Sujet Précédent Sujet Suivant

Cheval de troie sur msn

eilmi Messages postés 9 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

comme beaucoup je viens ici car je rencontres quelques pb informatiques. j'ai reçu un fichier qu'il ne fallait pas ouvrir sur msn et hop un cheval de troie !! depuis le pc s'eteint pour se rallumer à n'importe quel moment.

symantec en a détecté 5 exactement. j'ai trouvé pas mal d'infos, mais à force de télécharger, je sais plus trop ou j'en suis!!

please aidez moi !! et doucement avec le vocabulaire je suis pas très douée.

merci à tous ceux qui prendront qq minutes pour me répondre et me guider dans ma galère !! EMILIE
A voir également:

5 réponses

Réponse 1 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

----------------------

ensuite:

scan avec des antiespions (en mode sans échec):

spybot :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

----------

AVG antispyxare

https://www.01net.com/telecharger/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

--------------

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
eilmi Messages postés 9 Statut Membre
 
Bonjour,

Merci pour l'étonnante rapidité. Ca fait plaisir.

Donc, j'ai suivi tes conseils :

- installer MSNFix qui n'a rien donné (en fait je l'avait déjà fait, l'infection était apparue et je l'avais supprimée)

- analyse spybot : c'est bien passé

- AVG antispyxare : j'ai essayé dans tous les sens, impossible de l'installer et de le désinstaller !! j'ai mm été sur le site officiel rien n'a faire.
j'ai donc fait à la place un TROJAN REMOVER j'espère que c'est à peu près la mm chose.

- j'ai ensuite fait un scan avec les deux liens que tu m'a proposé : il sont clair tous les deux je suis bien infectée. d'ailleurs pendant toutes ces opérations, Avast (à quoi sert il je me le demande bien) m'a signalé au moins 15 fois la présence d'un cheval de troie.

voila le bilan de ma matinée, je joins les rapports..

QUE DOIS JE FAIRE ? MERCI D AVANCE.



RAPPORT TROJAN REMOVER

***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
11/07/2007 11:31:08: Trojan Remover has been restarted
C:\WINDOWS\system32\xpdx.sys has been renamed to C:\WINDOWS\system32\xpdx.sys.ren
11/07/2007 11:31:08: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.1.2477. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 11/07/2007 11:27:35
Using Database v6826
Operating System: Windows XP Professional Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\sgv\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\sgv\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
11:27:35: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
11:27:35: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
11:27:35: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
11:27:36: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Cmaudio
Value Data = RunDll32 cmicnfg.cpl,CMICtrlWnd - this command has been left in place [file not found to scan]
--------------------
Value Name = SiSPower
Value Data = Rundll32.exe SiSPower.dll,ModeAgent - this command has been left in place
--------------------
Value Name = PDF Converter Registry Controller
Value Data = C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = PDFConverterReminder
Value Data = C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\EReg.exe" -r "C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\ereg.ini - this command has been left in place [file not found to scan]
--------------------
Value Name = WindowsHive
C:\WINDOWS\system32\rpcc.exe appears to be in-use/locked - scanning skipped.
C:\WINDOWS\system32\rpcc.exe - process is either not running or could not be terminated
Value Data = C:\WINDOWS\system32\rpcc.exe - appears to contain TROJAN.PROXY.DLENA
Value Data = C:\WINDOWS\system32\rpcc.exe - this command has been removed
C:\WINDOWS\system32\rpcc.exe has been renamed to: C:\WINDOWS\system32\rpcc.exe.ren
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
Value Name = !AVG Anti-Spyware
Value Data = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = CTFMON.EXE
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = Reminder
Value Data = C:\Program Files\Microsoft Money\System\reminder.exe - this command has been left in place
--------------------
Value Name = MsnMsgr
Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

