Help Spyware ou virus

Hiro -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

J'ai depuis peu un virus sur mon ordinateur et une icone de bouclier dans la zone de notification qui fait apparaitre le message "System has detected a number of active spywares on your computer...." quelqu'un est allé sur des site non sur depuis mon PC et je pense qu'il est infecté. J'ai nettoyé plusieurs choses à l'aide de spybot et de adaware mais il semble qu'il reste des virus.

Voila le rapport navilog :

Search Navipromo version 3.4.2 commencé le 23.01.2008 à 16:39:31.76

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\tony\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\tony\local settings\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\tony\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\tony\local settings\application data" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\tony\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

*** Analyse terminée le 23.01.2008 à 16:46:24.70 ***

merci d'avance
Configuration: Windows XP
Firefox 2.0.0.11

17 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt , tu peux desinstaller navilog . Colle un rapport hijackthis
    0
  2. Hiro
     
    Hello, voila le rapport Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 13:29:03, on 24.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201003758.dll (file missing)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Fichiers communs\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://hotnight.dyndns.org/vnc/msrdp.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Merci
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    désactivé le tea timer de spybot je temps des analyses. Colle un rapport combofix. Http://www.techsupportforum.com/sectouls/susbs/combofix.exe
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desinstalle via ton panneau de configuration

    Viewpoint Toolbar BHO
    ___________

    relance hijakchtis et fix ces lignes (fix cheked)

    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201003758.dll (file missing)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Fichiers communs\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing).
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://hotnight.dyndns.org/vnc/msrdp.cab
    O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)

    ____________________

    recolle un rapport hijackthis et colle bien le rapport combofix
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Hiro
     
    J'ai fais le rapport navilog après avoir nettoyé avec higjackthis, et je n'ai pas redémarré depuis le nettoyage

    Rapport highjackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 01:32:29, on 25.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Rapport Navilog :

    Start Time= 25.01.2008 1:34:12.25

    QuickScan did not find any signs of infected files

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-01-23 16:35:30 ( .D... ) "C:\Program Files\Navilog1"
    2008-01-22 13:10:22 ( .D... ) "C:\Program Files\VirusProtect 3.9"
    2008-01-22 13:09:20 ( .D... ) "C:\Program Files\Helper"
    2008-01-22 11:51:04 13312 ( A.S.. ) "C:\WINDOWS\system32\shlahsd.dll"
    2008-01-02 10:21:38 17642616 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
    2007-12-26 00:20:26 ( .D... ) "C:\Program Files\CDBurnerXP"
    2007-12-26 00:17:50 ( .D... ) "C:\Program Files\MSBuild"
    2007-12-26 00:17:34 ( .D... ) "C:\Program Files\Reference Assemblies"
    2007-12-26 00:13:54 ( .D... ) "C:\Program Files\MSXML 6.0"
    2007-12-25 23:40:12 34308 ( A.... ) "C:\WINDOWS\system32\bassmod.dll"
    2007-12-25 23:34:12 ( .D... ) "C:\Program Files\MagicISO"
    2007-12-20 09:43:48 248448 ( A.... ) "C:\WINDOWS\system32\PROUnstl.exe"
    2007-12-14 20:05:14 35424 ( A.... ) "C:\WINDOWS\system32\e100bmsg.dll"
    2007-12-04 18:14:58 ( .D... ) "C:\Program Files\WorldPx"
    2007-11-29 06:38:46 40056 ( A.... ) "C:\WINDOWS\system32\NicInst.dll"
    2007-11-13 12:31:12 60416 ( ..... ) "C:\WINDOWS\system32\tzchange.exe"
    2007-11-07 20:43:52 413696 ( A.... ) "C:\WINDOWS\system32\wrap_oal.dll"
    2007-11-07 20:43:52 86016 ( A.... ) "C:\WINDOWS\system32\OpenAL32.dll"
    2007-11-07 10:28:32 728576 ( A.... ) "C:\WINDOWS\system32\lsasrv.dll"
    2007-10-31 00:23:48 3590656 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
    2007-10-29 23:43:32 1293824 ( A.... ) "C:\WINDOWS\system32\quartz.dll"
    2007-10-29 16:07:16 369152 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
    2007-10-25 17:43:26 8516608 ( A.... ) "C:\WINDOWS\system32\shell32.dll"

