Réapparition du virus WIN32.Agent.pz
JACORLE
Messages postés
10
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je viens de constater la réapparition du virus Win32.Agent.pz détecté en passant la recherche de SPYBOT , alors que nous l'avions supprimé la semaine derniére ,hélas il n'est pas possible de le détruire ou de le mettre en quarantaine , de plus les temps sont devenus très longs connection internet , appel de WORD ...etc ...
Voici un rapport HJACKTHIS le système est WINDOWS 2000 PRO en permanence tournent sur ce PC SPYBOT-SD ainsi que AVG Anti-Spyware 7,5 et AVAST de plus je passe aussi régulièrement AD-AWARE 2007 qui ne détecte rien .
Quelqu'un peut-il m'aider pour supprimer ce virus et faire retrouver la vitesse normale de ce PC.
Merci
+++++++++++++++++++++++++++++++++++++++
SPYBOT indique 1 problème détecté (37 :04)
+++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:30, on 18/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
Je viens de constater la réapparition du virus Win32.Agent.pz détecté en passant la recherche de SPYBOT , alors que nous l'avions supprimé la semaine derniére ,hélas il n'est pas possible de le détruire ou de le mettre en quarantaine , de plus les temps sont devenus très longs connection internet , appel de WORD ...etc ...
Voici un rapport HJACKTHIS le système est WINDOWS 2000 PRO en permanence tournent sur ce PC SPYBOT-SD ainsi que AVG Anti-Spyware 7,5 et AVAST de plus je passe aussi régulièrement AD-AWARE 2007 qui ne détecte rien .
Quelqu'un peut-il m'aider pour supprimer ce virus et faire retrouver la vitesse normale de ce PC.
Merci
+++++++++++++++++++++++++++++++++++++++
SPYBOT indique 1 problème détecté (37 :04)
+++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:30, on 18/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
A voir également:
- Réapparition du virus WIN32.Agent.pz
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
18 réponses
slt,
desactive le tea timer de spybot le temps des scans:
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
______________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________
installe un parefeu si tu n'en as pas:
KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
______________________
navigue avec firefox:
http://www.mozilla-europe.org/fr/products/firefox/
______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
________________________
recolle un rapport hijackhtis et dis tes soucis
desactive le tea timer de spybot le temps des scans:
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
______________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________
installe un parefeu si tu n'en as pas:
KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
______________________
navigue avec firefox:
http://www.mozilla-europe.org/fr/products/firefox/
______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
________________________
recolle un rapport hijackhtis et dis tes soucis
Bonjour,
Suite à vos recommandations voici les différents états sortis , je constate toujours des temps de réponses de plus en plus longs pour tout travail :
Appels de Word , temps de réponses sur connection internet , l’on constate à l’initialisation du réseau que l’on commence par envoyer mais qu’il faut beaucoup de temps pour recevoir.
J'ai relancé un SPYBOT option vérif et le virus WIN32 Agent PZ figure toujours .
JETICO a été installé mais le paramétrage me semble un peu compliqué .Pouvez-vous m’aider sur ce point ?
FIREFOX a été installé mais des erreurs de chargement se produisent en permanence du type ( SERVEUR INTROUVABLE Firefox ne peut trouver le serveur à l'adresse www.cic-sicav.fr ) par exemple
rendant le produit presque inutilisable , Pouvez-vous aussi m’aider sur ce point ?
Merci par avance .
+++++++++ HIJACKTHIS ++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:50, on 18/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
Suite à vos recommandations voici les différents états sortis , je constate toujours des temps de réponses de plus en plus longs pour tout travail :
Appels de Word , temps de réponses sur connection internet , l’on constate à l’initialisation du réseau que l’on commence par envoyer mais qu’il faut beaucoup de temps pour recevoir.
J'ai relancé un SPYBOT option vérif et le virus WIN32 Agent PZ figure toujours .
JETICO a été installé mais le paramétrage me semble un peu compliqué .Pouvez-vous m’aider sur ce point ?
FIREFOX a été installé mais des erreurs de chargement se produisent en permanence du type ( SERVEUR INTROUVABLE Firefox ne peut trouver le serveur à l'adresse www.cic-sicav.fr ) par exemple
rendant le produit presque inutilisable , Pouvez-vous aussi m’aider sur ce point ?
Merci par avance .
+++++++++ HIJACKTHIS ++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:50, on 18/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
analyse sur virus total ces deux fichiers et colle le rapport: https://www.virustotal.com/gui/
C:\WINNT\SYSTEM32\Userinit.exe
C:\WINNT\system32\ntos.exe
________________________
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
C:\WINNT\SYSTEM32\Userinit.exe
C:\WINNT\system32\ntos.exe
________________________
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
Vous demandez de passer dans VIRUTOTAL.COM les fichiers :
C:\WINNT\SYSTEM32\Userinit.exe
C:\WINNT\system32\ntos.exe CELUI-CI N'EXITE PAS QUE FAIT-ON
Merci
Vous demandez de passer dans VIRUTOTAL.COM les fichiers :
C:\WINNT\SYSTEM32\Userinit.exe
C:\WINNT\system32\ntos.exe CELUI-CI N'EXITE PAS QUE FAIT-ON
Merci
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
Bonjour,
Voici le rapport du lancement demandé .
Search Navipromo version 3.3.8 commencé le mer. 19/12/2007 à 8:34:40,57
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows 2000 [Version 5.00.2195]
Internet Explorer : 6.0.2800.1106
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINNT ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\application data" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINNT\system32 *
* Recherche dans "C:\Documents and Settings\Administrateur\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINNT\system32 :
* Dans "C:\Documents and Settings\Administrateur\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le mer. 19/12/2007 à 8:36:55,20 ***
Voici le rapport du lancement demandé .
Search Navipromo version 3.3.8 commencé le mer. 19/12/2007 à 8:34:40,57
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows 2000 [Version 5.00.2195]
Internet Explorer : 6.0.2800.1106
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINNT ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\application data" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINNT\system32 *
* Recherche dans "C:\Documents and Settings\Administrateur\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINNT\system32 :
* Dans "C:\Documents and Settings\Administrateur\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le mer. 19/12/2007 à 8:36:55,20 ***
analyse ce fichier sur virus total et colle le rapport
C:\WINNT\SYSTEM32\Userinit.exe
__________________
quel fichier est infecté selon spybot?
_________________
remplace avast par antiivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
C:\WINNT\SYSTEM32\Userinit.exe
__________________
quel fichier est infecté selon spybot?
_________________
remplace avast par antiivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
Bonjour,
Voici les logs des demandes de ce matin , ils ont déjà été envoyés en fin de matinée mais je ne suis pas sur que vous les ayez recu compte tenu des difficultés que j'ai avec internet.
Merci d'avance pour ce que vous ferz pour moi.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Voici le résultat spybot Les effacements du virus sont sans effets
--- Search result list ---
Win32.Agent.pz: [SBI $B40811A5] Réglages (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=...C:\WINNT\system32\ntos.exe,...