**************************************************
11:28:10: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

**************************************************
11:28:10: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
11:28:11: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\DOCUME~1\sgv\MESDOC~1\MESFIC~1\MYALBU~1\PHOTOA~1.SCR - this command has been left in place [file not found to scan]
--------------------

**************************************************
11:28:11: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
11:28:12: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=Irmon
ServiceDLL=%SystemRoot%\System32\irmon.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=ldrsvc
ServiceDLL=C:\DOCUME~1\sgv\LOCALS~1\Temp\clean_2e253b.dll - this reference has been left in place [file not found to scan]
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\mspmsnsv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

**************************************************
11:28:17: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=cmuda
ImagePath=system32\drivers\cmuda.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=CO_Mon
ImagePath=\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=gagp30kx
ImagePath=system32\DRIVERS\gagp30kx.sys - this reference has been left in place
----------
Key=gameenum
ImagePath=system32\DRIVERS\gameenum.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=irda
ImagePath=system32\DRIVERS\irda.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=irsir
ImagePath=system32\DRIVERS\irsir.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=MDM
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
c:\windows\system32\msvcrtd.exe appears to be in-use/locked - scanning skipped.
Key=msupdate
ImagePath=c:\windows\system32\msvcrtd.exe - this reference has been left in place
----------
Key=ms_mpu401
ImagePath=system32\drivers\msmpu401.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NTSIM
ImagePath=\??\C:\WINDOWS\system32\ntsim.sys - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=system32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasirda
ImagePath=system32\DRIVERS\rasirda.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=S3chipid
ImagePath=\??\C:\DOCUME~1\sgv\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys - this reference has been left in place [file not found to scan]
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=system32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=SiS315
ImagePath=system32\DRIVERS\sisgrp.sys - this reference has been left in place
----------
Key=SiSkp
ImagePath=system32\DRIVERS\srvkp.sys - this reference has been left in place
----------
Key=SISNIC
ImagePath=system32\DRIVERS\sisnic.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=StillCam
ImagePath=system32\DRIVERS\serscan.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{BE3CA7AB-04B1-4DED-87B2-D91EA605C0A2} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TlntSvr
ImagePath=C:\WINDOWS\system32\tlntsvr.exe - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
C:\WINDOWS\system32\xpdx.sys appears to be in-use/locked - scanning skipped.
Key=xpdx
ImagePath=\??\C:\WINDOWS\system32\xpdx.sys - appears to contain TROJAN.CLICKER.COSTRAT
ImagePath=\??\C:\WINDOWS\system32\xpdx.sys - this reference has been removed
C:\WINDOWS\system32\xpdx.sys - unable to take ownership/change permissions
C:\WINDOWS\system32\xpdx.sys has been marked for renaming when the PC is restarted
----------

**************************************************
11:29:19: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

**************************************************
11:29:19: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

**************************************************
11:29:19: Scanning ----- CONTEXTMENUHANDLERS -----
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = AVG Anti-Spyware
CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
----------
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Print602
CLSID = {0f420c1e-9ed6-4da5-8b91-eddde887a1dc}
C:\Program Files\Fichiers communs\QuickPDF\PrnShell.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

**************************************************
11:29:20: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
11:29:20: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------

**************************************************
11:29:21: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
CLSID = {7849596a-48ea-486e-8937-a2a3009f31a9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
CLSID = {fbeb8a05-beee-4442-804e-409d6c4515e9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
%SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153}
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------

**************************************************
11:29:21: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

**************************************************
11:29:21: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
11:29:21: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
11:29:21: Scanning ----- SECURITY PROVIDER DLLS -----
msapsspc.dll - this entry has been left in place
----------
schannel.dll - this entry has been left in place
----------
digest.dll - this entry has been left in place
----------
msnsspc.dll - this entry has been left in place
----------

**************************************************
11:29:21: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

**************************************************
11:29:21: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
--------------------
Microsoft Office.lnk - this links to C:\Program Files\Microsoft Office\Office10\OSA.EXE and has been left in place
--------------------
Utility Tray.lnk - this links to C:\WINDOWS\system32\sistray.exe and has been left in place
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
11:29:22: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

