date (last write): 29/05/2003 14:00:18
      Filesize: 77408
      Attributes: archive
      MD5: 42D567DF86B9B7AC4A89664C9651B68B
      CRC32: 47FF3D19
      Version: 7.1.9502.1

      {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
      DPF name:
      CLSID name: QuickTime Object
      Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
      Codebase: http://www.apple.com/qtactivex/qtplugin.cab
      description: Apple Quicktime
      classification: Legitimate
      known filename: QTPLUGIN.OCX
      info link:
      info source: Patrick M. Kolla
      Path: C:\Program Files\QuickTime\
      Long name: QTPlugin.ocx
      Short name:
      Date (created): 10/09/2006 11:24:06
      Date (last access): 01/03/2007 20:33:10
      Date (last write): 10/09/2006 11:24:06
      Filesize: 557056
      Attributes: archive
      MD5: 2DA25D5262D714BFA420D6DE849E67A1
      CRC32: 0098926B
      Version: 7.1.0.210

      {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\egaccess4.inf
      Codebase: http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab

      {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control)
      DPF name:
      CLSID name: France Telecom MDM ActiveX Control
      Installer: C:\WINDOWS\Downloaded Program Files\MDM.inf
      Codebase: http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
      description:
      classification: Open for discussion
      known filename: MDM.ocx
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\
      Long name: MDM.ocx
      Short name:
      Date (created): 23/06/2005 07:40:30
      Date (last access): 26/02/2007 19:41:26
      Date (last write): 23/06/2005 07:40:30
      Filesize: 393216
      Attributes: archive
      MD5: 07D9EB8205B69FF7C830AE3E389541D2
      CRC32: E10DA2ED
      Version: 1.4.0.1

      {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.11\USDR6V_0001_D18M3107NetInstaller.inf
      Codebase: http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab

      {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
      DPF name:
      CLSID name: MessengerStatsClient Class
      Installer:
      Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      description:
      classification: Legitimate
      known filename: MessengerStatsPAClient.dll
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: MessengerStatsPAClient.dll
      Short name: MESSEN~2.DLL
      Date (created): 06/04/2004 18:03:54
      Date (last access): 02/03/2007 05:24:14
      Date (last write): 06/04/2004 18:03:54
      Filesize: 172072
      Attributes: archive
      MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
      CRC32: 76C3823D
      Version: 9.2.7513.1

      {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} ()
      DPF name:
      CLSID name:
      Installer:
      Codebase: http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
      description:
      classification: Confirmed as malware
      known filename:
      info link:
      info source: Safer Networking Ltd.

      {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v)
      DPF name:
      CLSID name: VacPro.int_ver40v
      Installer: C:\WINDOWS\Downloaded Program Files\int_ver40v.INF
      Codebase: http://advnt01.com/dialer/intES_ver40v.CAB
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: int_ver40v.ocx
      Short name: INT_VE~1.OCX
      Date (created): 13/12/2006 13:16:24
      Date (last access): 26/02/2007 19:41:52
      Date (last write): 13/12/2006 13:16:24
      Filesize: 57344
      Attributes: archive
      MD5: 847255967FE23631CA34F2051B5C9D21
      CRC32: 078C1C19
      Version: 1.0.0.0

      {1D6711C8-7154-40BB-8380-3DEA45B69CBF} ()
      DPF name:
      CLSID name:
      Installer:
      Codebase:
      description:
      classification: Confirmed as malware
      known filename: WebP2PInstaller.dll
      info link:
      info source: Safer Networking Ltd.

      {1F2F4C9E-6F09-47BC-970D-3C54734667FE} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf
      Codebase: https://support.norton.com/sp/en/us/home/current/info
      description:
      classification: Legitimate
      known filename: LSSupCtl.dll
      info link:
      info source: Safer Networking Ltd.

      {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\EasyPack.inf
      Codebase: http://acces.blonde.com/package/op/PackageHtmlCab.CAB
      description:
      classification: Confirmed as malware
      known filename: PackageHtml.dll
      info link:
      info source: Safer Networking Ltd.

      {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
      DPF name:
      CLSID name: Minesweeper Flags Class
      Installer:
      Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      description:
      classification: Legitimate
      known filename: minesweeper.dll
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: minesweeper.dll
      Short name: MINESW~1.DLL
      Date (created): 29/05/2003 14:00:22
      Date (last access): 02/03/2007 05:24:14
      Date (last write): 29/05/2003 14:00:22
      Filesize: 84064
      Attributes: archive
      MD5: F951FD0EA383DF2D49CA0359E4A86968
      CRC32: 50A69718
      Version: 7.1.9502.1

      {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
      DPF name:
      CLSID name: Symantec AntiVirus scanner
      Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
      Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      description: Symantec online scanner
      classification: Legitimate
      known filename: AVSNIFF.DLL
      info link:
      info source: Patrick M. Kolla
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: avsniff.dll
      Short name:
      Date (created): 20/04/2006 12:36:16
      Date (last access): 02/03/2007 05:24:14
      Date (last write): 20/04/2006 12:36:16
      Filesize: 231072
      Attributes: archive
      MD5: 9520F9523D9E1F7C5CDB6775A1B5E3D0
      CRC32: 54141B8E
      Version: 2006.2.22.58

      {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6V_0001_D19M0709NetInstaller.inf
      Codebase: https://www.afternic.com/domains/drivecleaner.com

      {2F003D51-39FD-4D18-9016-95CF70B92ABE} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\Install.inf
      Codebase: http://download.movienetworks.com/install/US/altpmtscab.cab

      {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
      DPF name:
      CLSID name: YInstStarter Class
      Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
      Codebase: http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
      description: Yahoo! Installation helper
      classification: Legitimate
      known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
      info link:
      info source: Patrick M. Kolla
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: yinsthelper.dll
      Short name: YINSTH~1.DLL
      Date (created): 01/06/2004 13:36:58
      Date (last access): 02/03/2007 05:24:16
      Date (last write): 01/06/2004 13:36:58
      Filesize: 141312
      Attributes: archive
      MD5: 508DA8ADF7BE51C22D13D02845FB431E
      CRC32: 87D8A7AB
      Version: 2004.6.1.1

      {33564D57-0000-0010-8000-00AA00389B71} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
      Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
      description:
      classification: Legitimate
      known filename:
      info link:
      info source: Safer Networking Ltd.

      {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
      DPF name:
      CLSID name: MSN Photo Upload Tool
      Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MSNPupld.inf
      Codebase: http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
      description:
      classification: Legitimate
      known filename: MsnPUpld.dll
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\
      Long name: MsnPUpld.dll
      Short name:
      Date (created): 08/10/2004 15:01:22
      Date (last access): 26/02/2007 19:41:52
      Date (last write): 08/10/2004 15:01:22
      Filesize: 372736
      Attributes: archive
      MD5: D2ED523BB0FE94F8F492BEFE1C336040
      CRC32: C4677625
      Version: 10.0.910.0

      {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} ()
      DPF name:
      CLSID name:
      Installer:
      Codebase:

      {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
      DPF name:
      CLSID name: Symantec RuFSI Utility Class
      Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
      Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      description:
      classification: Legitimate
      known filename: rufsi.dll
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: rufsi.dll
      Short name:
      Date (created): 20/04/2006 12:43:06
      Date (last access): 02/03/2007 05:24:16
      Date (last write): 20/04/2006 12:43:06
      Filesize: 161480
      Attributes: archive
      MD5: 3CB430974D11764CEEFB3120876BFB1F
      CRC32: C269885A
      Version: 2006.2.15.43

      {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\svcia32.inf
      Codebase: http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab

      {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
      DPF name: Java Runtime Environment 1.5.0
      CLSID name: Java Plug-in 1.5.0_10
      Installer:
      Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
      description: Sun Java
      classification: Legitimate
      known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
      info link:
      info source: Patrick M. Kolla
      Path: C:\Program Files\Java\jre1.5.0_10\bin\
      Long name: NPJPI150_10.dll
      Short name: NPJPI1~1.DLL
      Date (created): 09/11/2006 15:07:34
      Date (last access): 22/02/2007 18:42:58
      Date (last write): 09/11/2006 15:21:54
      Filesize: 75528
      Attributes: archive
      MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
      CRC32: 0C9B7145
      Version: 5.0.100.3

      {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
      DPF name:
      CLSID name: MessengerStatsClient Class
      Installer:
      Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      description:
      classification: Legitimate
      known filename: messengerstatsclient.dll
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: messengerstatsclient.dll
      Short name: MESSEN~1.DLL
      Date (created): 29/05/2003 14:00:20
      Date (last access): 02/03/2007 05:24:14
      Date (last write): 29/05/2003 14:00:20
      Filesize: 160864
      Attributes: archive
      MD5: B069B555A00AA026F657AA4FD13AE154
      CRC32: 89BB01E1
      Version: 7.1.9502.1

      {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
      DPF name:
      CLSID name: ZoneIntro Class
      Installer:
      Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      description:
      classification: Legitimate
      known filename: ZIntro.ocx
      info link:
      info source: Safer Networking Ltd.
      Path: C:\WINDOWS\Downloaded Program Files\
      Long name: Zintro.ocx
      Short name:
      Date (created): 17/11/2004 21:44:52
      Date (last access): 22/02/2007 18:45:36
      Date (last write): 17/11/2004 21:44:52
      Filesize: 114728
      Attributes: archive
      MD5: F94C4867418A1CA860D784CCD807740B
      CRC32: 5DCE6500
      Version: 9.3.2846.1

      {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
      DPF name: Java Runtime Environment 1.5.0
      CLSID name: Java Plug-in 1.5.0_10
      Installer:
      Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
      Path: C:\Program Files\Java\jre1.5.0_10\bin\
      Long name: NPJPI150_10.dll
      Short name: NPJPI1~1.DLL
      Date (created): 09/11/2006 15:07:34
      Date (last access): 02/03/2007 05:36:54
      Date (last write): 09/11/2006 15:21:54
      Filesize: 75528
      Attributes: archive
      MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
      CRC32: 0C9B7145
      Version: 5.0.100.3

      {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
      DPF name: Java Runtime Environment 1.5.0
      CLSID name: Java Plug-in 1.5.0_10
      Installer:
      Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
      description:
      classification: Legitimate
      known filename: npjpi150_06.dll
      info link:
      info source: Safer Networking Ltd.
      Path: C:\Program Files\Java\jre1.5.0_10\bin\
      Long name: NPJPI150_10.dll
      Short name: NPJPI1~1.DLL
      Date (created): 09/11/2006 15:07:34
      Date (last access): 02/03/2007 05:36:54
      Date (last write): 09/11/2006 15:21:54
      Filesize: 75528
      Attributes: archive
      MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
      CRC32: 0C9B7145
      Version: 5.0.100.3

      {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ()
      DPF name:
      CLSID name:
      Installer:
      Codebase: https://support.norton.com/sp/en/us/home/current/info
      description:
      classification: Legitimate
      known filename: SymAData.dll
      info link:
      info source: Safer Networking Ltd.

      {D27CDB6E-AE6D-0000-0000-000000000000} ()
      DPF name:
      CLSID name:
      Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
      Codebase: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      description:
      classification: Legitimate
      known filename:
      info link:
      info source: Safer Networking Ltd.

      {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
      DPF name:
      CLSID name: Shockwave Flash Object
      Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
      Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      description: Macromedia Shockwave Flash Player
      classification: Legitimate
      known filename:
      info link:
      info source: Patrick M. Kolla
      Path: C:\WINDOWS\System32\Macromed\Flash\
      Long name: Flash9b.ocx
      Short name:
      Date (created): 09/11/2006 14:46:28
      Date (last access): 01/03/2007 21:13:22
      Date (last write): 09/11/2006 14:46:28
      Filesize: 2262648
      Attributes: readonly archive
      MD5: F3B3EE66CA76C94510555ABE9D00A353
      CRC32: A51F3CB4
      Version: 9.0.28.0

      {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class)
      DPF name:
      CLSID name: IgbInstall Class
      Installer: C:\WINDOWS\Downloaded Program Files\AxInst.inf
      Codebase: http://www.internetgamebox.com/content/AxInst.cab



      --- Process list ---
      PID: 0 ( 0) [System]
      PID: 820 ( 4) \SystemRoot\System32\smss.exe
      PID: 900 ( 820) \??\C:\WINDOWS\system32\winlogon.exe
      PID: 948 ( 900) C:\WINDOWS\system32\services.exe
      size: 101888
      MD5: FC0691097471EE374907E1024EDCBD43
      PID: 960 ( 900) C:\WINDOWS\system32\lsass.exe
      size: 11776
      MD5: B7B1C150AFF59455DB4DF082815F88F5
      PID: 1148 ( 948) C:\WINDOWS\system32\svchost.exe
      size: 12800
      MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
      PID: 1220 ( 948) C:\WINDOWS\System32\svchost.exe
      size: 12800
      MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
      PID: 1560 ( 948) C:\WINDOWS\system32\spoolsv.exe
      size: 51200
      MD5: B1CE5287F096895D9BE26EB86F4D5FAF
      PID: 1716 ( 948) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      size: 59008
      MD5: DC995DA2D258C0590C3AE07EC68BFEE6
      PID: 1732 ( 948) C:\Program Files\Alwil Software\Avast4\ashServ.exe
      size: 132736
      MD5: 8E33DA0415023EA7A9378AFA04D9BF4D
      PID: 1804 ( 948) C:\WINDOWS\System32\nvsvc32.exe
      size: 77824
      MD5: 88A8CFCD2BC3FF1484901CE985782E6E
      PID: 1848 ( 948) C:\WINDOWS\System32\svchost.exe
      size: 12800
      MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
      PID: 2016 ( 948) C:\WINDOWS\System32\MsPMSPSv.exe
      size: 53520
      MD5: 581176F60885AEF8F78C6E38DCC3CDF9
      PID: 256 ( 948) C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      size: 86016
      MD5: B31359D3CD699A484AF46477231C019C
      PID: 324 ( 948) C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      size: 233472
      MD5: 6BF9E4B716E6A57B811277F51A283EA8
      PID: 656 ( 948) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      size: 255616
      MD5: AA6691D73782FA5D94E0CED6D27C3DE8
      PID: 684 ( 948) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      size: 370304
      MD5: D6B2638DDBFB34AC78B153CDD0792C37
      PID: 1332 (1552) C:\WINDOWS\Explorer.EXE
      size: 1008128
      MD5: 82FE0D400CB1AC937234467B927B867A
      PID: 1880 (1332) C:\WINDOWS\ehome\ehtray.exe
      size: 48128
      MD5: 5D3494FF7AFDC1C75D9C56C17F57C0E7
      PID: 1532 (1148) C:\WINDOWS\ehome\ehmsas.exe
      size: 45056
      MD5: 7CB6751726FACA02AD1617FC58452CF1
      PID: 1912 (1332) C:\windows\system\hpsysdrv.exe
      size: 52736
      MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
      PID: 2036 (1332) C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      size: 90112
      MD5: C0DE87745C950F2966394837C3683AE5
      PID: 2060 (1332) C:\WINDOWS\System32\hphmon05.exe
      size: 483328
      MD5: C39FCB57279D2C4D3235D31E43BE4196
      PID: 2224 (1332) C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      size: 139264
      MD5: 334E242417B1E66ECAF45D9DC62B288A
      PID: 2232 (1332) C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      size: 50688
      MD5: 25D60F3CD198007541B422CD34E677CE
      PID: 2248 (1332) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
      size: 98304
      MD5: 118506090766F47B0EAFE78E4680F30B
      PID: 2264 (1332) C:\Program Files\QuickTime\qttask.exe
      size: 282624
      MD5: 383145864F6543C97A7E1B78505D2F1C
      PID: 2392 (1332) C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      size: 286720
      MD5: C34AA92483C727CCA7407E81608E8AD4
      PID: 2428 (1332) C:\Program Files\Softwin\BitDefender10\bdagent.exe
      size: 49152
      MD5: A50F7FEE4D3EE86B18BFC3828C7AE573
      PID: 2456 (1332) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      size: 108160
      MD5: 26A15D8D5C81A3B053E82B01A5D8208E
      PID: 2700 (1332) C:\Program Files\Messenger\msmsgs.exe
      size: 1670144
      MD5: D494A82A823D155A182B1955AA71AD08
      PID: 2852 (1332) C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      size: 94208
      MD5: 7460F8A9EDEC9B00CF20DC401B7DF6E2
      PID: 2856 (2536) C:\WINDOWS\System32\rundll32.exe
      size: 32256
      MD5: AC0F912EA7571E9C1AD7B64C83F72BD9
      PID: 2888 (1332) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      size: 1415824
      MD5: 8F1862AFC3C79C0EA37621E87CC2FE6E
      PID: 2928 (1332) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      size: 233472
      MD5: 5DC79FA6E8A946B425DCBFC2447807F0
      PID: 2972 (1332) C:\Program Files\WinZip\WZQKPICK.EXE
      size: 122880
      MD5: 87F2C8B29AC2FE10DC61AAE942E0E420
      PID: 2992 (2916) C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
      size: 192512
      MD5: 73326679718E5529160B3802D0AB8527
      PID: 3272 (1332) C:\Program Files\Mozilla Firefox\firefox.exe
      size: 7633008
      MD5: E616465EE8C3ADF883A71AEE2F1D31F7
      PID: 3720 (1332) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
      size: 4393096
      MD5: 09CA174A605B480318731E691DC98539
      PID: 3412 ( 948) C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      size: 81920
      MD5: A20EB9A2772C8D2130FF10783E9B42EA
      PID: 3540 ( 948) C:\Program Files\Softwin\BitDefender10\vsserv.exe
      size: 389120
      MD5: 2086EA85A3E11809F8BE578E459C82A3
      PID: 4 ( 0) System
      PID: 872 ( 820) csrss.exe
      PID: 1356 ( 948) svchost.exe
      PID: 1388 ( 948) svchost.exe
      PID: 1964 ( 948) wdfmgr.exe