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-18 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-12-12 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-12-12 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-12-12 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-12-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-12-12 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-12-12 Includes\PUPSC.sbi (*)
2007-12-12 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-12-12 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-12-12 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2007-12-12 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows 2000 (Build: 2195) Service Pack 4 (5.0.2195)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 5.01 / SP4: Correctif Windows 2000 - KB890923
/ Internet Explorer 6 / SP1: Correctif Windows 2000 - KB890923
/ Internet Explorer 6 / SP1: Correctif Windows 2000 - KB896688
/ Internet Explorer 6 / SP1: Correctif Windows 2000 - KB905495
/ Outlook Express 6 / SP1: Correctif Windows 2000 - KB887797
/ Outlook Express 6 / SP1: Correctif Windows 2000 - KB897715
/ Windows 2000 / SP5: Correctif Windows 2000 - KB329115
/ Windows 2000 / SP5: Correctif Windows 2000 (SP5) KB820888
/ Windows 2000 / SP5: Correctif Windows 2000 - KB822831
/ Windows 2000 / SP5: Correctif Windows 2000 - KB823182
/ Windows 2000 / SP5: Correctif Windows 2000 - KB823559
/ Windows 2000 / SP5: Correctif Windows 2000 - KB824105
/ Windows 2000 / SP5: Correctif Windows 2000 - KB825119
/ Windows 2000 / SP5: Correctif Windows 2000 - KB826232
/ Windows 2000 / SP5: Correctif Windows 2000 - KB828035
/ Windows 2000 / SP5: Correctif Windows 2000 - KB828741
/ Windows 2000 / SP5: Correctif Windows 2000 - KB828749
/ Windows 2000 / SP5: Correctif Windows 2000 - KB835732
/ Windows 2000 / SP5: Correctif Windows 2000 - KB837001
/ Windows 2000 / SP5: Correctif Windows 2000 - KB839645
/ Windows 2000 / SP5: Correctif Windows 2000 - KB840315
/ Windows 2000 / SP5: Correctif Windows 2000 - KB840987
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841356
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841533
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841872
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841873
/ Windows 2000 / SP5: Correctif Windows 2000 - KB842526
/ Windows 2000 / SP5: Correctif Windows 2000 - KB842773
/ Windows 2000 / SP5: Correctif Windows 2000 - KB871250
/ Windows 2000 / SP5: Correctif Windows 2000 - KB873333
/ Windows 2000 / SP5: Correctif Windows 2000 - KB873339
/ Windows 2000 / SP5: Correctif Windows 2000 - KB885250
/ Windows 2000 / SP5: Correctif Windows 2000 - KB885835
/ Windows 2000 / SP5: Correctif Windows 2000 - KB885836
/ Windows 2000 / SP5: Correctif Windows 2000 - KB888113
/ Windows 2000 / SP5: Correctif Windows 2000 - KB890046
/ Windows 2000 / SP5: Correctif Windows 2000 - KB890175
/ Windows 2000 / SP5: Correctif Windows 2000 - KB890859
/ Windows 2000 / SP5: Correctif Windows 2000 - KB891781
/ Windows 2000 / SP5: Correctif Windows 2000 - KB893066
/ Windows 2000 / SP5: Correctif Windows 2000 - KB893086
/ Windows 2000 / SP5: Correctif Windows 2000 - KB893756
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Correctif Windows 2000 - KB894320
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896358
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896422
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896423
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896424
/ Windows 2000 / SP5: Correctif Windows 2000 - KB899587
/ Windows 2000 / SP5: Correctif Windows 2000 - KB899589
/ Windows 2000 / SP5: Correctif Windows 2000 - KB900725
/ Windows 2000 / SP5: Correctif Windows 2000 - KB901017
/ Windows 2000 / SP5: Correctif Windows 2000 - KB901214
/ Windows 2000 / SP5: Correctif Windows 2000 - KB902400
/ Windows 2000 / SP5: Correctif Windows 2000 - KB905414
/ Windows 2000 / SP5: Correctif Windows 2000 - KB905749
/ Windows 2000 / SP5: Correctif Windows 2000 (SP5) Q818043
/ Windows 2000 / SP5: Correctif cumulatif 1 pour Windows 2000 SP4
/ Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
--- Startup entries list ---
Located: HK_LM:Run, AtiPTA
command: atiptaxx.exe
file: C:\WINNT\system32\atiptaxx.exe
size: 217088
MD5: 8117BF7F5F47D545116CA15C57C49315
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
file: C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
size: 188416
MD5: 2CEC0358AEAF3D34E7FAEE85ED55E9EB
Located: HK_LM:Run, JeticoPFStartup
command: "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
file: C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
size: 118784
MD5: 8A11E26D22C8870DE1BB99BFF0BC00D6
Located: HK_LM:Run, LTWinModem1
command: ltmsg.exe 9
file: C:\WINNT\system32\ltmsg.exe
size: 40960
MD5: 4D3F3641AA76A48964102856FD7B955F
Located: HK_LM:Run, Paramètres d'affichage HP
command: C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
file: C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe
size: 49152
MD5: F02A6D1C031A2B5D5DF96357599BE75E
Located: HK_LM:Run, PRPCMonitor
command: PRPCUI.exe
file: C:\WINNT\system32\PRPCUI.exe
size: 41984
MD5: E455054F3E7ECE02A2ED48CB4B3843E7
Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111888
MD5: 25927F36C86159F0D55288F4FED12D93
Located: HK_CU:Run, internat.exe
where: .DEFAULT...
command: internat.exe
file: C:\WINNT\system32\internat.exe
size: 20752
MD5: 406B12788886496BD299C3F9E5E310D0
Located: HK_CU:Run, internat.exe
where: S-1-5-21-357768600-1408136330-1119434989-500...
command: internat.exe
file: C:\WINNT\system32\internat.exe
size: 20752
MD5: 406B12788886496BD299C3F9E5E310D0
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-357768600-1408136330-1119434989-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: Démarrage (tous utilisateurs), NkbMonitor.exe.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
file: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
size: 118784
MD5: 70B9B7C5C5B3CDB1DF2E8DFB5DCC3B52
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://www.google.com/intl/fr/toolbar/ie/index.html
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 10/12/2007 08:21:14
Date (last access): 19/12/2007 12:01:04
Date (last write): 10/12/2007 08:21:14
Filesize: 2436160
Attributes: readonly archive
MD5: 6D44E0C3B43D27484FBB355E470C4188
CRC32: 2DE875CD
Version: 4.0.1601.4978
--- ActiveX list ---
{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\WINNT\Downloaded Program Files\CONFLICT.1\ascstubie.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
description:
classification: Legitimate
known filename: ascstubie.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\CONFLICT.1\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 21/08/2007 14:37:26
Date (last access): 19/12/2007 12:02:38
Date (last write): 21/08/2007 14:37:26
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINNT\Downloaded Program Files\CONFLICT.1\oscan8.inf
Codebase: http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\BDOSCAN8\
Long name: oscan82.ocx
Short name:
Date (created): 18/12/2007 13:50:34
Date (last access): 19/12/2007 12:02:38
Date (last write): 18/12/2007 13:50:34
Filesize: 471040
Attributes: archive
MD5: 44831C822EE63F579150C17FD7114115
CRC32: 34B5E163
Version: 1.0.0.1
{8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class)
DPF name:
CLSID name: NanoInstaller Class
Installer: C:\WINNT\Downloaded Program Files\nanoinst.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Path: C:\WINNT\Downloaded Program Files\
Long name: NanoInst.dll
Short name:
Date (created): 11/09/2007 13:49:28
Date (last access): 19/12/2007 11:24:42
Date (last write): 11/09/2007 13:49:28
Filesize: 38280
Attributes: archive
MD5: 4BEEB9E3A93CF218602A7A9AE21EDCA7
CRC32: FD77ABF2
Version: 2.2.0.5
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer: C:\WINNT\Downloaded Program Files\jinstall-6u3.inf
Codebase: http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 23:31:44
Date (last access): 19/12/2007 12:02:38
Date (last write): 25/09/2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38470.2346875
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 13:03:56
Date (last access): 19/12/2007 12:01:26
Date (last write): 10/11/2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 23:31:44
Date (last access): 19/12/2007 12:02:38
Date (last write): 25/09/2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 23:31:44
Date (last access): 19/12/2007 12:02:38
Date (last write): 25/09/2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINNT\Downloaded Program Files\swflash.inf
Codebase: http://active.macromedia.com/flash5/cabs/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 13:38:56
Date (last access): 19/12/2007 12:02:38
Date (last write): 27/08/2005 13:38:56
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0
{D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control)
DPF name:
CLSID name: RteDocumatDoc Control
Installer: C:\WINNT\Downloaded Program Files\RteAllCabs.inf
Codebase: http://cabs.rte.fr/RteAllCabsMFC.cab
description:
classification: Open for discussion
known filename: RteDoc.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\DOWNLO~1\
Long name: RteDoc.ocx
Short name:
Date (created): 04/09/2006 14:52:30
Date (last access): 19/12/2007 12:02:40
Date (last write): 04/09/2006 14:52:30
Filesize: 188416
Attributes: archive
MD5: A09FBA9778DB67D34019CE88FFCBD520
CRC32: 1CB855F2
Version: 2.0.0.38
--- Process list ---
PID: 0 ( 0) [System]
PID: 160 ( 0) \SystemRoot\System32\smss.exe
size: 45840
PID: 184 ( 0) \??\C:\WINNT\system32\csrss.exe
size: 5392
PID: 180 ( 0) \??\C:\WINNT\system32\winlogon.exe
size: 191248
PID: 232 ( 0) C:\WINNT\system32\services.exe
size: 92944
MD5: 23AFE3A2F398B983903857D8B800DC0E
PID: 244 ( 0) C:\WINNT\system32\lsass.exe
size: 39184
MD5: C43C52FA225030EA2E62E820C9D898CA
PID: 412 ( 0) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 1206706A25C5B32652B4F465EDE330E9
PID: 444 ( 0) C:\WINNT\system32\spoolsv.exe
size: 47376
MD5: FACFB75ECC070103619FA044E0B210D3
PID: 492 ( 0) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 587096
MD5: 25F8546FD40E40EC5A2A23AECAE4FDCA
PID: 524 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
size: 63016
MD5: A6FA9C14E649B2F3DE15390A1840774D
PID: 540 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
size: 214056
MD5: F640EA98231D7B1DB730385813BFCE79
PID: 560 ( 0) C:\WINNT\system32\Ati2evxx.exe
size: 81920
MD5: E4B148A2A2DCF38512D9A3ECEB0B2A92
PID: 660 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 684 ( 0) C:\WINNT\Explorer.EXE
size: 244496
MD5: A40D75E7D5E938503C28CF19BB3BDA4A
PID: 700 ( 0) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 1206706A25C5B32652B4F465EDE330E9
PID: 724 ( 0) C:\WINNT\system32\HPConfig.exe
size: 151552
MD5: 88788128494C0819B62A8AAC71515B8E
PID: 776 ( 0) C:\WINNT\system32\regsvc.exe
size: 68368
MD5: B3A6BC70F941A92DA318F3BD44362BCC
PID: 784 ( 0) C:\WINNT\system32\MSTask.exe
size: 123664
MD5: 3FE6A50EDC179C4260C85E354ADC0085
PID: 880 ( 0) C:\WINNT\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 974EE1A488A7AF678F84826B588D4AF1
PID: 892 ( 0) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 1206706A25C5B32652B4F465EDE330E9
PID: 1116 ( 0) C:\WINNT\system32\PRPCUI.exe
size: 41984
MD5: E455054F3E7ECE02A2ED48CB4B3843E7
PID: 1124 ( 0) C:\WINNT\system32\atiptaxx.exe
size: 217088
MD5: 8117BF7F5F47D545116CA15C57C49315
PID: 1128 ( 0) C:\WINNT\system32\ltmsg.exe
size: 40960
MD5: 4D3F3641AA76A48964102856FD7B955F
PID: 1144 ( 0) C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
size: 188416
MD5: 2CEC0358AEAF3D34E7FAEE85ED55E9EB
PID: 1160 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
PID: 1176 ( 0) C:\WINNT\system32\internat.exe
size: 20752
MD5: 406B12788886496BD299C3F9E5E310D0
PID: 1184 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 1236 ( 0) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 1300 ( 0) C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
size: 118784
MD5: 70B9B7C5C5B3CDB1DF2E8DFB5DCC3B52
PID: 1272 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
size: 675880
MD5: 23A1670A51C783908223EF948FDC7A7E
PID: 652 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
size: 290856
MD5: 682EB400F3CC9F05C2C6CA6265A8BA21
PID: 424 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 19/12/2007 12:09:25
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
(AddressBook)
Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support
ATI Display Driver (ATI Display Driver)
uninstall cmd: rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: https://www.avg.com/fr-fr/homepage
(Branding)
(Connection Manager)
Access Companion (Dialer)
uninstall cmd: C:\WINNT\system32\DmUninst.exe -dm
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
(expinst)
(Fontcore)
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro
hp deskjet 3420 series (Supprimer uniquement) (hp deskjet 3420 series)
uninstall cmd: C:\Program Files\hp deskjet 3420 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport= -vproduct=3420 -huninstall
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(IEREADME)
Intel SpeedStep technology Applet (Intel SpeedStep technology Applet)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\WINNT\system32\Intel(R) SpeedStep(TM) technology Applet.isu"
Jetico Personal Firewall 1.0 (Jetico Personal Firewall)
uninstall cmd: "C:\WINNT\BCUnInstall.exe" C:\Program Files\Jetico\Jetico Personal Firewall\UnInstall.log
Correctif Windows 2000 - KB842773 (KB842773)
uninstall cmd: C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/842773
(KB884016)
Correctif Windows 2000 - KB887797 20041112.131144 (KB887797-OE6SP1-20041112.131144)
uninstall cmd: C:\WINNT\$NtUninstallKB887797-OE6SP1-20041112.131144$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/887797
Correctif Windows 2000 - KB890046 20050517.235025 (KB890046)
uninstall cmd: "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/890046
Correctif Windows 2000 - KB890923 20050225.103456 (KB890923-IE6SP1-20050225.103456)
uninstall cmd: "C:\WINNT\$NtUninstallKB890923-IE6SP1-20050225.103456$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/890923
Correctif Windows 2000 - KB893756 20050702.42421 (KB893756)
uninstall cmd: "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893756
Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINNT\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available
Correctif Windows 2000 - KB894320 20050429.01037 (KB894320)
uninstall cmd: "C:\WINNT\$NtUninstallKB894320$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/894320
Correctif Windows 2000 - KB896358 20050421.70926 (KB896358)
uninstall cmd: "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896358/ms05-026-a-vulnerability-in-html-help-could-allow-remote-code-executio
Correctif Windows 2000 - KB896422 20050503.23608 (KB896422)
uninstall cmd: "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896422/ms05-027-vulnerability-in-server-message-block-could-allow-remote-code
Correctif Windows 2000 - KB896423 20050713.01536 (KB896423)
uninstall cmd: "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
Correctif Windows 2000 - KB896424 20051007.114600 (KB896424)
uninstall cmd: "C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896424
Correctif Windows 2000 - KB896688 20051004.130236 (KB896688-IE6SP1-20051004.130236)
uninstall cmd: "C:\WINNT\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896688/ms05-052-cumulative-security-update-for-internet-explorer
Correctif Windows 2000 - KB897715 20050503.210336 (KB897715-OE6SP1-20050503.210336)
uninstall cmd: "C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/897715
Correctif Windows 2000 - KB899587 20050614.212757 (KB899587)
uninstall cmd: "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/899587
Correctif Windows 2000 - KB899589 20050822.21016 (KB899589)
uninstall cmd: "C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/899589
Correctif Windows 2000 - KB900725 20050923.34708 (KB900725)
uninstall cmd: "C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/900725
Correctif Windows 2000 - KB901017 20050830.22150 (KB901017)
uninstall cmd: "C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/901017
Correctif Windows 2000 - KB901214 20050629.02152 (KB901214)
uninstall cmd: "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/901214
Correctif Windows 2000 - KB902400 20050905.04634 (KB902400)
uninstall cmd: "C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/902400/ms05-051-vulnerabilities-in-ms-dtc-and-com-could-allow-remote-code-exe
Mise à jour de sécurité pour Windows 2000 (KB904706) (KB904706)
uninstall cmd: "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/904706
Correctif Windows 2000 - KB905414 20050816.13004 (KB905414)
uninstall cmd: "C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/905414
Correctif Windows 2000 - KB905495 20050805.184113 (KB905495-IE6SP1-20050805.184113)
uninstall cmd: "C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/905495
Correctif Windows 2000 - KB905749 20050902.21643 (KB905749)
uninstall cmd: "C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/905749
LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
Lucent Win Modem (LTWinModem)
uninstall cmd: C:\WINNT\system32\ltremove.exe
Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
Mozilla Firefox (2.0.0.11) 2.0.0.11 (fr) (Mozilla Firefox (2.0.0.11))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
Panda NanoScan (NanoScan)
estimated size: 400
install location: C:\Program Files\Panda Security\NanoScan
uninstall cmd: C:\Program Files\Panda Security\NanoScan\nanounst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/mediacenter/?ref=mc_blogcav
Navilog1 3.3.8 (Navilog1_is1)
install date: 20071219
install location: C:\Program Files\Navilog1\
uninstall cmd: "C:\Program Files\Navilog1\unins000.exe"
publisher: @IL-MAFIOSO
(NetMeeting)
Nikon FotoShare 1.0.1.0 (Nikon FotoShare)
uninstall cmd: C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
contact: FotoSharefr@pixology.com
(OutlookExpress)
Intel(R) PRO Ethernet Adapter and Software (PROSet)
uninstall cmd: Prounstl.exe
Correctif Windows 2000 (SP5) Q818043 20030501.174006 (Q818043)
uninstall cmd: C:\WINNT\$NtUninstallQ818043$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/818043
QuickTime (QuickTime)
uninstall cmd: C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
(SchedulingAgent)
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: https://helpx.adobe.com/flash-player.html
Panda TotalScan 01.01.02.0002 (TotalScan)
estimated size: 4000
install location: C:\Program Files\Panda Security\TotalScan
uninstall cmd: C:\Program Files\Panda Security\TotalScan\ascuninst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Correctif cumulatif 1 pour Windows 2000 SP4 20050809.32623 (Update Rollup 1)
uninstall cmd: "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/891861
VideoLAN VLC media player 0.8.6c 0.8.6c (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team
(Windows 2000 Service Pack)
WinZip (WinZip)
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Mise à jour système du Lecteur Windows Media (Série 9) (WMP7)
uninstall cmd: C:\PROGRA~1\WINDOW~3\setup_wm.exe /Uninstall
Microsoft Office 2000 SR-1 Premium 9.00.9327 ({0000040C-78E1-11D2-B60F-006097C998E7})
version: 151004271
version (major): 9
estimated size: 437687
install date: 20050525
install source: D:\
uninstall cmd: MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us
readme: ofread9.txt
PDFCreator 0.9.3 ({0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D})
install date: 20070427
uninstall cmd: "C:\Program Files\PDFCreator\unins000.exe"
publisher: Frank Heindörfer, Philip Chinery
comments: PDFCreator - Opensource
help link: https://sourceforge.net/projects/pdfcreator/
readme: https://www.pdfforge.org/
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20051203
install source: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Sun\Java\jre1.5.0_06\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
Java(TM) 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113966
install date: 20071210
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.6.0_03\README.txt
upapp 0.20.0000 ({4EF69D40-4DC9-485E-95D3-B1C22F218FC8})
version: 1310720
version (minor): 20
estimated size: 1165
install date: 20060321
install source: D:\upapp\
uninstall cmd: MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
publisher: Hewlett-Packard
comments: Your Comments
contact: Customer Support Department
help link: https://yoursite.com/
help telephone: 1-555-555-4505
readme: Readme.txt
({5B239A98-4222-4D8C-AF38-1A8EC07F956B})
({5D0930A0-1036-433A-8BB9-602665550DD0})
Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051115
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080
WebFldrs 9.50.7522 ({6F716DA0-398F-11D3-85E1-005004838609})
version: 154279266
version (major): 9
version (minor): 50
estimated size: 2700
install date: 20050428
install source: C:\WINNT\system32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/
Microsoft .NET Framework 1.1 French Language Pack 1.1.4322 ({9A394342-4A68-4EBA-85A6-55B559F4E700})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 3138
install date: 20050525
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
publisher: Microsoft
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1036\RepairRedist.htm
ArcSoft Panorama Maker 3 ({A5F68DC8-0278-4AD8-B413-861509B5F25B})
version (major): 3
version (minor): 5
install location: C:\Program Files\ArcSoft\Panorama Maker 3
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c
publisher: ArcSoft
Paramètres d'affichage HP ({A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\SETUP.EXE"
Adobe Reader 7.0.9 - Français 7.0.9 ({AC76BA86-7AD7-1036-7B44-A70900000002})
version: 117440521
version (major): 7
estimated size: 78500
install date: 20070824
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: https://helpx.adobe.com/support.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071218
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: https://www.safer-networking.org/?page=support
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 62780
install date: 20051116
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Nikon Message Center 0.91.000 ({D2FCC1AE-6311-47C5-8130-C6C66D77DD71})
version: 5963776
install location: C:\Program Files\Fichiers communs\Nikon\Message Center
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
version: 67108864
version (major): 4
estimated size: 2132
install date: 20071210
install source: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_03/sp1/
uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
publisher: Google Inc.
Ad-Aware 2007 7.0.2.5 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF})
version: 117440514
version (major): 7
estimated size: 23297
install date: 20071208
install location: C:\Program Files\Lavasoft\Ad-Aware 2007\
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
publisher: Lavasoft
help link: https://forum.adaware.com/
PictureProject 1.0 ({FF3999BE-1A7B-4738-88AA-97BF14094A4A})
version: 16777216
install location: C:\Program Files\Nikon\PictureProject
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aawservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ad-Aware 2007 Service
Description: Protects your computer from spyware
Object name: LocalSystem
Image path: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
Image size: 587096
Image MD5: 25F8546FD40E40EC5A2A23AECAE4FDCA
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Depends On services: RpcSS
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: system32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de contrôleur intégré Microsoft
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Filtre de bus AGP Intel
Image path: system32\DRIVERS\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic116x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 92944
Image MD5: 23AFE3A2F398B983903857D8B800DC0E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): allegro
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ESS Allegro Audio Driver (WDM)
Image path: system32\drivers\es198x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ami0nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Scheduler
Description: Service to schedule AntiVir jobs and updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 63016
Image MD5: A6FA9C14E649B2F3DE15390A1840774D
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Guard
Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 214056
Image MD5: F640EA98231D7B1DB730385813BFCE79
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 92944
Image MD5: 23AFE3A2F398B983903857D8B800DC0E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_1.1.4322
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'état ASP.NET
Description: Assure la prise en charge des états de session out-of-process pour ASP.NET. En cas d'interruption de ce service, les demandes out-of process ne sont pas traitées. En cas de désactivation du service, le démarrage de tout service qui dépend explicitement de ce service est impossible.
Object name: .\ASPNET
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: E1A1206A4FB19B675E947B29CCD25FBA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: system32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): Ati HotKey Poller
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 81920
Image MD5: E4B148A2A2DCF38512D9A3ECEB0B2A92
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): ati2mtag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: system32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type:
Voici les logs des demandes de ce matin , ils ont déjà été envoyés en fin de matinée mais je ne suis pas sur que vous les ayez recu compte tenu des difficultés que j'ai avec internet.
Merci d'avance pour ce que vous ferz pour moi.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Voici le résultat spybot Les effacements du virus sont sans effets
--- Search result list ---
Win32.Agent.pz: [SBI $B40811A5] Réglages (Valeur du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=...C:\WINNT\system32\ntos.exe,...
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-18 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-12-12 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-12-12 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-12-12 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-12-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-12-12 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-12-12 Includes\PUPSC.sbi (*)
2007-12-12 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-12-12 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-12-12 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2007-12-12 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows 2000 (Build: 2195) Service Pack 4 (5.0.2195)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 5.01 / SP4: Correctif Windows 2000 - KB890923
/ Internet Explorer 6 / SP1: Correctif Windows 2000 - KB890923
/ Internet Explorer 6 / SP1: Correctif Windows 2000 - KB896688
/ Internet Explorer 6 / SP1: Correctif Windows 2000 - KB905495
/ Outlook Express 6 / SP1: Correctif Windows 2000 - KB887797
/ Outlook Express 6 / SP1: Correctif Windows 2000 - KB897715
/ Windows 2000 / SP5: Correctif Windows 2000 - KB329115
/ Windows 2000 / SP5: Correctif Windows 2000 (SP5) KB820888
/ Windows 2000 / SP5: Correctif Windows 2000 - KB822831
/ Windows 2000 / SP5: Correctif Windows 2000 - KB823182
/ Windows 2000 / SP5: Correctif Windows 2000 - KB823559
/ Windows 2000 / SP5: Correctif Windows 2000 - KB824105
/ Windows 2000 / SP5: Correctif Windows 2000 - KB825119
/ Windows 2000 / SP5: Correctif Windows 2000 - KB826232
/ Windows 2000 / SP5: Correctif Windows 2000 - KB828035
/ Windows 2000 / SP5: Correctif Windows 2000 - KB828741
/ Windows 2000 / SP5: Correctif Windows 2000 - KB828749
/ Windows 2000 / SP5: Correctif Windows 2000 - KB835732
/ Windows 2000 / SP5: Correctif Windows 2000 - KB837001
/ Windows 2000 / SP5: Correctif Windows 2000 - KB839645
/ Windows 2000 / SP5: Correctif Windows 2000 - KB840315
/ Windows 2000 / SP5: Correctif Windows 2000 - KB840987
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841356
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841533
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841872
/ Windows 2000 / SP5: Correctif Windows 2000 - KB841873
/ Windows 2000 / SP5: Correctif Windows 2000 - KB842526
/ Windows 2000 / SP5: Correctif Windows 2000 - KB842773
/ Windows 2000 / SP5: Correctif Windows 2000 - KB871250
/ Windows 2000 / SP5: Correctif Windows 2000 - KB873333
/ Windows 2000 / SP5: Correctif Windows 2000 - KB873339
/ Windows 2000 / SP5: Correctif Windows 2000 - KB885250
/ Windows 2000 / SP5: Correctif Windows 2000 - KB885835
/ Windows 2000 / SP5: Correctif Windows 2000 - KB885836
/ Windows 2000 / SP5: Correctif Windows 2000 - KB888113
/ Windows 2000 / SP5: Correctif Windows 2000 - KB890046
/ Windows 2000 / SP5: Correctif Windows 2000 - KB890175
/ Windows 2000 / SP5: Correctif Windows 2000 - KB890859
/ Windows 2000 / SP5: Correctif Windows 2000 - KB891781
/ Windows 2000 / SP5: Correctif Windows 2000 - KB893066
/ Windows 2000 / SP5: Correctif Windows 2000 - KB893086
/ Windows 2000 / SP5: Correctif Windows 2000 - KB893756
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Correctif Windows 2000 - KB894320
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896358
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896422
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896423
/ Windows 2000 / SP5: Correctif Windows 2000 - KB896424
/ Windows 2000 / SP5: Correctif Windows 2000 - KB899587
/ Windows 2000 / SP5: Correctif Windows 2000 - KB899589
/ Windows 2000 / SP5: Correctif Windows 2000 - KB900725
/ Windows 2000 / SP5: Correctif Windows 2000 - KB901017
/ Windows 2000 / SP5: Correctif Windows 2000 - KB901214
/ Windows 2000 / SP5: Correctif Windows 2000 - KB902400
/ Windows 2000 / SP5: Correctif Windows 2000 - KB905414
/ Windows 2000 / SP5: Correctif Windows 2000 - KB905749
/ Windows 2000 / SP5: Correctif Windows 2000 (SP5) Q818043
/ Windows 2000 / SP5: Correctif cumulatif 1 pour Windows 2000 SP4
/ Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
--- Startup entries list ---
Located: HK_LM:Run, AtiPTA
command: atiptaxx.exe
file: C:\WINNT\system32\atiptaxx.exe
size: 217088
MD5: 8117BF7F5F47D545116CA15C57C49315
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
file: C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
size: 188416
MD5: 2CEC0358AEAF3D34E7FAEE85ED55E9EB
Located: HK_LM:Run, JeticoPFStartup
command: "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
file: C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
size: 118784
MD5: 8A11E26D22C8870DE1BB99BFF0BC00D6
Located: HK_LM:Run, LTWinModem1
command: ltmsg.exe 9
file: C:\WINNT\system32\ltmsg.exe
size: 40960
MD5: 4D3F3641AA76A48964102856FD7B955F
Located: HK_LM:Run, Paramètres d'affichage HP
command: C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
file: C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe
size: 49152
MD5: F02A6D1C031A2B5D5DF96357599BE75E
Located: HK_LM:Run, PRPCMonitor
command: PRPCUI.exe
file: C:\WINNT\system32\PRPCUI.exe
size: 41984
MD5: E455054F3E7ECE02A2ED48CB4B3843E7
Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111888
MD5: 25927F36C86159F0D55288F4FED12D93
Located: HK_CU:Run, internat.exe
where: .DEFAULT...
command: internat.exe
file: C:\WINNT\system32\internat.exe
size: 20752
MD5: 406B12788886496BD299C3F9E5E310D0
Located: HK_CU:Run, internat.exe
where: S-1-5-21-357768600-1408136330-1119434989-500...
command: internat.exe
file: C:\WINNT\system32\internat.exe
size: 20752
MD5: 406B12788886496BD299C3F9E5E310D0
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-357768600-1408136330-1119434989-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: Démarrage (tous utilisateurs), NkbMonitor.exe.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
file: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
size: 118784
MD5: 70B9B7C5C5B3CDB1DF2E8DFB5DCC3B52
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://www.google.com/intl/fr/toolbar/ie/index.html
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 10/12/2007 08:21:14
Date (last access): 19/12/2007 12:01:04
Date (last write): 10/12/2007 08:21:14
Filesize: 2436160
Attributes: readonly archive
MD5: 6D44E0C3B43D27484FBB355E470C4188
CRC32: 2DE875CD
Version: 4.0.1601.4978
--- ActiveX list ---
{512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class)
DPF name:
CLSID name: TotalScan Installer Class
Installer: C:\WINNT\Downloaded Program Files\CONFLICT.1\ascstubie.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
description:
classification: Legitimate
known filename: ascstubie.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\CONFLICT.1\
Long name: ascstubie.dll
Short name: ASCSTU~1.DLL
Date (created): 21/08/2007 14:37:26
Date (last access): 19/12/2007 12:02:38
Date (last write): 21/08/2007 14:37:26
Filesize: 124208
Attributes: archive
MD5: 0AD87599756B34C0214AFCE961E78DD5
CRC32: EA254381
Version: 1.0.0.7
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINNT\Downloaded Program Files\CONFLICT.1\oscan8.inf
Codebase: http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\BDOSCAN8\
Long name: oscan82.ocx
Short name:
Date (created): 18/12/2007 13:50:34
Date (last access): 19/12/2007 12:02:38
Date (last write): 18/12/2007 13:50:34
Filesize: 471040
Attributes: archive
MD5: 44831C822EE63F579150C17FD7114115
CRC32: 34B5E163
Version: 1.0.0.1
{8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class)
DPF name:
CLSID name: NanoInstaller Class
Installer: C:\WINNT\Downloaded Program Files\nanoinst.inf
Codebase: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Path: C:\WINNT\Downloaded Program Files\
Long name: NanoInst.dll
Short name:
Date (created): 11/09/2007 13:49:28
Date (last access): 19/12/2007 11:24:42
Date (last write): 11/09/2007 13:49:28
Filesize: 38280
Attributes: archive
MD5: 4BEEB9E3A93CF218602A7A9AE21EDCA7
CRC32: FD77ABF2
Version: 2.2.0.5
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer: C:\WINNT\Downloaded Program Files\jinstall-6u3.inf
Codebase: http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 23:31:44
Date (last access): 19/12/2007 12:02:38
Date (last write): 25/09/2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38470.2346875
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2005 13:03:56
Date (last access): 19/12/2007 12:01:26
Date (last write): 10/11/2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 23:31:44
Date (last access): 19/12/2007 12:02:38
Date (last write): 25/09/2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 23:31:44
Date (last access): 19/12/2007 12:02:38
Date (last write): 25/09/2007 01:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINNT\Downloaded Program Files\swflash.inf
Codebase: http://active.macromedia.com/flash5/cabs/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 13:38:56
Date (last access): 19/12/2007 12:02:38
Date (last write): 27/08/2005 13:38:56
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0
{D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control)
DPF name:
CLSID name: RteDocumatDoc Control
Installer: C:\WINNT\Downloaded Program Files\RteAllCabs.inf
Codebase: http://cabs.rte.fr/RteAllCabsMFC.cab
description:
classification: Open for discussion
known filename: RteDoc.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\DOWNLO~1\
Long name: RteDoc.ocx
Short name:
Date (created): 04/09/2006 14:52:30
Date (last access): 19/12/2007 12:02:40
Date (last write): 04/09/2006 14:52:30
Filesize: 188416
Attributes: archive
MD5: A09FBA9778DB67D34019CE88FFCBD520
CRC32: 1CB855F2
Version: 2.0.0.38
--- Process list ---
PID: 0 ( 0) [System]
PID: 160 ( 0) \SystemRoot\System32\smss.exe
size: 45840
PID: 184 ( 0) \??\C:\WINNT\system32\csrss.exe
size: 5392
PID: 180 ( 0) \??\C:\WINNT\system32\winlogon.exe
size: 191248
PID: 232 ( 0) C:\WINNT\system32\services.exe
size: 92944
MD5: 23AFE3A2F398B983903857D8B800DC0E
PID: 244 ( 0) C:\WINNT\system32\lsass.exe
size: 39184
MD5: C43C52FA225030EA2E62E820C9D898CA
PID: 412 ( 0) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 1206706A25C5B32652B4F465EDE330E9
PID: 444 ( 0) C:\WINNT\system32\spoolsv.exe
size: 47376
MD5: FACFB75ECC070103619FA044E0B210D3
PID: 492 ( 0) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 587096
MD5: 25F8546FD40E40EC5A2A23AECAE4FDCA
PID: 524 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
size: 63016
MD5: A6FA9C14E649B2F3DE15390A1840774D
PID: 540 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
size: 214056
MD5: F640EA98231D7B1DB730385813BFCE79
PID: 560 ( 0) C:\WINNT\system32\Ati2evxx.exe
size: 81920
MD5: E4B148A2A2DCF38512D9A3ECEB0B2A92
PID: 660 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 684 ( 0) C:\WINNT\Explorer.EXE
size: 244496
MD5: A40D75E7D5E938503C28CF19BB3BDA4A
PID: 700 ( 0) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 1206706A25C5B32652B4F465EDE330E9
PID: 724 ( 0) C:\WINNT\system32\HPConfig.exe
size: 151552
MD5: 88788128494C0819B62A8AAC71515B8E
PID: 776 ( 0) C:\WINNT\system32\regsvc.exe
size: 68368
MD5: B3A6BC70F941A92DA318F3BD44362BCC
PID: 784 ( 0) C:\WINNT\system32\MSTask.exe
size: 123664
MD5: 3FE6A50EDC179C4260C85E354ADC0085
PID: 880 ( 0) C:\WINNT\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 974EE1A488A7AF678F84826B588D4AF1
PID: 892 ( 0) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 1206706A25C5B32652B4F465EDE330E9
PID: 1116 ( 0) C:\WINNT\system32\PRPCUI.exe
size: 41984
MD5: E455054F3E7ECE02A2ED48CB4B3843E7
PID: 1124 ( 0) C:\WINNT\system32\atiptaxx.exe
size: 217088
MD5: 8117BF7F5F47D545116CA15C57C49315
PID: 1128 ( 0) C:\WINNT\system32\ltmsg.exe
size: 40960
MD5: 4D3F3641AA76A48964102856FD7B955F
PID: 1144 ( 0) C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
size: 188416
MD5: 2CEC0358AEAF3D34E7FAEE85ED55E9EB
PID: 1160 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 249896
MD5: 6E898F5959E7195D64594C30E9251938
PID: 1176 ( 0) C:\WINNT\system32\internat.exe
size: 20752
MD5: 406B12788886496BD299C3F9E5E310D0
PID: 1184 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 1236 ( 0) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 1300 ( 0) C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
size: 118784
MD5: 70B9B7C5C5B3CDB1DF2E8DFB5DCC3B52
PID: 1272 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
size: 675880
MD5: 23A1670A51C783908223EF948FDC7A7E
PID: 652 ( 0) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
size: 290856
MD5: 682EB400F3CC9F05C2C6CA6265A8BA21
PID: 424 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 19/12/2007 12:09:25
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.google.com/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
(AddressBook)
Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support
ATI Display Driver (ATI Display Driver)
uninstall cmd: rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: https://www.avg.com/fr-fr/homepage
(Branding)
(Connection Manager)
Access Companion (Dialer)
uninstall cmd: C:\WINNT\system32\DmUninst.exe -dm
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
(expinst)
(Fontcore)
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro
hp deskjet 3420 series (Supprimer uniquement) (hp deskjet 3420 series)
uninstall cmd: C:\Program Files\hp deskjet 3420 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport= -vproduct=3420 -huninstall
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(IEREADME)
Intel SpeedStep technology Applet (Intel SpeedStep technology Applet)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\WINNT\system32\Intel(R) SpeedStep(TM) technology Applet.isu"
Jetico Personal Firewall 1.0 (Jetico Personal Firewall)
uninstall cmd: "C:\WINNT\BCUnInstall.exe" C:\Program Files\Jetico\Jetico Personal Firewall\UnInstall.log
Correctif Windows 2000 - KB842773 (KB842773)
uninstall cmd: C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/842773
(KB884016)
Correctif Windows 2000 - KB887797 20041112.131144 (KB887797-OE6SP1-20041112.131144)
uninstall cmd: C:\WINNT\$NtUninstallKB887797-OE6SP1-20041112.131144$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/887797
Correctif Windows 2000 - KB890046 20050517.235025 (KB890046)
uninstall cmd: "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/890046
Correctif Windows 2000 - KB890923 20050225.103456 (KB890923-IE6SP1-20050225.103456)
uninstall cmd: "C:\WINNT\$NtUninstallKB890923-IE6SP1-20050225.103456$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/890923
Correctif Windows 2000 - KB893756 20050702.42421 (KB893756)
uninstall cmd: "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893756
Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINNT\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available
Correctif Windows 2000 - KB894320 20050429.01037 (KB894320)
uninstall cmd: "C:\WINNT\$NtUninstallKB894320$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/894320
Correctif Windows 2000 - KB896358 20050421.70926 (KB896358)
uninstall cmd: "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896358/ms05-026-a-vulnerability-in-html-help-could-allow-remote-code-executio
Correctif Windows 2000 - KB896422 20050503.23608 (KB896422)
uninstall cmd: "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896422/ms05-027-vulnerability-in-server-message-block-could-allow-remote-code
Correctif Windows 2000 - KB896423 20050713.01536 (KB896423)
uninstall cmd: "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
Correctif Windows 2000 - KB896424 20051007.114600 (KB896424)
uninstall cmd: "C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896424
Correctif Windows 2000 - KB896688 20051004.130236 (KB896688-IE6SP1-20051004.130236)
uninstall cmd: "C:\WINNT\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/896688/ms05-052-cumulative-security-update-for-internet-explorer
Correctif Windows 2000 - KB897715 20050503.210336 (KB897715-OE6SP1-20050503.210336)
uninstall cmd: "C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/897715
Correctif Windows 2000 - KB899587 20050614.212757 (KB899587)
uninstall cmd: "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/899587
Correctif Windows 2000 - KB899589 20050822.21016 (KB899589)
uninstall cmd: "C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/899589
Correctif Windows 2000 - KB900725 20050923.34708 (KB900725)
uninstall cmd: "C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/900725
Correctif Windows 2000 - KB901017 20050830.22150 (KB901017)
uninstall cmd: "C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/901017
Correctif Windows 2000 - KB901214 20050629.02152 (KB901214)
uninstall cmd: "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/901214
Correctif Windows 2000 - KB902400 20050905.04634 (KB902400)
uninstall cmd: "C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/902400/ms05-051-vulnerabilities-in-ms-dtc-and-com-could-allow-remote-code-exe
Mise à jour de sécurité pour Windows 2000 (KB904706) (KB904706)
uninstall cmd: "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/904706
Correctif Windows 2000 - KB905414 20050816.13004 (KB905414)
uninstall cmd: "C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/905414
Correctif Windows 2000 - KB905495 20050805.184113 (KB905495-IE6SP1-20050805.184113)
uninstall cmd: "C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/905495
Correctif Windows 2000 - KB905749 20050902.21643 (KB905749)
uninstall cmd: "C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/905749
LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
Lucent Win Modem (LTWinModem)
uninstall cmd: C:\WINNT\system32\ltremove.exe
Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
Mozilla Firefox (2.0.0.11) 2.0.0.11 (fr) (Mozilla Firefox (2.0.0.11))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
Panda NanoScan (NanoScan)
estimated size: 400
install location: C:\Program Files\Panda Security\NanoScan
uninstall cmd: C:\Program Files\Panda Security\NanoScan\nanounst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/mediacenter/?ref=mc_blogcav
Navilog1 3.3.8 (Navilog1_is1)
install date: 20071219
install location: C:\Program Files\Navilog1\
uninstall cmd: "C:\Program Files\Navilog1\unins000.exe"
publisher: @IL-MAFIOSO
(NetMeeting)
Nikon FotoShare 1.0.1.0 (Nikon FotoShare)
uninstall cmd: C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
contact: FotoSharefr@pixology.com
(OutlookExpress)
Intel(R) PRO Ethernet Adapter and Software (PROSet)
uninstall cmd: Prounstl.exe
Correctif Windows 2000 (SP5) Q818043 20030501.174006 (Q818043)
uninstall cmd: C:\WINNT\$NtUninstallQ818043$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/818043
QuickTime (QuickTime)
uninstall cmd: C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
(SchedulingAgent)
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: https://helpx.adobe.com/flash-player.html
Panda TotalScan 01.01.02.0002 (TotalScan)
estimated size: 4000
install location: C:\Program Files\Panda Security\TotalScan
uninstall cmd: C:\Program Files\Panda Security\TotalScan\ascuninst.exe
publisher: Panda Security
help link: https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
Correctif cumulatif 1 pour Windows 2000 SP4 20050809.32623 (Update Rollup 1)
uninstall cmd: "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/891861
VideoLAN VLC media player 0.8.6c 0.8.6c (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team
(Windows 2000 Service Pack)
WinZip (WinZip)
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Mise à jour système du Lecteur Windows Media (Série 9) (WMP7)
uninstall cmd: C:\PROGRA~1\WINDOW~3\setup_wm.exe /Uninstall
Microsoft Office 2000 SR-1 Premium 9.00.9327 ({0000040C-78E1-11D2-B60F-006097C998E7})
version: 151004271
version (major): 9
estimated size: 437687
install date: 20050525
install source: D:\
uninstall cmd: MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us
readme: ofread9.txt
PDFCreator 0.9.3 ({0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D})
install date: 20070427
uninstall cmd: "C:\Program Files\PDFCreator\unins000.exe"
publisher: Frank Heindörfer, Philip Chinery
comments: PDFCreator - Opensource
help link: https://sourceforge.net/projects/pdfcreator/
readme: https://www.pdfforge.org/
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20051203
install source: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Sun\Java\jre1.5.0_06\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
Java(TM) 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 113966
install date: 20071210
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
publisher: Sun Microsystems, Inc.
contact: https://www.java.com/en/
help link: https://www.java.com/en/
readme: C:\Program Files\Java\jre1.6.0_03\README.txt
upapp 0.20.0000 ({4EF69D40-4DC9-485E-95D3-B1C22F218FC8})
version: 1310720
version (minor): 20
estimated size: 1165
install date: 20060321
install source: D:\upapp\
uninstall cmd: MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
publisher: Hewlett-Packard
comments: Your Comments
contact: Customer Support Department
help link: https://yoursite.com/
help telephone: 1-555-555-4505
readme: Readme.txt
({5B239A98-4222-4D8C-AF38-1A8EC07F956B})
({5D0930A0-1036-433A-8BB9-602665550DD0})
Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051115
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080
WebFldrs 9.50.7522 ({6F716DA0-398F-11D3-85E1-005004838609})
version: 154279266
version (major): 9
version (minor): 50
estimated size: 2700
install date: 20050428
install source: C:\WINNT\system32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/
Microsoft .NET Framework 1.1 French Language Pack 1.1.4322 ({9A394342-4A68-4EBA-85A6-55B559F4E700})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 3138
install date: 20050525
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
publisher: Microsoft
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1036\RepairRedist.htm
ArcSoft Panorama Maker 3 ({A5F68DC8-0278-4AD8-B413-861509B5F25B})
version (major): 3
version (minor): 5
install location: C:\Program Files\ArcSoft\Panorama Maker 3
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c
publisher: ArcSoft
Paramètres d'affichage HP ({A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\SETUP.EXE"
Adobe Reader 7.0.9 - Français 7.0.9 ({AC76BA86-7AD7-1036-7B44-A70900000002})
version: 117440521
version (major): 7
estimated size: 78500
install date: 20070824
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: https://helpx.adobe.com/support.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20071218
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: https://www.safer-networking.org/?page=support
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 62780
install date: 20051116
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Nikon Message Center 0.91.000 ({D2FCC1AE-6311-47C5-8130-C6C66D77DD71})
version: 5963776
install location: C:\Program Files\Fichiers communs\Nikon\Message Center
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
version: 67108864
version (major): 4
estimated size: 2132
install date: 20071210
install source: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_03/sp1/
uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
publisher: Google Inc.
Ad-Aware 2007 7.0.2.5 ({DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF})
version: 117440514
version (major): 7
estimated size: 23297
install date: 20071208
install location: C:\Program Files\Lavasoft\Ad-Aware 2007\
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
publisher: Lavasoft
help link: https://forum.adaware.com/
PictureProject 1.0 ({FF3999BE-1A7B-4738-88AA-97BF14094A4A})
version: 16777216
install location: C:\Program Files\Nikon\PictureProject
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aawservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ad-Aware 2007 Service
Description: Protects your computer from spyware
Object name: LocalSystem
Image path: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
Image size: 587096
Image MD5: 25F8546FD40E40EC5A2A23AECAE4FDCA
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Depends On services: RpcSS
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: system32\DRIVERS\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de contrôleur intégré Microsoft
Image path: system32\DRIVERS\ACPIEC.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Filtre de bus AGP Intel
Image path: system32\DRIVERS\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic116x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 92944
Image MD5: 23AFE3A2F398B983903857D8B800DC0E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): allegro
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ESS Allegro Audio Driver (WDM)
Image path: system32\drivers\es198x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ami0nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Scheduler
Description: Service to schedule AntiVir jobs and updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 63016
Image MD5: A6FA9C14E649B2F3DE15390A1840774D
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AntiVir PersonalEdition Classic Guard
Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 214056
Image MD5: F640EA98231D7B1DB730385813BFCE79
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 92944
Image MD5: 23AFE3A2F398B983903857D8B800DC0E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ASP.NET_1.1.4322
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'état ASP.NET
Description: Assure la prise en charge des états de session out-of-process pour ASP.NET. En cas d'interruption de ce service, les demandes out-of process ne sont pas traitées. En cas de désactivation du service, le démarrage de tout service qui dépend explicitement de ce service est impossible.
Object name: .\ASPNET
Image path: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Image size: 32768
Image MD5: E1A1206A4FB19B675E947B29CCD25FBA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: system32\DRIVERS\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0
Service (registry key): Ati HotKey Poller
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 81920
Image MD5: E4B148A2A2DCF38512D9A3ECEB0B2A92
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Service (registry key): ati2mtag
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: system32\DRIVERS\atmarpc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type:
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
_________________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
_________________
remplace avast par antiivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
__________________
recolle hijackthis et dis tes soucis
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
_________________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
_________________
remplace avast par antiivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
__________________
recolle hijackthis et dis tes soucis
Bonjour,
Il semble que la situation soit toujours la même après les interventions demandées au regard des logs que je vous envoie, mais merci encore pour ce que vous continuerez à me fournir comme infos pour régler ce problème.
Voici ce que je constate :
Avant l’ouverture de session la préparation des connections réseau est très très longue.
Il semble que des protections empêchent de mettre à jour .
Antivir a été réinstallé .
J’ai donc exécuté CLEAN.CMD avec option 2
Comme indiqué le fichier :
C:\upload_moi_B2V-EE6A86AB8CC.tar.gz Résultat du passage CLEAN.CMD
Doit-il être expédié à : http://upload.malekal.com/
SPYBOT-SD détecte qu’un élément important du registre a été modifié
Catégorie : system startup global entry modif : valeur ajoutée
Elément : QUICK TIME TASK la valeur ancienne n’est pas renseignée
la valeur nouvelle est C\Program Files\Quick Time\qttask.exe
La réponse que j’ai faite : modif refusée pour cette demande quick time
SPYBOT-SD détecte qu’un élément important du registre a été modifié
Catégorie : system startup global entry modif : valeur ajoutée
Elément : avgnt la valeur ancienne n’est pas renseignée
la valeur nouvelle est C\Program Files\Avira\AntiVir PersonnalEditi (je pense qu’il en manque un morceau)
La réponse que j’ai faite : modif autorisée
+++++++++++++HIJACKTHIS après CLEAN+++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:38, on 20/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
Il semble que la situation soit toujours la même après les interventions demandées au regard des logs que je vous envoie, mais merci encore pour ce que vous continuerez à me fournir comme infos pour régler ce problème.
Voici ce que je constate :
Avant l’ouverture de session la préparation des connections réseau est très très longue.
Il semble que des protections empêchent de mettre à jour .
Antivir a été réinstallé .
J’ai donc exécuté CLEAN.CMD avec option 2
Comme indiqué le fichier :
C:\upload_moi_B2V-EE6A86AB8CC.tar.gz Résultat du passage CLEAN.CMD
Doit-il être expédié à : http://upload.malekal.com/
SPYBOT-SD détecte qu’un élément important du registre a été modifié
Catégorie : system startup global entry modif : valeur ajoutée
Elément : QUICK TIME TASK la valeur ancienne n’est pas renseignée
la valeur nouvelle est C\Program Files\Quick Time\qttask.exe
La réponse que j’ai faite : modif refusée pour cette demande quick time
SPYBOT-SD détecte qu’un élément important du registre a été modifié
Catégorie : system startup global entry modif : valeur ajoutée
Elément : avgnt la valeur ancienne n’est pas renseignée
la valeur nouvelle est C\Program Files\Avira\AntiVir PersonnalEditi (je pense qu’il en manque un morceau)
La réponse que j’ai faite : modif autorisée
+++++++++++++HIJACKTHIS après CLEAN+++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:38, on 20/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
J'ai mis un compte rendu des opérations demandées à 11H40 l'avez-vous pris en compte ?
Mes problémes sont que:
-Le virus WIN32.Agent.pz est toujours présent
-Les temps de réponses sont tres longs allant jusqu'à des "blocages" de ce qui tourne , la connection au réseau est tres longue
++++++++++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:13, on 20/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
Mes problémes sont que:
-Le virus WIN32.Agent.pz est toujours présent
-Les temps de réponses sont tres longs allant jusqu'à des "blocages" de ce qui tourne , la connection au réseau est tres longue
++++++++++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:13, on 20/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HPConfig.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.BCP.FR:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Paramètres d'affichage HP] C:\Program Files\Hewlett-Packard\HP Display Utility\hpdisply.exe /s
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF18F54-BEF3-43D4-9014-D61E1AF81C15}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\system32\HPConfig.exe
scan ce fichier sur virus total et colle moi le rapport: https://www.virustotal.com/gui/
C:\WINNT\system32\internat.exe
C:\WINNT\system32\internat.exe
Bonjour,
Il semblerait que vous n'ayez pas reçu ce message expédié vers 12H00, donc je me permets de vous le renvoyer.
Veuillez trouver ci-joint le compte rendu de l’analyse faite par VIRUSTOTAL, il ne semble pas y avoir trace de quelque chose. Merci
Fichier internat.exe reçu le 2007.12.21 14:21:56 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.12.21.11 2007.12.21 -
AntiVir 7.6.0.46 2007.12.21 -
Authentium 4.93.8 2007.12.21 -
Avast 4.7.1098.0 2007.12.20 -
AVG 7.5.0.503 2007.12.20 -
BitDefender 7.2 2007.12.21 -
CAT-QuickHeal 9.00 2007.12.20 -
ClamAV 0.91.2 2007.12.21 -
DrWeb 4.44.0.09170 2007.12.21 -
eSafe 7.0.15.0 2007.12.20 -
eTrust-Vet 31.3.5393 2007.12.21 -
Ewido 4.0 2007.12.21 -
FileAdvisor 1 2007.12.21 -
Fortinet 3.14.0.0 2007.12.21 -
F-Prot 4.4.2.54 2007.12.20 -
F-Secure 6.70.13030.0 2007.12.21 -
Ikarus T3.1.1.15 2007.12.21 -
Kaspersky 7.0.0.125 2007.12.21 -
McAfee 5190 2007.12.20 -
Microsoft 1.3109 2007.12.21 -
NOD32v2 2740 2007.12.21 -
Norman 5.80.02 2007.12.20 -
Panda 9.0.0.4 2007.12.21 -
Prevx1 V2 2007.12.21 -
Rising 20.23.42.00 2007.12.21 -
Sophos 4.24.0 2007.12.21 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.21 -
TheHacker 6.2.9.166 2007.12.20 -
VBA32 3.12.2.5 2007.12.20 -
VirusBuster 4.3.26:9 2007.12.20 -
Webwasher-Gateway 6.6.2 2007.12.21 -
Information additionnelle
File size: 20752 bytes
MD5: 406b12788886496bd299c3f9e5e310d0
SHA1: 9a86d9d117d2130b1578a3c2a33bf43f970ad2f5
PEiD: -
Il semblerait que vous n'ayez pas reçu ce message expédié vers 12H00, donc je me permets de vous le renvoyer.
Veuillez trouver ci-joint le compte rendu de l’analyse faite par VIRUSTOTAL, il ne semble pas y avoir trace de quelque chose. Merci
Fichier internat.exe reçu le 2007.12.21 14:21:56 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.12.21.11 2007.12.21 -
AntiVir 7.6.0.46 2007.12.21 -
Authentium 4.93.8 2007.12.21 -
Avast 4.7.1098.0 2007.12.20 -
AVG 7.5.0.503 2007.12.20 -
BitDefender 7.2 2007.12.21 -
CAT-QuickHeal 9.00 2007.12.20 -
ClamAV 0.91.2 2007.12.21 -
DrWeb 4.44.0.09170 2007.12.21 -
eSafe 7.0.15.0 2007.12.20 -
eTrust-Vet 31.3.5393 2007.12.21 -
Ewido 4.0 2007.12.21 -
FileAdvisor 1 2007.12.21 -
Fortinet 3.14.0.0 2007.12.21 -
F-Prot 4.4.2.54 2007.12.20 -
F-Secure 6.70.13030.0 2007.12.21 -
Ikarus T3.1.1.15 2007.12.21 -
Kaspersky 7.0.0.125 2007.12.21 -
McAfee 5190 2007.12.20 -
Microsoft 1.3109 2007.12.21 -
NOD32v2 2740 2007.12.21 -
Norman 5.80.02 2007.12.20 -
Panda 9.0.0.4 2007.12.21 -
Prevx1 V2 2007.12.21 -
Rising 20.23.42.00 2007.12.21 -
Sophos 4.24.0 2007.12.21 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.21 -
TheHacker 6.2.9.166 2007.12.20 -
VBA32 3.12.2.5 2007.12.20 -
VirusBuster 4.3.26:9 2007.12.20 -
Webwasher-Gateway 6.6.2 2007.12.21 -
Information additionnelle
File size: 20752 bytes
MD5: 406b12788886496bd299c3f9e5e310d0
SHA1: 9a86d9d117d2130b1578a3c2a33bf43f970ad2f5
PEiD: -
fix cette ligne
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINNT\SYSTEM32\Userinit.exe
C:\WINNT\system32\ntos.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
_______________________________
scan avec (en mode sans échec surtout : demarrer l'ordi en appuyant sur F8 ou F2 ou F5)
spybot : (si vous avez une version instalée avant sept 2007 changer là par la version 1.5)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,C:\WINNT\system32\ntos.exe,
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINNT\SYSTEM32\Userinit.exe
C:\WINNT\system32\ntos.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
_______________________________
scan avec (en mode sans échec surtout : demarrer l'ordi en appuyant sur F8 ou F2 ou F5)
spybot : (si vous avez une version instalée avant sept 2007 changer là par la version 1.5)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