**************************************************
11:29:22: ----- ADDITIONAL CHECKS -----
XPDX driver entry exists but is not stealthed (ImagePath is empty or does not exist)
The ImagePath entry may have been removed by a previous scan. The driver entry will now be deleted.
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

**************************************************
11:29:22: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniff.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniff.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\AXXPEE.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\CabSA.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\catalog.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\ecbootil.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecmldr32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\naveng32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navex32a.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\rufsi.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\scrauth.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.cat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcdefs.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinf.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfidx.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfl.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1hd.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.grd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.sig - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan2.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan3.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan4.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan5.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan6.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscant.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\vscanmsx.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\wuweb.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\zdone.dat - this file has been left in place

**************************************************
11:29:30: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\system32\RunDll32.exe
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Microsoft Money\System\reminder.exe
--------------------
C:\Program Files\MSN Messenger\MsnMsgr.Exe
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
--------------------
C:\WINDOWS\system32\sistray.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
--------------------
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------------
C:\Documents and Settings\sgv\Application Data\Simply Super Software\Trojan Remover\kgc20.exe
FileSize: 1 876 544
[This is a Trojan Remover component]
--------------------

**************************************************
11:29:35: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
11:29:35: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
11:29:35: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html

**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 11/07/2007 11:29:35
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
11/07/2007 11:29:45: restart commenced
************************************************************




RAPPORT BIT DEFENDER

Fichier analysé
Statut

C:\RECYCLER\S-1-5-21-1547161642-362288127-839522115-1003\Dc349\MSNFix\10072007_16330375.zip=>backup/sysprinters.dll
Infecté par: Win32.Worm.Potos.A

C:\RECYCLER\S-1-5-21-1547161642-362288127-839522115-1003\Dc349\MSNFix\10072007_16330375.zip=>backup/sysprinters.dll
Supprimé

C:\RECYCLER\S-1-5-21-1547161642-362288127-839522115-1003\Dc349\MSNFix\10072007_16330375.zip
Mis à jour

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0042274.scr
Infecté par: Trojan.Dropper.Delf.HS

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0042274.scr
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0042274.scr
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0043238.exe
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0043238.exe
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0043238.exe
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0043239.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0043239.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0043239.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0044238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0044238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0044238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0045238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0045238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0045238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0046238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0046238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0046238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0047238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0047238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0047238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0048238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0048238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0048238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0049238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0049238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0049238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0050238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0050238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0050238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0051238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0051238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0051238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0052238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0052238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0052238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0053238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0053238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0053238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0054238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0054238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0054238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0055238.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0055238.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0055238.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0056241.exe
Infecté par: Trojan.Proxy.Wopla.C

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0056241.exe
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0056241.exe
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0056243.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0056243.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP101\A0056243.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP102\A0056412.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP102\A0056412.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP102\A0056412.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP102\A0056427.exe
Infecté par: DeepScan:Generic.Malware.Fdld!!.24CEC8CE

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP102\A0056427.exe
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP102\A0056427.exe
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056825.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056825.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056825.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056861.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056861.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056861.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056871.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056871.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP103\A0056871.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0057871.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0057871.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0057871.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0057898.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0057898.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0057898.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058898.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058898.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058898.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058957.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058957.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058957.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058964.dll
Infecté par: Win32.Worm.Potos.A

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058964.dll
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058964.dll
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058974.dll
Infecté par: Win32.Worm.Potos.A

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058974.dll
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0058974.dll
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0059957.sys
Infecté par: Trojan.Proxy.Dlena.CL

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0059957.sys
Echec de la désinfection

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0059957.sys
Supprimé

C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP106\A0059985.sys
Infecté par: Trojan.Pro
0
Réponse 2 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis reactive la
---------------

utilise aussi pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo

https://www.01net.com/

--------------------
colle un rapport hijackthis

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

----------------------

télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.

------------

ensuite:

scan avec des antiespions (en mode sans échec):

AD AWARE:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
---------------------
lance a squared free et colle le rapport

https://www.01net.com/telecharger/

----------
colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne : (de préférence)
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

---------

et colle un rapport hijackthis
0
eilmi Messages postés 9 Statut Membre
 
salut

- désactiviation/activation de la restauration systèmpe OK

- nettoyage avec Ccleaner OK

-> RAPPORT hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 17:39:02, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\sgv\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [PDFConverterReminder] "C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\EReg.exe" -r "C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\ereg.ini"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)








RAPPORT NAVILOG

Search Navipromo version 2.0.5 commencé le 11/07/2007 à 17:42:33,78

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\sgv\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/11/07 at 17:42:35.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ......................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/11/07 at 17:43:38 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********

3)Recherche Certificats :


*** Analyse Terminé le 11/07/2007 à 17:43:46,68 ***





RAPPORT A SQUARED FREE

Version - a-squared Free 3.0
Dernière mise à jour: 11/07/2007 18:05:26

Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 11/07/2007 18:06:05

C:\Documents and Settings\sgv\Cookies\sgv@weborama[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\sgv\Bureau\MSNFix\MSNFix\incl\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\sgv\Bureau\MSNFix.zip/Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\Program Files\Navilog1\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP110\A0060256.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\WINDOWS\system32\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20

Scanné

Fichiers: 38506
Traces: 273430
Cookies: 9
Processus: 33

Trouver

Fichiers: 5
Traces: 0
Cookies: 1
Processus: 0
Clés de Registre: 0

Fin du Scan: 11/07/2007 18:21:09
Temps du Scan: 00:15:04

C:\Documents and Settings\sgv\Bureau\MSNFix\MSNFix\incl\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\sgv\Bureau\MSNFix.zip/Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Program Files\Navilog1\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\System Volume Information\_restore{2D81CD90-7DAB-475F-8349-A6118859CBA9}\RP110\A0060256.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\WINDOWS\system32\Process.exe Quarantaine Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\sgv\Cookies\sgv@weborama[2].txt Quarantaine Trace.TrackingCookie

Quarantaine

Fichiers: 5
Traces: 0
Cookies: 1




AUCUN VIRUS N'A ETE DECTECTE PAR PANDA !!! est ce la fin d'un cauchemar ???

maintenant peux tu me dire ce que je dois garder sur le pc entre tous les téléchargements ? est ce que je peux garder AVAST comme anti virus ?? au fait, je m'en suis sortie avec AGV dois je maintenant le garder ?



merci beaucoup. EMILIE
0
Réponse 3 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe

fait
-------------

fais ceci,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
--

Cleanzip

Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html

---------------

refait un scan en ligne bitdefender et colle le rapport

ainsi qu'hiajckthis
0
Réponse 4 / 5
eilmi Messages postés 9 Statut Membre
 
RAPPORT SDFix

SDFix: Version 1.90

Run by sgv on 12/07/2007 at 10:52

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\sgv\Bureau\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
ldrsvc
msupdate
NtmlSvc

ImagePath:
%SystemRoot%\System32\svchost.exe -k netsvcs
c:\windows\system32\msvcrtd.exe
%SystemRoot%\System32\svchost.exe -k netsvcs

ldrsvc - Deleted
msupdate - Deleted
NtmlSvc - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"="C:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe:*:Enabled:Application MFC XrxFTPLt"
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE:*:Enabled:Microsoft Word"
"C:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"="C:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe:*:Enabled:SGTOOL"
"C:\\Program Files\\SYBASE 8.02\\win32\\dbeng8.exe"="C:\\Program Files\\SYBASE 8.02\\win32\\dbeng8.exe:*:Enabled:Adaptive Server Anywhere Database Engine"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe"="C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Files with Hidden Attributes:

C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\jeanval16@hotmail.com\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\2007_03_16\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\Appt Place BEAULIEU\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\Gabrielsen\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\Indivision cherves\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\Maison Chateaubernard\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\Maison Chateaubernard\ALLARY\Thumbs.db
C:\Documents and Settings\sgv\Local Settings\Application Data\Microsoft\Messenger\eilmi@hotmail.fr\Sharing Folders\unclephane2001@hotmail.com\Rue Berchon\Thumbs.db
C:\S.G.V. COGNAC\~WRL2657.tmp
C:\S.G.V. COGNAC\AFFECTATION DES HECTARES\~WRL1707.tmp
C:\S.G.V. COGNAC\AFFECTATION DES HECTARES\~WRL2930.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2003\RdV 2003-2004\~WRL0438.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\2004 CONSEILS D'ADMINISTRATION\CA 19-03-04\~WRL1761.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\ADHESION 2004-2005\~WRL0798.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Arrˆt‚ de campagne\2004\~WRL1715.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Arrˆt‚ de campagne\2004\~WRL2532.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Arrˆt‚ de campagne\2004\~WRL3656.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\CONSEIL DE DEVELOPPEMENT\040504 ASSEMBLEE GENERALE\~WRL0443.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\CONSEIL DE DEVELOPPEMENT\040504 ASSEMBLEE GENERALE\~WRL0662.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\CONSEIL DE DEVELOPPEMENT\040504 ASSEMBLEE GENERALE\~WRL3320.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Gaz 2004\~WRL0753.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Gaz 2004\~WRL1032.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Gaz 2004\~WRL1476.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Gaz 2004\~WRL1580.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Gaz 2004\~WRL3129.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Hiver2004\~WRL1084.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Hiver2004\Fins Bois\JARNAC\~WRL1175.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\Hiver2004\SEGONZAC\R‚union publique\~WRL2226.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2004\INAO 2004\CRINAO Renouvellement 2004\~WRL3521.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\050531 ASSEMBLEE GENERALE\~WRL1725.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\050531 ASSEMBLEE GENERALE\~WRL2130.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\051213 Ap‚ritif BRETON\~WRL0001.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\2005 CONSEILS D'ADMINISTRATION\050530\~WRL2184.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\2005 CONSEILS D'ADMINISTRATION\050908\~WRL3697.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\2005 Ouverture cr‚dit\~WRL0001.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\ELECTIONS 2005\~WRL0001.tmp
C:\S.G.V. COGNAC\ARCHIVES\ARCHIVES 2005\R‚unions vendanges 2005-2006\~WRL1085.tmp
C:\S.G.V. COGNAC\ASSEMBLEE GENERALE\~WRL0003.tmp
C:\S.G.V. COGNAC\ASSEMBLEE GENERALE\~WRL1201.tmp
C:\S.G.V. COGNAC\ASSEMBLEE GENERALE\~WRL2119.tmp
C:\S.G.V. COGNAC\ASSEMBLEE GENERALE\~WRL2880.tmp
C:\S.G.V. COGNAC\Calcul QNV\~WRL0027.tmp
C:\S.G.V. COGNAC\Calcul QNV\~WRL0282.tmp
C:\S.G.V. COGNAC\Calcul QNV\~WRL3272.tmp
C:\S.G.V. COGNAC\CNAOC\~WRL3453.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL0261.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL0459.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL0671.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL1093.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL1187.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL1202.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL1713.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL2011.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL2112.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL2736.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL2795.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL2804.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL3818.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL3867.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL3896.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\Docs Divers ICPE\~WRL4070.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL0713.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL1096.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL1990.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL2455.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL2802.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL2817.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL3095.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL3259.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\~WRL4088.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSEMENT ET DISTILLERIES NOUVEAUX NON CLASSES\~WRL1165.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSEMENT ET DISTILLERIES NOUVEAUX NON CLASSES\~WRL1322.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSEMENT ET DISTILLERIES NOUVEAUX NON CLASSES\~WRL1668.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSEMENT ET DISTILLERIES NOUVEAUX NON CLASSES\~WRL1984.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSEMENT ET DISTILLERIES NOUVEAUX NON CLASSES\~WRL2019.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSEMENT ET DISTILLERIES NOUVEAUX NON CLASSES\~WRL3102.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSMENT NOUVEAUX CLASSES\~WRL0174.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSMENT NOUVEAUX CLASSES\~WRL1417.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSMENT NOUVEAUX CLASSES\~WRL2971.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\CHAIS DE VIEILLISSMENT NOUVEAUX CLASSES\~WRL3811.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL0778.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL0829.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL1542.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL1754.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL2474.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL2763.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL3037.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL3169.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL3402.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL3541.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL3828.tmp