    ((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
    "DrvLsnr"="C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
    "AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
    "VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\\\vptray.exe"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
    "HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
    "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "CTHelper"="CTHELPER.EXE"
    "CTxfiHlp"="CTXFIHLP.EXE"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "{F0D1515A-0958-4108-1230-020404220029}"="\"C:\\Program Files\\Fichiers communs\\{F0D1515A-0958-4108-1230-020404220029}\\Update.exe\" mc-110-12-0000272"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
    "{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CONNECTAUTrayApp.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\CONNECTAUTrayApp.lnk"
    "backup"="C:\\WINDOWS\\pss\\CONNECTAUTrayApp.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Sony\\CONNEC~1\\CONNEC~3.EXE "
    "item"="CONNECTAUTrayApp"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Getting Started with MacDrive 5.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Getting Started with MacDrive 5.lnk"
    "backup"="C:\\WINDOWS\\pss\\Getting Started with MacDrive 5.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\WINDOWS\\Installer\\{B173DFDA-04BB-4626-ACF4-E850294B35EC}\\IconC76F88591.exe "
    "item"="Getting Started with MacDrive 5"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\HP Digital Imaging Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Lancement rapide d'Adobe Reader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TabUserW.exe.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\TabUserW.exe.lnk"
    "backup"="C:\\WINDOWS\\pss\\TabUserW.exe.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\WINDOWS\\system32\\WTablet\\TabUserW.exe "
    "item"="TabUserW.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^tony^Menu Démarrer^Programmes^Démarrage^RAR Password Cracker.lnk]
    "path"="C:\\Documents and Settings\\tony\\Menu Démarrer\\Programmes\\Démarrage\\RAR Password Cracker.lnk"
    "backup"="C:\\WINDOWS\\pss\\RAR Password Cracker.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\RARPAS~1\\rpc.exe /c \"D:\\Backup Bureau\\Bordel Bureau\\Nouveau dossier\\coco2.rpc\""
    "item"="RAR Password Cracker"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Agent"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\CyberLink\\PowerVCRII\\Agent.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Anti-Blaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Anti-Blaxx 1.18\\Anti-Blaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cli"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Christmas"
    "hkey"="HKCU"
    "command"="C:\\DOCUME~1\\tony\\LOCALS~1\\Temp\\Rar$EX00.500\\Christmas.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CONNECTScheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CONNECTScheduler"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Sony\\CONNECTAutoUpdate\\CONNECTScheduler.exe\" /RUN_SCHEDULER"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CTDVDDET"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CTHELPER"
    "hkey"="HKLM"
    "command"="CTHELPER.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CTXFIHLP"
    "hkey"="HKLM"
    "command"="CTXFIHLP.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="\"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hphmon06"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\hphmon06.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeWire Acceleration Patch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LimeWire Acceleration Patch"
    "hkey"="HKCU"
    "command"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\LimeWire Acceleration Patch\\LimeWire Acceleration Patch.lnk"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MACVNTFY"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Fichiers communs\\Mediafour\\MACVNTFY.EXE\" /auto"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RemoteAgent"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\CyberLink\\PowerVCRII\\RemoteAgent.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SMTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UpdReg"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\UpdReg.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -u"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -u"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SharedAccess"=dword:00000002
    "wuauserv"=dword:00000002
    "helpsvc"=dword:00000002

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\HP Usg Daily.job

    Completion time: 25.01.2008 1:34:38.50
    ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

    dis moi tes problemes actuels
    0
  8. Hiro
     
    Hello, depuis le démarrage ce matin le tea timer demande si j'accepte une modification du registre, je l'ai refusée plusieurs fois mais elle continue à venir. Catégorie : Global Browser toolbar, modif : valeur supprimée. Je ne sais pas si je devrais accepter la modification... je le laisse en attente.

    Toujours le message sur le bouclier qui dit que des spyware sont présent dans le système.

    Merci pour ton aide

    SmitFraudFix v2.274

    Rapport fait à 12:35:28.71, 25.01.2008
    Executé à partir de C:\Documents and Settings\tony\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ot.ico PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tony

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tony\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\tony\Favoris

    C:\DOCUME~1\tony\Favoris\Antivirus Test Online.url PRESENT !
    C:\DOCUME~1\tony\Favoris\Online Security Test.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
    C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Helper\ PRESENT !
    C:\Program Files\VirusProtect 3.9\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

    [HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
    @="C:\WINDOWS\system32\shlahsd.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
    @="C:\WINDOWS\system32\shlahsd.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte Intel(R) PRO/100+ Alert on LAN* pour gestion - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desactive le tea timer le temps de la desinfection

    ______________
    redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    puis relance smitfraudfix ,sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée et colle moi le rapport

    ________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm

    ____________________

    recolle hiajckhtis et dis tes problemes
    0
  10. Hiro
     
    Hello, j'ai du redémarré pour etre connecté, le tea timer attend que je lui dise si oui ou non j'accepte la modif dans C:\windows\system32\blank.htm. Que dois je lui dire ?

