Processus I.E. encombrants
Résolu
Melody_1
Messages postés
154
Date d'inscription
Statut
Membre
Dernière intervention
-
lance_yien Messages postés 2751 Date d'inscription Statut Contributeur Dernière intervention -
lance_yien Messages postés 2751 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour, je sais très bien qu'Internet Explorer est un composant indissociable de Windows, y a t-il un moyen de le mettre en sommeil ?
Celui ci m'ouvre des fichiers processus dans le gestionnaire des taches qui utlisent de la mémoire vive.
Dans la mesure ou je n'utilise que FireFox, qu'elle est la manipulation si elle existe pour bloquer I.E et ne le débloquer que si c'est nécessaire.
Merci d'avoir pris la peine de me lire et peut être d'apporter une solution.
Melody_1.
Celui ci m'ouvre des fichiers processus dans le gestionnaire des taches qui utlisent de la mémoire vive.
Dans la mesure ou je n'utilise que FireFox, qu'elle est la manipulation si elle existe pour bloquer I.E et ne le débloquer que si c'est nécessaire.
Merci d'avoir pris la peine de me lire et peut être d'apporter une solution.
Melody_1.
6 réponses
bonjour melody,
IE est indispensable surtout pour les mises à jour
d'autre part si tu trouves qu'il tourne un peu trop c'est parce qu'il y a des procesus qui l'activent (et souvent pas des plus sympathique pour ton système) mais on peut le contrôler:
clic sur mon nom en haut de ce message puis sur le lien du site perso,
dans la fenêtre qui s'ouvre choisis "utilitaires" pour installer "hijackthis" et poster un rapport de scan
a+ ;)
IE est indispensable surtout pour les mises à jour
d'autre part si tu trouves qu'il tourne un peu trop c'est parce qu'il y a des procesus qui l'activent (et souvent pas des plus sympathique pour ton système) mais on peut le contrôler:
clic sur mon nom en haut de ce message puis sur le lien du site perso,
dans la fenêtre qui s'ouvre choisis "utilitaires" pour installer "hijackthis" et poster un rapport de scan
a+ ;)
bonjour,
ton pc est infecté:
clic sur mon nom en haut de ce message puis sur le lien du site perso,
dans la fenêtre qui s'ouvre choisis:
1°) "désinfection-nettoyage" et fais la procédure complète
2°) "utilitaires" pour faire le "scan avec bitdefender", enregistre le rapport généré sur ton bureau pour le poster avec un nouveau hijackthis
a+ ;)
ton pc est infecté:
clic sur mon nom en haut de ce message puis sur le lien du site perso,
dans la fenêtre qui s'ouvre choisis:
1°) "désinfection-nettoyage" et fais la procédure complète
2°) "utilitaires" pour faire le "scan avec bitdefender", enregistre le rapport généré sur ton bureau pour le poster avec un nouveau hijackthis
a+ ;)
Bonsoir lance_yien j'ai suivi la procédure de nettoyage et désinfection comme tu m'as indiqué jusqu'au scan de Hijackthis, le voici collé, pour Bitdefender je n'ai pas pu faire le scan car il me demande de l'acheter, j'ai déjà acheter Kapersky cette année et il est à jour.
Merci de ton aide sympa.
@+
Logfile of HijackThis v1.99.1
Scan saved at 21:09:25, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\89exym50_2.5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\admin\LOCALS~1\Temp\78exgmail50g2.0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\76exinjs.a3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Big Ben.lnk = C:\Program Files\BIG BEN\Big Ben.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117708801090
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{77B5C3C0-2D66-4149-A23C-5938EEEFC0EA}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH -
Merci de ton aide sympa.
@+
Logfile of HijackThis v1.99.1
Scan saved at 21:09:25, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\89exym50_2.5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\admin\LOCALS~1\Temp\78exgmail50g2.0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\76exinjs.a3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Big Ben.lnk = C:\Program Files\BIG BEN\Big Ben.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117708801090
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{77B5C3C0-2D66-4149-A23C-5938EEEFC0EA}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH -
Salut et excusez-moi d'intervenir au milieu de vos logs.
Mais juste une question melody.
Quand tu dis que internet explorer lance des "fichiers processus dans le gestionnaire des taches" es-tu sûr de ne pas confondre avec le processus "explorer" ?
Celui ci est indispensable à Windows et n'a rien à voir avec IE et il ne faut pas le confondre avec "iexplorer" qui lui est bien lancé par internet explorer.