      --- Browser start & search pages list ---
      Spybot - Search & Destroy browser pages report, 02/03/2007 05:36:54

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
      C:\WINDOWS\System32\blank.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
      C:\WINDOWS\local.html
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
      https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
      http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL
      about:blank
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
      http://www.google.com/keyword/%s
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
      %SystemRoot%\system32\blank.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
      http://srch-fr9.hpwis.com/
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
      https://www.europe-echecs.com/
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


      --- Winsock Layered Service Provider list ---
      Protocol 0: MSAFD Tcpip [TCP/IP]
      GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP IP protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD Tcpip [*]

      Protocol 1: MSAFD Tcpip [UDP/IP]
      GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP IP protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD Tcpip [*]

      Protocol 2: MSAFD Tcpip [RAW/IP]
      GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP IP protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD Tcpip [*]

      Protocol 3: RSVP UDP Service Provider
      GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
      Filename: %SystemRoot%\system32\rsvpsp.dll
      Description: Microsoft Windows NT/2k/XP RVSP
      DB filename: %SystemRoot%\system32\rsvpsp.dll
      DB protocol: RSVP * Service Provider

      Protocol 4: RSVP TCP Service Provider
      GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
      Filename: %SystemRoot%\system32\rsvpsp.dll
      Description: Microsoft Windows NT/2k/XP RVSP
      DB filename: %SystemRoot%\system32\rsvpsp.dll
      DB protocol: RSVP * Service Provider

      Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FBDA286C-1B92-4548-A5F5-9CF288A37424}] SEQPACKET 4
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FBDA286C-1B92-4548-A5F5-9CF288A37424}] DATAGRAM 4
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44F48D6E-05DB-4346-881E-5D03825350FB}] SEQPACKET 3
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44F48D6E-05DB-4346-881E-5D03825350FB}] DATAGRAM 3
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}] SEQPACKET 0
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}] DATAGRAM 0
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA4F2EE9-66B3-46B9-B9FC-FB057607ECBF}] SEQPACKET 1
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA4F2EE9-66B3-46B9-B9FC-FB057607ECBF}] DATAGRAM 1
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C22368B-981C-46DD-A338-FF23089C40D6}] SEQPACKET 2
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C22368B-981C-46DD-A338-FF23089C40D6}] DATAGRAM 2
      GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
      Filename: %SystemRoot%\system32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP NetBios protocol
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: MSAFD NetBIOS *

      Namespace Provider 0: TCP/IP
      GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
      Filename: %SystemRoot%\System32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: TCP/IP

      Namespace Provider 1: NTDS
      GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
      Filename: %SystemRoot%\System32\winrnr.dll
      Description: Microsoft Windows NT/2k/XP name space provider
      DB filename: %SystemRoot%\system32\winrnr.dll
      DB protocol: NTDS

      Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
      GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
      Filename: %SystemRoot%\System32\mswsock.dll
      Description: Microsoft Windows NT/2k/XP name space provider
      DB filename: %SystemRoot%\system32\mswsock.dll
      DB protocol: NLA-Namespace



      --- Uninstall list ---
      AnyDVD (AnyDVD)
      install location: C:\Program Files\SlySoft\AnyDVD
      uninstall cmd: "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
      publisher: SlySoft

      avast! Antivirus 4.7 (avast!)
      version (major): 4
      version (minor): 7
      install location: C:\PROGRA~1\ALWILS~1\Avast4
      install source: C:\DOCUME~1\NICOLA~1.FAM\Bureau
      uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
      publisher: Alwil Software
      help link: https://www.avast.com/fr-fr/index

      (CADI)
      uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove

      CCleaner (remove only) (CCleaner)
      uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

      (Connection Manager)

      (Creative Audio CD Ripper)
      uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove

      Creative Driver (Creative Driver)
      uninstall cmd: C:\WINDOWS\System32\ctdrvins /s /u

      Gestionnaire de disques amovible Creative (Creative Removable Disk Manager)
      uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove

      (Creative Sync Manager (Unicode))
      uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c /remove

      (Creative Video Converter)
      uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c /remove

      DVD Shrink 3.2 (DVD Shrink_is1)
      install location: C:\Program Files\DVD Shrink\
      uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe"
      publisher: DVD Shrink
      help link: http://www.dvdshrink.org

      EPSON Logiciel imprimante (EPSON Printer and Utilities)
      uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

      EPSON Scan (EPSON Scanner)
      uninstall cmd: C:\Program Files\epson\escndv\setup\setup.exe /r

      ESDX4800_4200 Guide util. (ESDX4800_4200 Guide util.)
      install location: C:\Program Files\EPSON\TPMANUAL\ESDX4800_4200\USE_G
      uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESDX4800_4200\USE_G\DOCUNINS.EXE

      HijackThis 1.99.1 1.99.1 (HijackThis)
      uninstall cmd: C:\HTJ\HijackThis.exe /uninstall
      publisher: Soeperman Enterprises Ltd.

      Photo et imagerie HP 3.1 3.1 (HP Photo & Imaging)
      uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
      publisher: HP
      help link: https://support.hp.com/us-en?openCLC=true

      Internet Explorer Q832894 (ieupdate)
      uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf

      IncrediMail Xe (IncrediMail)
      uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log

      (InstallShield Uninstall Information)

      Connexion Facile à Internet FE UI-2.2.0.937 (InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927})
      version: 33554432
      version (major): 2
      estimated size: 2940
      install date: 20031027
      install source: C:\hp\tmp\src\
      uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036
      publisher: Hewlett-Packard

      Multimedia Card Reader 6.09 (InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78})
      version: 101253120
      version (major): 6
      version (minor): 9
      estimated size: 429
      install date: 20050817
      install source: C:\WINDOWS\Downloaded Installations\{AF17DDF5-7265-4D19-AEE1-9D4BC1CE40B7}\
      uninstall cmd: C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}