    Et l'icone du bouclier qui dis qu'il y a des spyware a disparu. Merci pour ça déjà. L'es bien infecté mon PC on dirait

    Sinon le rapport Smit établi en mode sans echec cet après midi

    SmitFraudFix v2.274

    Rapport fait à 14:25:19.76, 25.01.2008
    Executé à partir de C:\Documents and Settings\tony\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

    [HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
    @="C:\WINDOWS\system32\shlahsd.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
    @="C:\WINDOWS\system32\shlahsd.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\shlahsd.dll -> Hoax.Win32.Renos.gen.o
    C:\WINDOWS\system32\shlahsd.dll -> Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\ot.ico supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
    C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
    C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url supprimé
    C:\DOCUME~1\tony\Favoris\Antivirus Test Online.url supprimé
    C:\DOCUME~1\tony\Favoris\Online Security Test.url supprimé
    C:\Program Files\Helper\ supprimé
    C:\Program Files\VirusProtect 3.9\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte Intel(R) PRO/100+ Alert on LAN* pour gestion - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Et le hihjack établi en mode sans echec

    Logfile of HijackThis v1.99.1
    Scan saved at 00:16:42, on 26.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Hello, j'ai du redémarré pour etre connecté, le tea timer attend que je lui dise si oui ou non j'accepte la modif dans C:\windows\system32\blank.htm. Que dois je lui dire ? TU METS OUI (le mieux etant de desactiver le tea timer le temps des analyses)

    ___________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

    O20 - Winlogon Notify: winowl32 - C:\WINDOWS\

    ___________________

    mets a jour JAVA: DEMARRER puis PANNEAU DE CONFIG puis JAVA puis MISE A JOUR
    ____________________

    colle un rapport d'un scan en ligne

    ______________________
    recolle hiajckhtis et dis tes problemes
    0
  12. Hiro
     
    Hello, j'ai fais le rapport avec bitdefender, il s'est excité comme un fou sur les fichiers mis en quarantaine par Norton et sur d'autre fichiers qui semblaient être des virus actif. Et puis les clè que je vais viré avec hihjack hier sont déjà de retour..... {21ECA600 et d'autre saloperies

    Je vais encore tester avec un autre de ces scan online.
    En attendant, le rapport hihjack et le rapport bitdefender.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:30:26, on 27.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Symantec AntiVirus\vpc32.exe
    C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    BitDefender Online Scanner

    Rapport d'analyse généré à: Sun, Jan 27, 2008 - 04:01:10

    Voie d'analyse: A:\;C:\;D:\;E:\;J:\;M:\;

    Statistiques

    Temps

    02:09:46

    Fichiers

    654546

    Directoires

    15999

    Secteurs de boot

    5

    Archives

    3699

    Paquets programmes

    40367

    Résultats

    Virus identifiés

    25

    Fichiers infectés

    96

    Fichiers suspects

    0

    Avertissements

    0

    Désinfectés

    2

    Fichiers effacés

    130

    Info sur les moteurs

    Définition virus

    893929

    Version des moteurs

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins

    14

    Archive des plugins

    38

    Unpack des plugins

    7

    E-mail plugins

    6

    Système plugins

    1

    Paramètres d'analyse

    Première action

    Désinfecté

    Seconde Action

    Supprimé

    Heuristique

    Oui

    Acceptez les avertissements

    Oui

    Extensions analysées

    *;

    Excludez les extensions

    Analyse d'emails

    Oui

    Analyse des Archives

    Oui

    Analyser paquets programmes

    Oui

    Analyse des fichiers

    Oui

    Analyse de boot

    Oui

    Fichier analysé

    Statut

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\ikernel.ex_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\INSTALL.INI

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\layout.bin

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\Setup.exe

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\Setup.ini

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\setup.inx

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\setup.iss

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\shortcut.iss

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 0)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 1)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 2)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 2)=>(Embedded EXE o)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 3)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 4)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 6)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 7)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 8)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 9)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 10)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 11)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 12)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.hdr

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data2.cab

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\atiiseag.ini

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2cqag.dl_

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2cqag.dl_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2dvag.dl_

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2dvag.dl_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2edxx.dl_

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2edxx.dl_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2erec.dl_

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2erec.dl_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.dl_

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.dl_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.ex_

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.ex_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mdxx.ex_

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mdxx.ex_=>(MS-Compress 5)

    Nettoyé

    C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mtag.sy_

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn7.zip=>icmntr.exe

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn7.zip=>sbRecovery.ini

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>ictmdl.dll_tobedeleted_old

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>isfmdl.dll_tobedeleted_old_tobedeleted_old

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>isfmntr.exe_tobedeleted_old

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>sbRecovery.ini

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip=>sbRecovery.reg

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip=>sbRecovery.ini

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip=>sbRecovery.reg

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip=>sbRecovery.ini

    Protection par mot de passe

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\Layered Service Providers.csv

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegBHO-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegDPF-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegDummy-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtBat-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtCmd-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtCom-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtExe-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtPif-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtReg-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtScr-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtScrc-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBME-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP1-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP2a-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP2b-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP3-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP4-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBTB1-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBTB2-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGCP-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGIESH-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGNTCVW-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGNTCVWL-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS1-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS1SM-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS2-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS2SM-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS3-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS3SM-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS4-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGSS-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGSSODL-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGWLN-Global.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBME-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP1-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2a-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2b-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP3-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP4-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBTB1-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBTB2-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUCP-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUDesk-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUIESH-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUNTCVW-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUNTCVWL-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS1-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS2-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS3-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS4-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUSSODL-tony.reg

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\System startup.csv

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\Uninstall info.csv

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccEmlPxy.dat

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Configuration.Log.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:cur.scr

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:ESRDEF.999

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCDEFS.998

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN7.997

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN8.996

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN9.995

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.tri

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.grd

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.sig

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.mar_symalllanguages_livetri.zip

    Nettoyé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)

    Infecté par: Trojan.Vundo.M

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN

    Infecté par: Win32.Gael.3666

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN

    Infecté par: Win32.Gael.3666

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE163.VBN=>(Quarantine-PE)

    Infecté par: Trojan.Spy.SpyAnytime.D

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE163.VBN=>(Quarantine-PE)

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 1)

    Infecté par: Trojan.Spy.SpyAnytime.D

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 1)

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)

    Infecté par: Trojan.Spy.Keylogger.Y

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Infecté par: Virtool.HiddenRun.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Infecté par: Trojan.Bat.Zapchast.BT

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Infecté par: VirTool.Maxxx.A

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Infecté par: Backdoor.Mirc.S

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Infecté par: Backdoor.FTP.ioFtpd.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

    Infecté par: VirTool.Maxxx.A

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

    Infecté par: Backdoor.Irc.Zapchast.BB

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

    Infecté par: Trojan.Leechpie.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

    Infecté par: Backdoor.IRC.Zapchast

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Infecté par: Virtool.HiddenRun.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Infecté par: Trojan.Bat.Zapchast.BT

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Infecté par: VirTool.Maxxx.A

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Infecté par: Backdoor.Mirc.S

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Infecté par: Backdoor.FTP.ioFtpd.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

    Infecté par: VirTool.Maxxx.A

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

    Infecté par: Backdoor.Irc.Zapchast.BB

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

    Infecté par: Trojan.Leechpie.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

    Infecté par: Backdoor.IRC.Zapchast

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN

    Infecté par: Win32.Gael.3666

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Infecté par: Virtool.HiddenRun.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Infecté par: Trojan.Bat.Zapchast.BT

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Infecté par: VirTool.Maxxx.A

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Infecté par: Backdoor.Mirc.S

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Infecté par: Backdoor.FTP.ioFtpd.B

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

    Supprimé

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

    Echec de la mise à jour

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

    Infecté par: VirTool.Maxxx.A

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiV
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O20 - Winlogon Notify: winowl32 - C:\WINDOWS\

    _____________________

    vire ce qui est en quarantaine dans norton et dans la sauvegarde de spybot

    _____________________

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    ______________________

    refais un scan bit defender et dis tes problemes actuels
    0
  14. Hiro
     
    Comme ça à première vue je n'ai plus de problème (si ce n'est le virus polit32 il me semble qui s'est fait repéré par Norton pendant le scan de Bitdefender)
    J'ai viré ce qui était en quarantaine dans Norton mais je n'ai pas vu ou virer les fichiers spybot, et j'ai passé 3x le ccleaner

    De nouveau je n'ai pas encore redémarré depuis tous ces nettoyages.

    Bitdefender

    Statistiques

    Temps

    02:34:28

    Fichiers

    648076

    Directoires

    15339

    Secteurs de boot

    5

    Archives

    3720

    Paquets programmes

    40267

    Résultats

    Virus identifiés

    4

    Fichiers infectés

    7

    Fichiers suspects

    0

    Avertissements

    0

    Désinfectés

    2

    Fichiers effacés

    5

    Info sur les moteurs

    Définition virus

    894049

    Version des moteurs

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins

    14

    Archive des plugins

    38

    Unpack des plugins

    7

    E-mail plugins

    6

    Système plugins

    1

    Paramètres d'analyse

    Première action

    Désinfecté

    Seconde Action

    Supprimé

    Heuristique

    Oui

    Acceptez les avertissements

    Oui

    Extensions analysées

    *;

    Excludez les extensions

    Analyse d'emails

    Oui

    Analyse des Archives

    Oui

    Analyser paquets programmes

    Oui

    Analyse des fichiers

    Oui

    Analyse de boot

    Oui

    Fichier analysé

    Statut

    C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005

    Infecté par: Trojan.Agent.BFJ

    C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005

    Echec de la désinfection

    C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005

    Supprimé

    C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)

    Echec de la mise à jour

    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN=>(Quarantine-PE)

    Infecté par: Win32.Polip.A

    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN=>(Quarantine-PE)

    Désinfecté

    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN

    Echec de la mise à jour

    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN=>(Quarantine-PE)

    Infecté par: Win32.Parite.B

    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN=>(Quarantine-PE)

    Désinfecté

    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN

    Echec de la mise à jour

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Infecté par: Generic.Adw.SaveNow.56AD4696

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Echec de la désinfection

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Supprimé

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

    Echec de la mise à jour

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Infecté par: Generic.Adw.SaveNow.56AD4696

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Echec de la désinfection

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Supprimé

    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

    Echec de la mise à jour

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Infecté par: Generic.Adw.SaveNow.56AD4696

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Echec de la désinfection

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Supprimé

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

    Echec de la mise à jour

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Infecté par: Generic.Adw.SaveNow.56AD4696

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Echec de la désinfection

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

    Supprimé

    D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

    Echec de la mise à jour
    0
  15. Hiro
     
    Mon pc devient agaçant, je désactive le tea timer pendant les analyses et quand je redémarre, il voit qu'il y a eu des changements et il me demande si c'est normal que telle ou telle clè ait disparue (ancienne valeure 21ec4600..., nouvelle valeure Rien)... je lui dis oui et quand je rescan elles sont de nouveau là. Je les vire et au démarrage suivant il me demande si c'est normal que ça ait disparu (comme je l'interprétait en tout cas) mais je lui dis non... pour voir, et c'est toujorus pareil... ou est l'erreur?

    Logfile of HijackThis v1.99.1
    Scan saved at 04:23:17, on 28.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    accepte tout avec le tea timer!!! pendant la desinfection!

    ______________

    fix ces lignes

    O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
    O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

    O20 - Winlogon Notify: winowl32 - C:\WINDOWS\

    ______________
    mets a jour JAVA: DEMARRER puis PANNEAU DE CONFIG puis JAVA puis MISE A JOUR

    _____________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe
    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN
    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN
    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _______________

    vire ce qui est dans moved files en allant dans poste de travail puis C puis

    C:\_OTMoveIt\MovedFiles.

    __________________

    recolle un rapport bitdefender et hijakchtis et surtout dis tes soucis actuels
    0
  17. Hiro
     
    Hello,

    Des problèmes je n'en constate plus, mais bon on dirait qu'il reste du merdier vu que ça revient dans les scans. J'ai réeffacé les trucs avec hihjack, accepté une fois par éléments supprimés dans le tea timer et puis je suis emmerdé avec Otmoveit, il ne s'éxecute pas, c'est seulement une petite fenêtre dos qui s'ouvre une seconde et rien après, il y a même pas d'icone sur l'éxécutable. Dis moi comment je peux l'éxécuter, j'ai essayé depuis une fenêtre de commande pour voir mais ça change rien.

    Counting on you mate.

    Merci

    Hiro
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desactive le tea timer le temps des scans

    a la place de otmovit:

    télécharges et installes :

    kill box
    https://www.bleepingcomputer.com/download/linux/

    aide kill box
    http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

    - Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

    - Double-clic sur fix.reg

    Ouvres killbox
    - Sélectionne "delete on reboot"
    - Clique sur le dossier jaune à droite et sélectionne le fichier :

    C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe
    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN
    C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN
    D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe

    - Clique sur la croix rouge et et blanche
    - Répond yes et laisse redémarrer ton pc.
    N'hésite pas à consulter l'Aide killbox

    __________________

    recolle un rapport bitdefender et hijakchtis et surtout dis tes soucis actuels
    0