Sur ce, je vous laisse entre vous régler le problème de virus.
@+
Mais juste une question melody.
Quand tu dis que internet explorer lance des "fichiers processus dans le gestionnaire des taches" es-tu sûr de ne pas confondre avec le processus "explorer" ?
Celui ci est indispensable à Windows et n'a rien à voir avec IE et il ne faut pas le confondre avec "iexplorer" qui lui est bien lancé par internet explorer.
Sur ce, je vous laisse entre vous régler le problème de virus.
@+
bonjour vous deux,
melody,
1°) réfères-toi au lien de téléchargement de hijackthis pour "fixer" ces lignes:
ATTENTION: si l'adresse aux lignes R1 est installée sciemment il ne faut pas les cocher
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
après redémarrage supprimes ces fichiers (en gras):
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system\smss.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\89exym50_2.5.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\78exgmail50g2.0.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\76exinjs.a3.exe
((si dificultés de suppression passer en mode sans échec pour le faire))
2°) redémarres ton pc et au retour vérifies qu'il n'y aie pas d'anomalie
si tout est ok vides ta corbeille
3°) il faut absolument arriver à faire le "scan avec bitdefender"
jusqu'à hier soir (où j'ai eu rapport d'un internaute à qui on n'a pas demandé de faire un achat)
qd tu cliques sur le lien indiqué une fenêtre s'ouvre et dans laquelle il faut cliquer sur "I agree" pour accepter l'installation d'un activeX (une barre jaune peut se manifester en haut de ton navigateur et sur laquelle il faut cliquer et choisir installer l'activex),
dans la 2eme fenêtre il faut presser "click her to scan"
melody,
1°) réfères-toi au lien de téléchargement de hijackthis pour "fixer" ces lignes:
ATTENTION: si l'adresse aux lignes R1 est installée sciemment il ne faut pas les cocher
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
après redémarrage supprimes ces fichiers (en gras):
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system\smss.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\89exym50_2.5.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\78exgmail50g2.0.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\76exinjs.a3.exe
((si dificultés de suppression passer en mode sans échec pour le faire))
2°) redémarres ton pc et au retour vérifies qu'il n'y aie pas d'anomalie
si tout est ok vides ta corbeille
3°) il faut absolument arriver à faire le "scan avec bitdefender"
jusqu'à hier soir (où j'ai eu rapport d'un internaute à qui on n'a pas demandé de faire un achat)
qd tu cliques sur le lien indiqué une fenêtre s'ouvre et dans laquelle il faut cliquer sur "I agree" pour accepter l'installation d'un activeX (une barre jaune peut se manifester en haut de ton navigateur et sur laquelle il faut cliquer et choisir installer l'activex),
dans la 2eme fenêtre il faut presser "click her to scan"
Bonsoir lance_yien, ma difficulté à me connecter à Bitdefender était qu'il fallait I.E, affaire donc faite, voici les deux rapports.
Je te suis extrèmement reconnaissant pour ton aide.
Melody.
Logfile of HijackThis v1.99.1
Scan saved at 21:20:43, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Big Ben.lnk = C:\Program Files\BIG BEN\Big Ben.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117708801090
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{77B5C3C0-2D66-4149-A23C-5938EEEFC0EA}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH -
BitDefender Online Scanner
Scan report generated at: Sat, Mar 31, 2007 - 21:03:38
Scan path: C:\;D:\;E:\;
Statistics
Time
01:09:28
Files
475366
Folders
3946
Boot Sectors
3
Archives
2545
Packed Files
51340
Results
Identified Viruses
4
Infected Files
30
Suspect Files
36
Warnings
0
Disinfected
0
Deleted Files
66
Engines Info
Virus Definitions
409468
Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\admin\Local Settings\Temp\0exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\0exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\0exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\0exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\0exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\0exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\10exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\10exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\10exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\11exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\11exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\11exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\12exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\12exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\12exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\18exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\18exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\18exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\19exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\19exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\19exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\20exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\20exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\20exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\21exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\21exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\21exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\21exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\21exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\21exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\26exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\26exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\26exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\26exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\26exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\26exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\27exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\27exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\27exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\29exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\29exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\29exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\31exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\31exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\31exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\31exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\31exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\31exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\32exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\32exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\32exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\33exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\33exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\33exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\34exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\34exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\34exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\34exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\34exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\34exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\35exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\35exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\35exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\35exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\35exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\35exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\38exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\38exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\38exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\38exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\38exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\38exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\39exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\39exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\39exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\39exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\39exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\39exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\42exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\42exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\42exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\48exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\48exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\48exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\4exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\4exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\4exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\51exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\51exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\51exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\55exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\55exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\55exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\56exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\56exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\56exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\57exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\57exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\57exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\58exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\58exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\58exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\59exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\59exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\59exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\5exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\5exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\5exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\60exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\60exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\60exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\60exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\60exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\60exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\62exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\62exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\62exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\63exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\63exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\63exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\65exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\65exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\65exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\66exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\66exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\66exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\66exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\66exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\66exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\67exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\67exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\67exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\71exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\71exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\71exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\71exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\71exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\71exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\74exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\74exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\74exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\74exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\74exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\74exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\7exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\7exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\7exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\80exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\80exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\80exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\82exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\82exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\82exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\82exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\82exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\82exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\83exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\83exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\83exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\87exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\87exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\87exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\87exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\87exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\87exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\89exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\89exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\89exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\91exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\91exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\91exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\92exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\92exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\92exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\95exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\95exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\95exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\97exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\97exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\97exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\98exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\98exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\98exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\98exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\98exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\98exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\99exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\99exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\99exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\9exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\9exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\9exyp.3.exe
Deleted
C:\System Volume Information\_restore{09A565A2-2CBC-497E-84D5-8FD1D90B6A75}\RP696\A0139634.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\System Volume Information\_restore{09A565A2-2CBC-497E-84D5-8FD1D90B6A75}\RP696\A0139634.exe
Disinfection failed
C:\System Volume Information\_restore{09A565A2-2CBC-497E-84D5-8FD1D90B6A75}\RP696\A0139634.exe
Deleted
C:\WINDOWS\system\smss.exe
Infected with: DeepScan:Generic.Horst.8C03C9CE
C:\WINDOWS\system\smss.exe
Disinfection failed
C:\WINDOWS\system\smss.exe
Deleted
Je te suis extrèmement reconnaissant pour ton aide.
Melody.
Logfile of HijackThis v1.99.1
Scan saved at 21:20:43, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Big Ben.lnk = C:\Program Files\BIG BEN\Big Ben.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117708801090
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{77B5C3C0-2D66-4149-A23C-5938EEEFC0EA}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH -
BitDefender Online Scanner
Scan report generated at: Sat, Mar 31, 2007 - 21:03:38
Scan path: C:\;D:\;E:\;
Statistics
Time
01:09:28
Files
475366
Folders
3946
Boot Sectors
3
Archives
2545
Packed Files
51340
Results
Identified Viruses
4
Infected Files
30
Suspect Files
36
Warnings
0
Disinfected
0
Deleted Files
66
Engines Info
Virus Definitions
409468
Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\admin\Local Settings\Temp\0exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\0exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\0exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\0exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\0exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\0exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\10exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\10exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\10exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\11exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\11exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\11exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\12exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\12exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\12exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\18exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\18exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\18exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\19exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\19exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\19exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\20exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\20exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\20exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\21exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\21exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\21exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\21exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\21exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\21exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\26exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\26exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\26exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\26exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\26exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\26exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\27exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\27exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\27exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\29exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\29exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\29exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\31exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\31exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\31exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\31exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\31exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\31exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\32exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\32exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\32exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\33exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\33exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\33exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\34exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\34exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\34exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\34exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\34exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\34exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\35exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\35exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\35exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\35exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\35exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\35exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\38exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\38exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\38exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\38exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\38exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\38exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\39exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\39exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\39exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\39exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\39exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\39exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\42exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\42exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\42exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\48exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\48exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\48exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\4exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\4exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\4exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\51exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\51exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\51exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\55exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\55exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\55exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\56exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\56exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\56exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\57exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\57exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\57exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\58exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\58exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\58exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\59exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\59exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\59exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\5exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\5exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\5exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\60exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\60exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\60exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\60exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\60exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\60exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\62exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\62exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\62exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\63exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\63exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\63exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\65exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\65exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\65exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\66exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\66exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\66exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\66exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\66exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\66exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\67exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\67exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\67exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\71exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\71exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\71exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\71exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\71exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\71exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\74exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\74exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\74exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\74exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\74exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\74exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\7exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\7exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\7exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\80exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\80exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\80exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\82exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\82exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\82exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\82exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\82exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\82exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\83exhdda.5.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\admin\Local Settings\Temp\83exhdda.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\83exhdda.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\87exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\87exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\87exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\87exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\87exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\87exyp.3.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\89exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\89exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\89exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\91exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\91exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\91exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\92exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\92exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\92exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\95exgmi.5.exe
Infected with: Trojan.Medbod.B
C:\Documents and Settings\admin\Local Settings\Temp\95exgmi.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\95exgmi.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\97exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\97exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\97exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\98exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\98exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\98exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\98exssd32a.5.exe
Infected with: Generic.Spammer.06E30839
C:\Documents and Settings\admin\Local Settings\Temp\98exssd32a.5.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\98exssd32a.5.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\99exgmail50g2.0.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\Documents and Settings\admin\Local Settings\Temp\99exgmail50g2.0.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\99exgmail50g2.0.exe
Deleted
C:\Documents and Settings\admin\Local Settings\Temp\9exyp.3.exe
Suspected of: Generic.Malware.Yd.F95C8483
C:\Documents and Settings\admin\Local Settings\Temp\9exyp.3.exe
Disinfection failed
C:\Documents and Settings\admin\Local Settings\Temp\9exyp.3.exe
Deleted
C:\System Volume Information\_restore{09A565A2-2CBC-497E-84D5-8FD1D90B6A75}\RP696\A0139634.exe
Suspected of: Generic.Malware.Yd.B8E905AA
C:\System Volume Information\_restore{09A565A2-2CBC-497E-84D5-8FD1D90B6A75}\RP696\A0139634.exe
Disinfection failed
C:\System Volume Information\_restore{09A565A2-2CBC-497E-84D5-8FD1D90B6A75}\RP696\A0139634.exe
Deleted
C:\WINDOWS\system\smss.exe
Infected with: DeepScan:Generic.Horst.8C03C9CE
C:\WINDOWS\system\smss.exe
Disinfection failed
C:\WINDOWS\system\smss.exe
Deleted
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour, je reste sur une impression plutôt positive et optimiste quand à la résolution de mon problème, néanmoins j'observe par modestie une certaine retenue sur toutes certitudes.
Personnellement, je peux dire que c'est résolu, les rapports parlent d'eux mêmes. Je n'ai plus de processus indésirables qui tournent à mon insu, le gestionnaire des taches atteste maintenant depuis une douzaine d'heures cet état.
Un clin d'oeil à lance_yien qui à su m'assisté tout au long de mon parcours et à qui je lève respectueusement mon chapeau.
Un ami te donne un poisson, un bon ami t'append à le pêcher.
Melody
Personnellement, je peux dire que c'est résolu, les rapports parlent d'eux mêmes. Je n'ai plus de processus indésirables qui tournent à mon insu, le gestionnaire des taches atteste maintenant depuis une douzaine d'heures cet état.
Un clin d'oeil à lance_yien qui à su m'assisté tout au long de mon parcours et à qui je lève respectueusement mon chapeau.
Un ami te donne un poisson, un bon ami t'append à le pêcher.
Melody
Malheureusement j'ai arrété les processus IE avec le gestionnaire des taches et ils ne sont donc plus visibles sur le rapport Hijackthis.
Voici dessous:
Logfile of HijackThis v1.99.1
Scan saved at 22:38:06, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\86exgmail50g2.0.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Big Ben.lnk = C:\Program Files\BIG BEN\Big Ben.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117708801090
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{77B5C3C0-2D66-4149-A23C-5938EEEFC0EA}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe