Trojan win32: obfuscated comment l'enlever?

mia2lr -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,
j'ai un virus trojan win32: obfuscated détecté par mon anti virus avast, mais jai toujours des problemes sur mon ordi..
voici un rapport hijack
merci de votre aide

Logfile of HijackThis v1.99.1
Scan saved at 18:16:20, on 20/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office10\msohtmed.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Microsoft BIOS Drivers - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (yyyoeetzy16) - Unknown owner - C:\WINDOWS\System32\dior4f41427711.exe (file missing)
Configuration: Windows XP
Internet Explorer 6.0

20 réponses

  1. YagamiRaito Messages postés 20 Date d'inscription   Statut Membre
     
    Salut a toi et mort aux c---!

    Desinstalle avast (avast ce n'est plus ce que c'etait).
    Ex (parmit beaucoup d'autres):
    http://forum.malekal.com/ftopic3528.php
    Une fois avast desinstallé, passe un coup de Ccleaner (fait attention de ne pas effacer le contenu de ta poubelle,il te sera demandé ce que tu veut nettoyer (regarde bien) decoche la case qui correspond a ta poubelle).
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    Installe antivir, mise à jour, et scan.
    https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
    Tutorial:
    http://tutopat.hostonet.org/viewtopic.php?t=72

    Fixe cette ligne pour commencer, c'est un espion installé automatiquement avec java.
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    A chaque mise a jour ou installation de java tu devra la refixer.

    Execute avg antispy, spybot, et counterspy:
    https://www.01net.com/telecharger/
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/31393.html
    Mises a jour et scans

    Tu as un mur de feu c'est tres bien c'est meme excellent la grande majorité des internautes n'en n'ont pas (si celui de windows autant dire qu'il n'y a rien), mais tu n'a pas d'antispy les 3 liens ci dessus vont y remedier efficacement.
    Les trojans servent a faire venir des espions (spy), donc a moins que les sacns ne trouvent rien (peu probable) reposte un rapport une fois qu'ils les scans executés (sa va m'alleger la lecture du rapport et puis surtout je sait pas ce qui va etre éleminé et a qu'elle ligne sa correspond, je connait pas tout par coeur lol).
    Hijackthis doit etre renomé avant son utilisation (pour eviter que certaines infections passent a travers le scan, vundo notament) un nom au hasard peu importe.
    0
  2. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir

    et celle ci elle est bonne tu crois ?
    O23 - Service: Print Spooler Service (yyyoeetzy16) - Unknown owner - C:\WINDOWS\System32\dior4f41427711.exe (file missing)
    0
  3. YagamiRaito Messages postés 20 Date d'inscription   Statut Membre
     
    Je n'est pas tous regardé vu que je sait pas quelles lignes correspondent aux betises que les antispy vont retirer.
    Mais en principe, en effet je te l'accorde largement "(file missing)" ce n'est pas bon signe...
    La ligne 09 console java sun, c'est un reflexe de la regarder car elle presque toujours la, c'est ainsi que j'ai ecrit:"reposte un rapport une fois qu'ils les scans executés"
    0
  4. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    la ligne 09 n'est pas un ESPION, faut pas exagérer non + toutes les lignes 09 sont donc des espions ?

    pourquoi ne pas faire fixer les autres alors ?

    les lignes 09
    O9 List of Extra Internet Explorer Buttons
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. YagamiRaito Messages postés 20 Date d'inscription   Statut Membre
     
    CLSID Status Name Description
    08B0E5C0-4FCB-11CF-AAA5-00401C608501 L Sun Java Console Related to Sun Java
    08B0E5C0-4FCB-11CF-AAA5-00401C608501 X Console Java (Sun) Reported as Adware.Duncan.34 by Dr.Web

    Ca c'est un extrait de chez CASTLECOPS , SUIS PAS UN GENIE C'EST SUR MAIS C'EST CERTAIN "CONSLE JAVA (SUN)" EST A FIXER AUTOMATIQUEMENT! C'EST TOUT LE TEMPS PAREIL! SA RATE PAS!
    Il faut que j'aille sur Dr.Web pour l'extrait comme quoi c'est un espion? Ou t'est rassurée? Cela dit on n'est jamais mieut servi que par soit meme, bon surf.
    0
  7. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour

    tu me fais bien marrer tiens, alors castelcops parlons en
    si tu te rends ici
    http://www.castlecops.com/O9.html

    tu peux donc voir 2 lignes avec exactement la même clsid
    08B0E5C0-4FCB-11CF-AAA5-00401C608501 L Sun Java Console Related to Sun Java
    08B0E5C0-4FCB-11CF-AAA5-00401C608501 X Console Java (Sun) Reported as Adware.Duncan.34 by Dr.Web

    alors comment expliques tu que l'une soit Légitime et l'autre X à supprimer.
    Pourquoi ne pas faire supprimer java tout court alors et la 02 qui va avec....

    0
  8. mia2lr Messages postés 21 Statut Membre
     
    merci de votre aide!
    mais que veut dire fixe cette ligne?
    je suis entrain de telecharger antivir..
    et quel rapport vous desirez voir?celui de hijack ou des antispy, spybot, et counterspy?
    et je renomme ou hijack?je ne comprend pas?

    merci!!
    0
  9. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour mia2lr

    un tuto pour fixer les lignes
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    0
  10. YagamiRaito Messages postés 20 Date d'inscription   Statut Membre
     
    Salut ne fixe pas la 09 console java (sun), philae me fiche un doute ennuyeut.
    Non c'est le rapport hijackthis apres passage du scan antivir qui est conseillé dans la procedure "préhijackthis de zebulon".

    Phillae, sur le site de zebulon il y a un helpeur nomé "charles ingles" (c'est un tera extrem power menber de l'equipe de securité qui utilise casttle cops), suite a la lecture de quelqu'unes de ces desinfections, je me suis sentit en confiance avec casttlecops, mais tu me fiche une sensation desagreable :'(
    Snif.
    0
  11. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re
    Salut ne fixe pas la 09 console java (sun), philae me fiche un doute ennuyeut.


    on peut supprimer sans problèmes les lignes 09 de toutes façons, elles sont plus inutiles qu'autre chose. Je t'ai dit à quoi elles correspondaient.

    Non c'est le rapport hijackthis apres passage du scan antivir qui est conseillé dans la procedure "préhijackthis de zebulon".

    ICI on n'est pas chez ZEB à chacun sa méthode

    Phillae, sur le site de zebulon il y a un helpeur nomé "charles ingles" (c'est un tera extrem power menber de l'equipe de securité qui utilise casttle cops), suite a la lecture de quelqu'unes de ces desinfections, je me suis sentit en confiance avec casttlecops, mais tu me fiche une sensation desagreable :'(
    Snif.


    merci pour l'info, charles ingles, je le connais bien aussi et moi aussi j'utilise castelcops, mais regarde bien les 2 lignes sont différentes tout de même. Celles ci ne sont pas infectieuses.

    0
  12. mia2lr Messages postés 21 Statut Membre
     
    merci pour le tuto!

    alors voici le rapport de antivir:

    AntiVir PersonalEdition Classic
    Report file date: dimanche 21 octobre 2007 15:55

    Scanning for 897874 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 1) [5.1.2600]
    Username: SYSTEM
    Computer name: JB

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
    ANTIVIR2.VDF : 7.0.0.91 687104 Bytes 16/10/2007 13:54:08
    ANTIVIR3.VDF : 7.0.0.112 188416 Bytes 20/10/2007 13:54:08
    AVEWIN32.DLL : 7.6.0.27 3019264 Bytes 21/10/2007 13:54:09
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 21 octobre 2007 15:55

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'livecall.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'emule.exe' - '1' Module(s) have been scanned
    Scan process 'MySpaceIM.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'MXOALDR.EXE' - '1' Module(s) have been scanned
    Scan process 'OneTouch.exe' - '1' Module(s) have been scanned
    Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    35 processes with 35 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '25' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'

    End of the scan: dimanche 21 octobre 2007 16:26
    Used time: 31:17 min

    The scan has been done completely.

    5048 Scanning directories
    197383 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    197383 Files not concerned
    902 Archives were scanned
    1 Warnings
    0 Notes

    j'ai fixé la ligne java demandée.
    je scan mon pc avec les 3 antispy que vous m'avais demandé.

    rapport avg anti spyware:
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 17:13:36 21/10/2007

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{A6A494A6-BAAF-4BD0-8C81-1863AE72E1B4}\RP228\A0033634.exe -> Adware.Casino : Nettoyé.
    C:\System Volume Information\_restore{A6A494A6-BAAF-4BD0-8C81-1863AE72E1B4}\RP228\A0033644.exe -> Adware.Casino : Nettoyé.
    C:\Documents and Settings\julie.JB\Cookies\julie@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\julie.JB\Cookies\julie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\julie.JB\Cookies\julie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\julie.JB\Cookies\julie@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.

    Fin du rapport

    Ensuite le rapport de spybot je n'arrive pas a le copier, je vais donc vs faire un resumé, il a trouvé 15 elements problematiques qu'il a supprimé, surtout de microsoft windows security center.je ne sais pas quoi dire de plus c'est long de reecrire tout..dites moi si vous en avez besoin en detail..

    le rapport de conterspy:

    Scan History Details
    Start Date: 21/10/2007 18:15:08
    End Date: 21/10/2007 18:50:23
    Total Time: 35 Min 15 Sec
    Detected security risks

    Cookie: Weborama Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\julie.jb\cookies\julie@weborama[1].txt

    TitanPoker Potentially Unwanted Program more information...
    Details: TitanPoker is an online casino game that requires a software download to the user's machine.
    Status: Deleted

    Registry entries detected
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\floatingchat
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\floatingchat
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\floatingchat
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\floatingchat
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\floatingchat
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\ju2lr
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\ju2lr
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\lobby_favouritegames
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\lobby_favouritegames
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962\QuickSearch
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER\TTR59326962
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\TITAN POKER

    BSplayer Adware Bundler more information...
    Details: BSplayer is bundle with WhenU Save. You cannot even run the software without WhenU Save.
    Status: Ignored

    Files detected
    C:\DOCUMENTS AND SETTINGS\julie.JB\APPLICATION DATA\BSplayer\bslib\BSPMLIB.DAT
    C:\DOCUMENTS AND SETTINGS\julie.JB\APPLICATION DATA\BSplayer\BSplayer.xml
    C:\DOCUMENTS AND SETTINGS\julie.JB\APPLICATION DATA\BSplayer\bsplist.bsl
    C:\DOCUMENTS AND SETTINGS\julie.JB\APPLICATION DATA\BSplayer\EQ.xml
    C:\DOCUMENTS AND SETTINGS\julie.JB\MENU DéMARRER\PROGRAMMES\Webteh\BSplayer.lnk
    C:\DOCUMENTS AND SETTINGS\julie.JB\MENU DéMARRER\PROGRAMMES\Webteh\Uninstall BSplayer.lnk
    C:\PROGRAM FILES\Webteh\BSplayer\bplay.exe
    C:\PROGRAM FILES\Webteh\BSplayer\bslib\bslib.dll
    C:\PROGRAM FILES\Webteh\BSplayer\bslib\BSPMLIB.DAT
    C:\PROGRAM FILES\Webteh\BSplayer\bspfilters.sam
    C:\PROGRAM FILES\Webteh\BSplayer\bsplay.exe
    C:\PROGRAM FILES\Webteh\BSplayer\bsplayer.exe
    C:\PROGRAM FILES\Webteh\BSplayer\bsplayer.exe.manifest
    C:\PROGRAM FILES\Webteh\BSplayer\BSplayer.julie.xml
    C:\PROGRAM FILES\Webteh\BSplayer\bsrendv2.dll
    C:\PROGRAM FILES\Webteh\BSplayer\changes.txt
    C:\PROGRAM FILES\Webteh\BSplayer\doc\cmdline.txt
    C:\PROGRAM FILES\Webteh\BSplayer\doc\ini_files.html
    C:\PROGRAM FILES\Webteh\BSplayer\EQ.xml
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Arabic.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Arabic2.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Belarussian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Bosanski.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Brazilian_Portuguese.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Brezhoneg.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Bulgarian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Català .lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Czech.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Danish.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Deutsch.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Eesti.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\English.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Esperanto.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Euskara.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Euskera.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Finnish.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Français.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Galego.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Greek.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Hebrew.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Hebrew2.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Hrvatski.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Italiano.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\lang_changes.txt
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Latvian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Lithuanian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\magyar.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Makedonski.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Nederlands.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Norsk.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Polski.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Portugues.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Romanian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Russian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Serbian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Simplified_Chinese.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Slovenski.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Slovenèina.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Spanish.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Srpski.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Swedish.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Traditional_Chinese.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Turkish.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Ukrainian.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Uzbek.lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Valencià .lng
    C:\PROGRAM FILES\Webteh\BSplayer\lang\Èesky.lng
    C:\PROGRAM FILES\Webteh\BSplayer\Media\Siddharta_-_Play_With_Me.mp3
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\bsp.h
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\bsp.pas
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\bspplg.h
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\bspplg.pas
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.def
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsp
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsw
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\Sample\sampleplugin.c
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.c
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.def
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsp
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsw
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\Delphi\sample\sample_plugin.dpr
    C:\PROGRAM FILES\Webteh\BSplayer\sdk\plugins\Delphi\sample_subtitles\sample_sub.dpr
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\abd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\abn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\abu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\actaspbg.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\actsubbg.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\actsubpbg.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\actvolbg.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b1n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b1u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b2n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b2u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b3a.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b3d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b3n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b3u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b4a.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b4d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b4n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b4u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b5a.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b5d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b5n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b5u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b6n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b7n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b8.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\b8n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\balbtnn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btn_dn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btn_ln.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btn_rn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btn_un.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btncolorn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btngrp1bg.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btnmenun.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\btnmenuu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\eq.ini
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\eqbtn1a.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\eqbtn1n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\eqbtn2n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\eqbtn2u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\eqbtnn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\eqmain.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn1n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn1u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn2n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn2u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn3n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn3u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn4n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exabtn4u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exaudioa.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exaudion.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exaudiou.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn1n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn1u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn2n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn2u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn3n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn3u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn4n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdbtn4u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdvda.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdvdn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exdvdu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exitd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exitn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exitu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exradioa.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exradion.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exradiou.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\extbg.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\extva.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\extvn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\extvu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn1a.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn1n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn2n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn2u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn3n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn3u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn4n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn4u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn5n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn5u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn6n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn6u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn7n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn7u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn8n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvbtn8u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvideoa.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvideon.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\exvideou.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fforn.BMP
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\frewn.BMP
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fs2n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fs2u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsactbg.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb1d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb1n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb1u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb2d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb2n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb2u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb3d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb3n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb3u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb4d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb4n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb4u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb5d.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb5n.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsb5u.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsmain.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsn.BMP
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsnextd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsnextn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsnextu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsopend.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsopenn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsopenu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fspaused.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fspausen.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fspauseu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsplayd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsplayn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsplayu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsprevd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsprevn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsprevu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsseek.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsstopd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsstopn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsstopu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\fsu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\grp2.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\main.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\minimize.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\minimized.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\minimizen.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\minimizeu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\mutea.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\muted.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\muten.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\muteu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\nchapn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\nchapu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\nextd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\nextn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\nextu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\opend.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\openn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\openu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\optn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\optu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\paused.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\pausen.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\pauseu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\pchapn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\pchapu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\playd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\playn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\playu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\plist.ini
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\prevd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\prevn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\prevu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\rgn.dat
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\rgnfs.dat
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\seek.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\skin.ini
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\skinfs.ini
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\stopd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\stopn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\stopu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\voldd.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\voldn.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\voldu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\volud.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\volume.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\volun.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Base\voluu.bmp
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\Bat lite.bsz
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\BSplayer.v1.bsz
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\mediaBOX v-1.bsz
    C:\PROGRAM FILES\Webteh\BSplayer\Skins\MediaBOX V-2.bsz
    C:\PROGRAM FILES\Webteh\BSplayer\uninstall.EXE
    C:\DOCUMENTS AND SETTINGS\JULIE.JB\APPLICATION DATA\BSPLAYER
    C:\DOCUMENTS AND SETTINGS\JULIE.JB\APPLICATION DATA\BSPLAYER\BSLIB
    C:\DOCUMENTS AND SETTINGS\JULIE.JB\MENU DéMARRER\PROGRAMMES\WEBTEH
    C:\PROGRAM FILES\WEBTEH
    C:\PROGRAM FILES\WEBTEH\BSPLAYER
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\BSLIB
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\DOC
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\LANG
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\MEDIA
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\PLUGINS
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK\PLUGINS
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK\PLUGINS\C
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK\PLUGINS\C\SAMPLE
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK\PLUGINS\C\SAMPLE_SUBTITLES
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK\PLUGINS\DELPHI
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK\PLUGINS\DELPHI\SAMPLE
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SDK\PLUGINS\DELPHI\SAMPLE_SUBTITLES
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SKINS
    C:\PROGRAM FILES\WEBTEH\BSPLAYER\SKINS\BASE

    Registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BSPLAYER1
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BSPLAYER1
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BSPLAYER1
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\BST
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\BST\bsplayerv1
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\BST\bsplayerv1
    HKEY_USERS\S-1-5-21-1957994488-179605362-1417001333-1003\SOFTWARE\BST\bsplayerv1

    et pour finir hijack rapport:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:53:10, on 21/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Microsoft BIOS Drivers - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Print Spooler Service (yyyoeetzy16) - Unknown owner - C:\WINDOWS\System32\dior4f41427711.exe (file missing)

    voila jespere que jai tout fait comme il fallait...
    merci de votre aide
    0
  13. mia2lr Messages postés 21 Statut Membre
     
    j'avais pas renommé hijack avant de refair un scan..voici donc le rapport hijack apres lavoir renommé...

    Logfile of HijackThis v1.99.1
    Scan saved at 18:55:59, on 21/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\HijackThis\rename.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Microsoft BIOS Drivers - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Print Spooler Service (yyyoeetzy16) - Unknown owner - C:\WINDOWS\System32\dior4f41427711.exe (file missing)
    0
  14. mia2lr Messages postés 21 Statut Membre
     
    je n'ai plus de nouvelles...et mon ordinateur est toujours infecté, puisque j'ai des problemes de lenteur et certaines pages internet sont en tres gros caractéres, et depuis aujourdhui il ne veut plus ouvrir messenger...
    jave ma demandé de faire des mises a jour que je viens de faire; dois je refixer la ligne que j'ai deja fixé ce week end a votre demande?

    merci de m'aider
    0
  15. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    on continue

    Démarrer "Exécuter…" puis Tape "services.msc" et valide par OK
    la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.

    Print Spooler Service (yyyoeetzy16)
    et le chemin
    C:\WINDOWS\System32\dior4f41427711.exe

    - Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
    - Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
    - Puis clique sur Arrêter
    - Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
    - valide la modification par OK
    - Ferme la fenêtre des Services.

    puis

    Ouvre Hijackthis
    Main Menu
    Open the Misc Tools section
    Onglet Misc Tools
    Delete an NT service et entre dans l'invite de commande
    Print Spooler Service
    valide

    puis

    * lance hijackthis "do a system scan only" puis coche ces lignes :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O23 - Service: Print Spooler Service (yyyoeetzy16) - Unknown owner - C:\WINDOWS\System32\dior4f41427711.exe (file missing)

    * toutes applications fermées et hors connexion, clique sur fix checked

    puis

    * Assure toi d'avoir accès à tous les fichiers

    -démarrer

    -poste de travail ou autre dossier

    -menu outils

    -options de dossier

    -onglet affichage

    puis

    - activer la case : Afficher les fichiers et dossiers cachés

    - désactiver la case : Masquer les extensions des fichiers dont le type est connu

    - désactiver la case : Masquer les fichier protégés du système d'exploitation

    Puis - Appliquer

    * et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :

    C:\WINDOWS\System32\dior4f41427711.exe

    * Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système

    puis

    * Fait un scan antivirus en ligne Panda et copie colle le résultat ici
    https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    (avec Internet Explorer et désactive ton Antivirus pendant le scan)

    * tuto en image
    http://pageperso.aol.fr/loraline60/panda_scan.htm

    poste également un nouveau rapport hijackthis
    0
  16. mia2lr Messages postés 21 Statut Membre
     
    merci!!ça devient la catha!!

    1er probleme: Print Spooler Service (yyyoeetzy16) le chemin C:\WINDOWS\System32\dior4f41427711.exe est plus long apres exe\service

    2eme probleme: Delete an NT service et entre dans l'invite de commande : Print Spooler Service
    mais apres avoir fait ca une fenetre s'ouvre et me dit"service print spooler service not found in the registry, make sure you entered the short name of the service.,vbexclamation

    dois je qd meme cocher les case ds l'analyse hijack ensuite ou faire autre chose?

    merci
    0
  17. mia2lr Messages postés 21 Statut Membre
     
    jai fait un scan only avec hijack et il manque 2 lignes que vous vouliez que j'efface:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O23 - Service: Print Spooler Service (yyyoeetzy16) - Unknown owner - C:\WINDOWS\System32\dior4f41427711.exe (file missing)
    0
  18. mia2lr Messages postés 21 Statut Membre
     
    j'ai supprimé ds le rapport hijack les lignes demandées, sauf les 2 qui n'apparaissent pas..
    il n'y avait pas de fichier C:\WINDOWS\System32\dior4f41427711.exe

    j'ai lancé un scan anec panda, voici le rapport:

    Incident Status Location

    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\julie.JB\Cookies\julie@adserver.easyad[1].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\julie.JB\Cookies\julie@adtech[1].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\julie.JB\Cookies\julie@advertising[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\julie.JB\Cookies\julie@xiti[1].txt

    et rapport hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:31:51, on 24/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\rename.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Microsoft BIOS Drivers - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

    voila...
    jai msn qui ne marche plus...je l'ai desinstallé.
    0
  19. mia2lr Messages postés 21 Statut Membre
     
    antivir vient de detecter un virus
    Virus or unwanted program 'W95/Blumblebee.1738 [W95/Blumblebee.1738]'
    detected in file 'C:\WINDOWS\system32\ActiveScan\pskavs.dll.
    Action performed: Delete file

    je l'ai supprimé
    0
    1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
       
      bonsoir

      Virus or unwanted program 'W95/Blumblebee.1738 [W95/Blumblebee.1738]'
      detected in file 'C:\WINDOWS\system32\ActiveScan\pskavs.dll.
      Action performed: Delete file 


      ce n'est rien, c'est juste qu'antivir et panda ne s'aime pas, rien de plus. ne t'inquiète pas
      0
  20. mia2lr Messages postés 21 Statut Membre
     
    je viens d'avoir une autre alerte d'antivir:

    Virus or unwanted program 'W95/Blumblebee.1738 [W95/Blumblebee.1738]'
    detected in file 'C:\System Volume Information\_restore{A6A494A6-BAAF-4BD0-8C81-1863AE72E1B4}\RP269\A0039516.dll.
    Action performed: Delete file
    0
  21. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir

    la suite logique, tu l'as delete tout à l'heure, il est actuellement dans ta restauration système, mais je te répondrais la même chose, ne t'inquiète pas ce n'est pas un virus, juste une incompatibilité d'humeur entre antivir et panda (puisque tu as fait un scan chez panda)

    ceci dit, ras dans le rapport de panda.

    ras dans ton dernier rapport hijackthis
    pour msn je ne sais pas pourquoi il ne fonctionne pas.

    encore d'autres problèmes ?
    0