C:\S.G.V. COGNAC\COMMISSIONS\AFFAIRES JURIDIQUES\ICPE\REGLEMENTATION ICPE\INSTALLATIONS NOUVELLES\DISTILLERIES NOUVELLES CLASSEES\~WRL3984.tmp
C:\S.G.V. COGNAC\COMMISSIONS\COMMUNICATION\~WRL0001.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0192.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0471.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0483.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0646.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0676.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0686.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0801.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL0953.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL1494.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL1577.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL2029.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL2169.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL2485.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL2623.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL2700.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL2850.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL2865.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL3047.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL3172.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL3429.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL3488.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL3594.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL3696.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2006\~WRL4043.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2007\~WRL1831.tmp
C:\S.G.V. COGNAC\COTISATIONS\ADHESION 2007\~WRL2894.tmp
C:\S.G.V. COGNAC\Document Adeline\AFFECTATION ORDI\~WRL0200.tmp
C:\S.G.V. COGNAC\Document Adeline\AG\~WRL1435.tmp
C:\S.G.V. COGNAC\Document Adeline\AG\~WRL1908.tmp
C:\S.G.V. COGNAC\Document Adeline\AG\~WRL2592.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\~WRL0013.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\~WRL1289.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL0248.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL0455.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL0466.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL0915.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL1023.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL1152.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL1427.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL1976.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL2442.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL2572.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL3008.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL3533.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL3562.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL3625.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL3723.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL3799.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL3914.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2006\~WRL4000.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\~WRL1487.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\~WRL3243.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø36 SPECIAL AG MAI\~WRL0002.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø36 SPECIAL AG MAI\~WRL1730.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø36 SPECIAL AG MAI\~WRL2184.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø36 SPECIAL AG MAI\~WRL2330.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø36 SPECIAL AG MAI\~WRL3048.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø37 JUIN\~WRL1179.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL0009.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL0241.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL0259.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL1179.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL1413.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL1473.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL1641.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL1917.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL2373.tmp
C:\S.G.V. COGNAC\INFOS SGV\BULLETINS D'INFORMATION\BI 2007\Nø38 JUILLET\~WRL2578.tmp
C:\S.G.V. COGNAC\INFOS SGV\DELEGUES INFOS\~WRL2200.tmp
C:\S.G.V. COGNAC\INFOS SGV\DELEGUES INFOS\~WRL2249.tmp
C:\S.G.V. COGNAC\INFOS SGV\DELEGUES INFOS\~WRL2509.tmp
C:\S.G.V. COGNAC\ODG\Convocation\~WRL0020.tmp
C:\S.G.V. COGNAC\PRESSE\COMMUNIQUES DE PRESSE\~WRL4020.tmp
C:\S.G.V. COGNAC\PRESSE\REVUES DE PRESSE\REVUES DE PRESSE 2006\Articles\~WRL1548.tmp
C:\S.G.V. COGNAC\PRIX 2006-2007\2006\Action Prix 2006\~WRL2595.tmp
C:\S.G.V. COGNAC\PRIX 2006-2007\Travaux GT Prix 2007\~WRL0001.tmp
C:\S.G.V. COGNAC\REUNIONS DIVERSES\R‚unions 2006\R‚unions vendanges 2006-2007\~WRL2237.tmp
C:\S.G.V. COGNAC\REUNIONS DIVERSES\R‚unions 2006\R‚unions vendanges 2006-2007\~WRL2769.tmp
C:\S.G.V. COGNAC\SALARIES\ARCHIVES\Salari‚s 2006\RECRUTEMENT\D‚part BenoŒt\~WRL2085.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\~WRL3629.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\Contrat Plan Etat R‚gion\2004\~WRL0542.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\Contrat Plan Etat R‚gion\2005\~WRL0542.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\Subventions 2004\Conseil R‚gional Poitou-Charentes\~WRL1876.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\Subventions 2004\Conseil R‚gional Poitou-Charentes\~WRL2646.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\Subventions 2006\~WRL1056.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\Subventions 2006\~WRL2193.tmp
C:\S.G.V. COGNAC\SUBVENTIONS\Subventions 2006\~WRL3419.tmp
C:\S.G.V. COGNAC\VINIFRANCE\~WRL1735.tmp
C:\S.G.V. COGNAC\VINIFRANCE\~WRL2255.tmp
C:\S.G.V. COGNAC\VINIFRANCE\~WRL2703.tmp

Finished

RAPPORT CLEAN ZIP

12/07/2007 a 11:41:34,84

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

IMPOSSIBLE DE FAIRE UN SCAN AVEC BITDEFENDER = ERREUR INTERNET EXPLORER !!! demande si je veux envoyer le rapoort d'erreur à windows

le scan avec panda est négatif : pas de virus

RAPPORT HIAJCKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 14:31:56, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\sgv\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe"
O4 - HKLM\..\Run: [PDFConverterReminder] "C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\EReg.exe" -r "C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\ereg.ini"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
C:\WINDOWS\system32\wscntfy.exe
ca j'ai un doute ca pourrait etre un troyen banker

----------
# Téléchargez eScan Antivirus Toolkit (mcerci malekal!)

https://www.malekal.com/tutorial-escan-antivirus-toolkit/

# Installez eScan Antivirus Toolkit dans le dossier : C:\Kaspersky
# Ouvrez le dossier C:\Kaspersky et double-cliquez sur kavupd.exe pour le mettre à jour

# Cochez les options comme indiquées sur cette page

https://www.malekal.com/fichiers/eScan/eScan3.png

# Cliquez Scan Clean pour démarrer le scan et laissez le scan se faire jusqu'au bout.
# Afin de supprimer toutes traces du spyware et d'autres élements qu'il aurait pu installer

---------

scan et colle le rapport blacklight

http://www.malekal.com/tutorial_f-secure_BlackLight.php

------------

AVG antispyxare

https://www.01net.com/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

-----------
rescanne avec symantec (norton en ligne comme tu as du faire au depart) ou scan avec avast pour confirmer qu'il y a plus rien .

------------

recolle hijackthis

-------------

par la suite

sinon pour te proteger:

pour proteger gratos ton ordi

mettre un antivirus

AVAST en francais est tres bien et un des seul...
-------------
des antiespions:
AD AWARE + SPYBOT + WINDOWS DEFENDER (en anglais mais agit seul...)

+/-
SPYWAREBLASTER pour immuniser le systeme contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
celui de windows ou mieux ZONE ALARM (mettre que le parefeu gratuit)

-----------

CCLEANER pour effacer les traces de surf
0

Discussions similaires

symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Que veut dire Msn
LoOuiiZee -
Bikadu75 -

4 réponses
signification de MSN
noisette2008 -
ysis -

6 réponses
Comment insérer correctement des caractères spéciaux ou émojis ?
Lia -
Cct -

45 réponses