      EPSON Attach To Email 1.01.0000 (InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5})
      version: 16842752
      version (major): 1
      version (minor): 1
      install date: 20060328
      install location: C:\Program Files\EPSON\Creativity Suite\Attach To Email\
      install source: E:\COMMON\CreativitySuite\AttachToEmail\
      uninstall cmd: C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
      publisher: SEIKO EPSON
      comments: Attach To Email - Email support app
      help link: https://epson.com/

      QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
      version: 117506048
      version (major): 7
      version (minor): 1
      estimated size: 71615
      install date: 20060910
      install location: C:\Program Files\QuickTime\
      install source: C:\DOCUME~1\NICOLA~1.FAM\LOCALS~1\Temp\_isB9A\
      uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1036
      publisher: Apple Computer, Inc.
      contact: Assistance AppleCare
      help link: https://support.apple.com/fr-fr
      help telephone: (33) 0825 888 024

      Jéroboam 6.03 (Jeroboam_is1)
      install date: 20070211
      install location: C:\Program Files\JeroboamV6\
      uninstall cmd: "C:\Program Files\JeroboamV6\unins000.exe"
      help link: http://www.jeroboam.fr

      (KB884016)

      3.1 (KB893803)
      help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

      Language pack for Ad-Aware SE (Language pack for Ad-Aware SE)
      uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
      publisher: Lavasoft
      help link: http://www.lavasoft.de

      5.8.15.asst_classic.asst_install (LE COMPAGNON CLUB)
      uninstall cmd: C:\PROGRA~1\CLUB-I~1\LECOMP~1\Uninstall.exe TONLFR
      publisher: Motive Communications, Inc.

      (Microsoft Interactive Training)
      uninstall cmd: C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

      Mozilla Firefox (2.0.0.2) 2.0.0.2 (fr) (Mozilla Firefox (2.0.0.2))
      install location: C:\Program Files\Mozilla Firefox
      uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      publisher: Mozilla
      comments: Mozilla Firefox

      (MSI30-Beta1)

      (MSI30-Beta2)

      (MSI30-KB884016)

      (MSI30-RC1)

      (MSI30-RC2)

      (MSI30a-KB884016)

      (MSI31-Beta)

      (MSI31-RC1)

      (Nero - Burning Rom!UninstallKey)
      uninstall cmd: C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

      (NeroBackItUp!UninstallKey)
      uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

      (NeroMediaHome!UninstallKey)
      uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

      (NeroRecode!UninstallKey)
      uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL

      (NeroShowTime!UninstallKey)
      uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

      (NVIDIA)
      uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf

      NVIDIA GART Driver (NVIDIA GART Driver)
      uninstall cmd: C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver

      Outlook Express Update Q330994 (oeupdate)
      uninstall cmd: C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf

      (PCHealth)
      uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

      Microsoft Picture It! Photo Premium 9 9.0.0.0000 (PictureIt_v9)
      install location: C:\Program Files\Microsoft Picture It! 9\
      install source: E:\pip\
      uninstall cmd: C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
      publisher: Microsoft Corporation
      0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)

    O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)

    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)

    O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

    O16 - DPF: {00330010-0000-0000-0000-000020160026} - http://207.234.185.217/installer/ABoxInst_int26.exe

    O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab

    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/

    O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB

    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB

    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com

    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab

    O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -

    O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} (IgbInstall Class) - http://www.internetgamebox.com/content/AxInst.cab

    Fermes HijackThis.

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    0
    1. percy73 Messages postés 58 Date d'inscription   Statut Membre
       
      Bonsoir,

      J' ai fais tout ce qui était prescrit en espérant avoir bien tout compris

      Ci-dessous les rapprots demandés

      Merci encore de ton aide

      a+


      SDFix: Version 1.69

      Run by nicolas - 02/03/2007 @ 18:47:51,06

      Microsoft Windows XP [version 5.1.2600]

      Running From: C:\SDFix

      Safe Mode:
      Checking Services:

      Path:



      Restoring Windows Registry Entries
      Restoring Default Hosts File


      Rebooting...

      Normal Mode:
      Checking Files:

      Below files will be copied to Backups folder then removed:

      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\kit14.tmp.exe - Deleted



      ADS Check:

      C:\WINDOWS\system32
      No streams found.


      Final Check:

      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


      Remaining Files:
      ---------------

      Backups Folder: - C:\SDFix\backups\backups.zip


      Checking For Files with Hidden Attributes :

      C:\Documents and Settings\Administrateur.FAMILLELETRONE\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\Documents and Settings\Default User\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\Documents and Settings\nicolas.FAMILLELETRONE\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\WINDOWS\SMINST\HPCD.sys

      Add/Remove Programs List:

      AnyDVD
      avast! Antivirus
      CCleaner (remove only)
      Creative Driver
      Gestionnaire de disques amovible Creative
      DVD Shrink 3.2
      EPSON Logiciel imprimante
      EPSON Scan
      ESDX4800_4200 Guide util.
      HijackThis 1.99.1
      Photo et imagerie HP 3.1
      Internet Explorer Q832894
      IncrediMail Xe
      Connexion Facile … Internet
      Multimedia Card Reader
      EPSON Attach To Email
      QuickTime
      J‚roboam 6.03
      Language pack for Ad-Aware SE
      Mozilla Firefox (2.0.0.2)
      Commande ECHO d‚sactiv‚e.
      NVIDIA GART Driver
      Outlook Express Update Q330994
      Microsoft Picture It! Photo Premium 9
      Correctif Windows XP (SP2) Q327979
      Correctif Windows XP (SP2) Q328310
      Correctif Windows XP (SP2) Q329112
      Package du correctif Windows XP [voir Q329115 pour plus de d‚tails]
      Correctif Windows XP (SP2) Q329170
      Package du correctif Windows XP [voir q329256 pour plus de d‚tails]
      Package du correctif Windows XP [voir Q329390 pour plus de d‚tails]
      Package du correctif Windows XP [voir Q329834 pour plus de d‚tails]
      Correctif Windows XP (SP2) Q329909
      Correctif Windows XP (SP2) Q331953
      Package du correctif Windows XP [voir Q331958 pour plus de d‚tails]
      Correctif Windows XP (SP2) Q810565
      Correctif Windows XP (SP2) Q810577
      Correctif Windows XP (SP2) Q810833
      Correctif Windows XP (SP2) Q811009
      Correctif Windows XP (SP2) Q811632
      Correctif Windows XP (SP2) Q811789
      Correctif Windows XP (SP2) Q814033
      Correctif Windows XP (SP2) Q814995
      Correctif Windows XP (SP2) Q815021
      Correctif Windows XP (SP2) Q815485
      Correctif Windows XP (SP2) Q817287
      Correctif Windows XP (SP2) Q817606
      Adobe Flash Player 9 ActiveX
      Spybot - Search & Destroy 1.4
      SpywareBlaster v3.5.1
      Starcraft
      LE COMPAGNON CLUB
      Lecteur Windows Mediaÿ10
      Archiveur WinRAR
      WinZip
      S‚lecteur d'installation de Microsoft Worksÿ2004
      XviD MPEG-4 Video Codec
      ZENcast Organizer
      Connexion Facile … Internet
      Fritz8
      AiO_Scan
      Multimedia Card Reader
      EPSON Attach To Email
      HpSdpAppCoreApp
      EPSON Scan Assistant
      Google Toolbar for Firefox
      DocProc
      EPSON Image Clip Palette
      Creative ZEN Vision M Series
      J2SE Runtime Environment 5.0 Update 10
      BitDefender Internet Security v10
      HPSystemDiagnostics
      Photosmart 140,240,7200,7600,7700,7900 Series
      SkinsHP1
      Readme
      QuickProjects
      HP Photo and Imaging 2.0 - Photosmart Cameras
      EPSON Easy Photo Print
      EPSON Copy Utility 3
      Compl‚ment Microsoft Word pour Microsoft Works Suite
      InstantShare
      Ad-Aware SE Personal
      PSShortcutsP
      EPSON Web-To-Page
      Director
      QFolder
      Intel(R) Extreme Graphics 2 Driver
      Visual J# .NET Redistributable Package
      Microsoft Word 2002
      Scan
      RecordNow!
      Nero 7 Premium
      hpmdtab
      CreativeProjects
      MSN Messenger 7.5
      Fax
      QuickTime
      AiOSoftware
      PhotoGallery
      TuneUp Utilities 2007
      Microsoft .NET Framework 1.1
      HP Software Update
      TrayApp
      PrintScreen
      Copy
      SkinsHP2
      Microsoft Picture It! Photo Premium 9
      Unload
      Microsoft Works
      EPSON File Manager
      AIOMinimal
      HPIZ311
      HP PSC & OfficeJet 3.0
      HP Deskjet Preloaded Printer Drivers
      WebReg

      Finished



      Logfile of HijackThis v1.99.1
      Scan saved at 19:01:29, on 02/03/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\HTJ\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
      O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O16 - DPF: {00330010-0000-0000-0000-000020160026} -
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -
      O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -
      O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
      O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
      O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -
      O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
      O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
      0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Installe AVG Anti-Spyware :

    https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

    ¤ Lance AVG Anti-Spyware

    Clique sur le bouton Analyse (de la barre d'outils)

    Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.

    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

    A la fin du scan, choisis l'option 3

    "Appliquer toutes les actions " en bas.

    Clique sur "Enregistrer le rapport".

    Copie/colle le rapport sur le forum.

    A+
    0
    1. percy73 Messages postés 58 Date d'inscription   Statut Membre
       
      Bonjour et merci

      Voci le rapport AVG

      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 13:35:06 03/03/2007

      + Résultat de l'analyse:



      C:\Documents and Settings\Administrateur\Application Data\ShopperReports -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\db -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\report -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\Administrateur\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
      HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\nicolas.xxx\Cookies\nicolas@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
      C:\Documents and Settings\nicolas.xxx\Cookies\nicolas@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.


      Fin du rapport
      0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Remet un hijack this.

    A+
    0
    1. percy73 Messages postés 58 Date d'inscription   Statut Membre
       
      Le voilà :

      Logfile of HijackThis v1.99.1
      Scan saved at 15:12:00, on 03/03/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\HTJ\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
      O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O16 - DPF: {00330010-0000-0000-0000-000020160026} -
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -
      O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -
      O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
      O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
      O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -
      O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
      O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


      a+
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Fais un scan en ligne Kaspersky avec Internet Explorer :
    - Clique sur Démarrer Online-Scanner

    - Clique maintenant sur J'accepte.
    - Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
    - Patiente pendant l'installation des Mises à jour.
    - Choisis par la suite l'analyse du Poste de travail.
    - Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Configurer le contrôle des ActiveX

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    0
    1. percy73 Messages postés 58 Date d'inscription   Statut Membre
       
      Bonjour Regis59

      J'ai eu le plus garnd mal à faire le scan et surtout à le copier coller:
      Il y a une ribambelle de lignes comme celle ci dessous:
      C:\Documents and Settings\Administrateur\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList L'objet est verrouillé
      Aussi ai-je pris sur moi de ne copier que les lignes marquées 'infecté' en espérant ne pas en avoir oublié!
      Il y a peut-être une technique de scan que je n' ai pas utilisée: j' ai fait un scan standard du poste de travail ...

      Sunday, March 04, 2007 7:50:36 PM
      Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
      Kaspersky On-line Scanner version : 5.0.83.0
      Dernière mise à jour de la base antivirus Kaspersky : 4/03/2007
      Enregistrements dans la base antivirus Kaspersky : 260206
      Paramètres d'analyse
      Analyser avec la base antivirus suivante standard
      Analyser les archives vrai
      Analyser les bases de messagerie vrai
      Cible de l'analyse Poste de travail
      A:\
      C:\
      D:\
      E:\
      F:\
      H:\
      I:\
      J:\
      K:\
      Statistiques de l'analyse
      Total d'objets analysés 136280
      Nombre de virus trouvés 14
      Nombre d'objets infectés 66 / 0
      Nombre d'objets suspects 0
      Durée de l'analyse 01:12:18

      ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré

      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Historique\History.IE5\MSHist012007030420070305\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Temp\~DF1B1F.tmp L'objet est verrouillé ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Tempmetasploit.exe Infecté : Trojan-Downloader.Win32.VB.ft ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\ntuser.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\nicolas.FAMILLExxx\ntuser.dat.LOG L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
      C:\Program Files\Club-Internet\LE COMPAGNON CLUB\log\mpbtn.log L'objet est verrouillé ignoré
      C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.ilg L'objet est verrouillé ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/BB.class Infecté : Trojan.Java.ClassLoader.o ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenConnection.k ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip ZIP: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\03FA5377.zip CryptFF: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/GetAccess.class Infecté : Trojan.Java.ClassLoader.c ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/InsecureClassLoader.class Infecté : Exploit.Java.ByteVerify ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.a ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip/Installer.class Infecté : Trojan-Downloader.Java.OpenConnection.v ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip ZIP: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\04AC37BA.zip CryptFF: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/Bubble.class Infecté : Trojan.Java.ClassLoader.Dummy.e ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenStream.h ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip ZIP: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\09E574C1.zip CryptFF: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\110F7BBC L'objet est verrouillé ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\1D9E766A L'objet est verrouillé ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/Bubble.class Infecté : Trojan.Java.ClassLoader.Dummy.e ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenStream.h ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip ZIP: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\212A1ED7.zip CryptFF: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/BB.class Infecté : Trojan.Java.ClassLoader.o ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/VerifierBug.class Infecté : Exploit.Java.ByteVerify ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/Dummy.class Infecté : Trojan.Java.ClassLoader.Dummy.c ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip/Beyond.class Infecté : Trojan-Downloader.Java.OpenConnection.k ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip ZIP: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\215019A0.zip CryptFF: infecté - 4 ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\2460559A L'objet est verrouillé ignoré
      C:\Program Files\Norton AntiVirus\Quarantine\2A0E0A75 Infecté : Trojan-Clicker.JS.Linker.h ignoré

      C:\WINDOWS\Dispatcher.exe Infecté : Trojan-PSW.Win32.VB.kg ignoré
      C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Wed, 1 Jun 2005 02:57:58 +0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 17 Jul 2005 08:59:53 -0700]/html Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED/[From ][Date Sun, 20 Mar 2005 18:40:04 +0100 (MET)]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED/[From "Marketplace Amazon.fr" ][Date 4 Jun 2005 03:19:27 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED/[From "r.bassey" ][Date Sat, 30 May 2065 00:21:35 +0200]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED/[From "ClubSymantec" ][Date Thu, 6 Jan 2005 12:20:42 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm/[From Paypal ][Date 27 Jun 2005 13:32:47 -0000]/UNNAMED Infecté : Trojan-Spy.HTML.Paylap.m ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm Mail: infecté - 7 ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
      C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
      C:\WINDOWS\system32\drivers\sptd1229.sys L'objet est verrouillé ignoré
      C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
      C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat L'objet est verrouillé ignoré
      C:\WINDOWS\Temp\tmp00002c2a\tmp00000000 L'objet est verrouillé ignoré
      C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
      C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
      C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
      C:\WINDOWS\winmsgr.exe Infecté : Trojan-Downloader.Win32.VB.fi ignoré
      Analyse terminée.

      Merci pour ta réponse
      0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !

    Supprime ceci:

    C:\Documents and Settings\Administrateur.FAMILLExxx\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\<gras>JunkMail.imm

    C:\Documents and Settings\Default User\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm

    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IM\Identities\{54E057D9-8600-4E3E-A8F7-E6ABA4102C27}\Message Store\JunkMail.imm

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    0
    1. percy73 Messages postés 58 Date d'inscription   Statut Membre
       
      Bonjour Regis59,

      Voici ls 2 rapports demandés:



      SDFix: Version 1.69

      Run by nicolas - 05/03/2007 @ 18:45:29,18

      Microsoft Windows XP [version 5.1.2600]

      Running From: C:\SDFix

      Safe Mode:
      Checking Services:

      Path:



      Restoring Windows Registry Entries
      Restoring Default Hosts File


      Rebooting...

      Normal Mode:
      Checking Files:

      Below files will be copied to Backups folder then removed:

      C:\WINDOWS\dispatcher.exe - Deleted
      C:\WINDOWS\winmsgr.exe - Deleted



      ADS Check:

      C:\WINDOWS\system32
      No streams found.


      Final Check:

      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


      Remaining Files:
      ---------------

      Backups Folder: - C:\SDFix\backups\backups.zip


      Checking For Files with Hidden Attributes :

      C:\Documents and Settings\Administrateur.FAMILLExxx\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\Documents and Settings\Default User\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\Documents and Settings\nicolas.FAMILLExxx\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau\ftp.eskimo.com\Desktop.ini
      C:\WINDOWS\SMINST\HPCD.sys

      Add/Remove Programs List:

      AnyDVD
      avast! Antivirus
      AVG Anti-Spyware 7.5
      CCleaner (remove only)
      Creative Driver
      Gestionnaire de disques amovible Creative
      DVD Shrink 3.2
      EPSON Logiciel imprimante
      EPSON Scan
      ESDX4800_4200 Guide util.
      HijackThis 1.99.1
      Photo et imagerie HP 3.1
      Internet Explorer Q832894
      IncrediMail Xe
      Connexion Facile … Internet
      Multimedia Card Reader
      EPSON Attach To Email
      QuickTime
      J‚roboam 6.03
      Kaspersky Online Scanner
      Language pack for Ad-Aware SE
      Mozilla Firefox (2.0.0.2)
      Commande ECHO d‚sactiv‚e.
      NVIDIA GART Driver
      Outlook Express Update Q330994
      Microsoft Picture It! Photo Premium 9
      Correctif Windows XP (SP2) Q327979
      Correctif Windows XP (SP2) Q328310
      Correctif Windows XP (SP2) Q329112
      Package du correctif Windows XP [voir Q329115 pour plus de d‚tails]
      Correctif Windows XP (SP2) Q329170
      Package du correctif Windows XP [voir q329256 pour plus de d‚tails]
      Package du correctif Windows XP [voir Q329390 pour plus de d‚tails]
      Package du correctif Windows XP [voir Q329834 pour plus de d‚tails]
      Correctif Windows XP (SP2) Q329909
      Correctif Windows XP (SP2) Q331953
      Package du correctif Windows XP [voir Q331958 pour plus de d‚tails]
      Correctif Windows XP (SP2) Q810565
      Correctif Windows XP (SP2) Q810577
      Correctif Windows XP (SP2) Q810833
      Correctif Windows XP (SP2) Q811009
      Correctif Windows XP (SP2) Q811632
      Correctif Windows XP (SP2) Q811789
      Correctif Windows XP (SP2) Q814033
      Correctif Windows XP (SP2) Q814995
      Correctif Windows XP (SP2) Q815021
      Correctif Windows XP (SP2) Q815485
      Correctif Windows XP (SP2) Q817287
      Correctif Windows XP (SP2) Q817606
      Adobe Flash Player 9 ActiveX
      Spybot - Search & Destroy 1.4
      SpywareBlaster v3.5.1
      Starcraft
      LE COMPAGNON CLUB
      Lecteur Windows Mediaÿ10
      Archiveur WinRAR
      WinZip
      S‚lecteur d'installation de Microsoft Worksÿ2004
      XviD MPEG-4 Video Codec
      ZENcast Organizer
      Connexion Facile … Internet
      Fritz8
      AiO_Scan
      Multimedia Card Reader
      EPSON Attach To Email
      HpSdpAppCoreApp
      EPSON Scan Assistant
      Google Toolbar for Firefox
      DocProc
      EPSON Image Clip Palette
      Creative ZEN Vision M Series
      J2SE Runtime Environment 5.0 Update 10
      BitDefender Internet Security v10
      HPSystemDiagnostics
      Photosmart 140,240,7200,7600,7700,7900 Series
      SkinsHP1
      Readme
      QuickProjects
      HP Photo and Imaging 2.0 - Photosmart Cameras
      EPSON Easy Photo Print
      EPSON Copy Utility 3
      Compl‚ment Microsoft Word pour Microsoft Works Suite
      InstantShare
      Ad-Aware SE Personal
      PSShortcutsP
      EPSON Web-To-Page
      Director
      QFolder
      Intel(R) Extreme Graphics 2 Driver
      Visual J# .NET Redistributable Package
      Microsoft Word 2002
      Scan
      RecordNow!
      Nero 7 Premium
      hpmdtab
      CreativeProjects
      MSN Messenger 7.5
      Fax
      QuickTime
      AiOSoftware
      PhotoGallery
      TuneUp Utilities 2007
      Microsoft .NET Framework 1.1
      HP Software Update
      TrayApp
      PrintScreen
      Copy
      SkinsHP2
      Microsoft Picture It! Photo Premium 9
      Unload
      Microsoft Works
      EPSON File Manager
      AIOMinimal
      HPIZ311
      HP PSC & OfficeJet 3.0
      HP Deskjet Preloaded Printer Drivers
      WebReg

      Finished

      Logfile of HijackThis v1.99.1
      Scan saved at 19:07:27, on 05/03/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\HTJ\HijackThis.exe
      C:\Program Files\CCleaner\ccleaner.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      c:\program files\softwin\bitdefender10\bdmcon.exe
      C:\PROGRA~1\WINZIP\winzip32.exe
      C:\Documents and Settings\nicolas.FAMILLExxx\Local Settings\Temp\wz1c15\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)
      O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O16 - DPF: {00330010-0000-0000-0000-000020160026} -
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -
      O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -
      O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
      O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
      O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -
      O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
      O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

      Merci et a+
      0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Désactive le temps de la manip, le Tea timer de Spybot
    lance Spybot >mode avancé> outils >> résident
    Décoche la case résident "tea timer"
    referme Spybot

    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R3 - URLSearchHook: (no name) - {AFAC25C2-B321-C0FA-7759-9A5B212E35E1} - (no file)

    O2 - BHO: (no name) - {4F7F2319-1C83-0389-44AC-9B0518199108} - (no file)

    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)

    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

    O16 - DPF: {00330010-0000-0000-0000-000020160026} -

    O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -

    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -

    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -

    O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} -

    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} -

    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -

    O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} -

    O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -

    O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -

    O16 - DPF: {E68718BB-5451-4F6F-B8B8-41B4AB672747} -

    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\WINDOWS\logon.exe

    Redemarre ton pc, et remet un rapport hijackthis

    A+
    0
    1. percy73 Messages postés 58 Date d'inscription   Statut Membre
       
      Re-bonjour,

      J'ai tout fait sauf que ( je dois être le vrai manche) je n' ai pas trouvé de C:vindows\logon.exe
      Il y bien des logon mais pas à cette adresse ( plutôt des adresses genre C:windows\quelque chose\logon

      Quoiqu' il en soit voici la dernière livraison du log HJT et encore merci de ton aide

      Logfile of HijackThis v1.99.1
      Scan saved at 21:45:05, on 05/03/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\club-internet\LE COMPAGNON CLUB\bin\mpbtn.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\HTJ\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.europe-echecs.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c6.cab
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA30114-F66A-43B6-A8AD-2A17D2A31B34}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
      O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

      A+
      0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Ok !

    Ou en sont tes soucis?.

    A+
    0
  10. percy73 Messages postés 58 Date d'inscription   Statut Membre
     
    Bonjour,

    Je n' osais rien entreprendre avant d' avoir de tes nouvelles ; du coup j'ai relancé un scan Spybot et ... plus de trojan !!! OUF!

    Je te remercie infiniment pour ton aide .

    a+
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    De rien !

    Des questions?

    Bonne nuit.

    A+
    0