Sujet Précédent Sujet Suivant

Help Spyware ou virus

Hiro -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

J'ai depuis peu un virus sur mon ordinateur et une icone de bouclier dans la zone de notification qui fait apparaitre le message "System has detected a number of active spywares on your computer...." quelqu'un est allé sur des site non sur depuis mon PC et je pense qu'il est infecté. J'ai nettoyé plusieurs choses à l'aide de spybot et de adaware mais il semble qu'il reste des virus.

Voila le rapport navilog :

Search Navipromo version 3.4.2 commencé le 23.01.2008 à 16:39:31.76

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\tony\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\tony\local settings\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\tony\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\tony\local settings\application data" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\tony\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

*** Analyse terminée le 23.01.2008 à 16:46:24.70 ***

merci d'avance
A voir également:

17 réponses

Réponse 1 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt , tu peux desinstaller navilog . Colle un rapport hijackthis
0
Réponse 2 / 17
Hiro
 
Hello, voila le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 13:29:03, on 24.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201003758.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Fichiers communs\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://hotnight.dyndns.org/vnc/msrdp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci
0
Réponse 3 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
désactivé le tea timer de spybot je temps des analyses. Colle un rapport combofix. Http://www.techsupportforum.com/sectouls/susbs/combofix.exe
0
Réponse 4 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
desinstalle via ton panneau de configuration

Viewpoint Toolbar BHO
___________

relance hijakchtis et fix ces lignes (fix cheked)

O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201003758.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Fichiers communs\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing).
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://hotnight.dyndns.org/vnc/msrdp.cab
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)

____________________

recolle un rapport hijackthis et colle bien le rapport combofix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Hiro
 
J'ai fais le rapport navilog après avoir nettoyé avec higjackthis, et je n'ai pas redémarré depuis le nettoyage

Rapport highjackthis :

Logfile of HijackThis v1.99.1
Scan saved at 01:32:29, on 25.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Rapport Navilog :

Start Time= 25.01.2008 1:34:12.25

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-01-23 16:35:30 ( .D... ) "C:\Program Files\Navilog1"
2008-01-22 13:10:22 ( .D... ) "C:\Program Files\VirusProtect 3.9"
2008-01-22 13:09:20 ( .D... ) "C:\Program Files\Helper"
2008-01-22 11:51:04 13312 ( A.S.. ) "C:\WINDOWS\system32\shlahsd.dll"
2008-01-02 10:21:38 17642616 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2007-12-26 00:20:26 ( .D... ) "C:\Program Files\CDBurnerXP"
2007-12-26 00:17:50 ( .D... ) "C:\Program Files\MSBuild"
2007-12-26 00:17:34 ( .D... ) "C:\Program Files\Reference Assemblies"
2007-12-26 00:13:54 ( .D... ) "C:\Program Files\MSXML 6.0"
2007-12-25 23:40:12 34308 ( A.... ) "C:\WINDOWS\system32\bassmod.dll"
2007-12-25 23:34:12 ( .D... ) "C:\Program Files\MagicISO"
2007-12-20 09:43:48 248448 ( A.... ) "C:\WINDOWS\system32\PROUnstl.exe"
2007-12-14 20:05:14 35424 ( A.... ) "C:\WINDOWS\system32\e100bmsg.dll"
2007-12-04 18:14:58 ( .D... ) "C:\Program Files\WorldPx"
2007-11-29 06:38:46 40056 ( A.... ) "C:\WINDOWS\system32\NicInst.dll"
2007-11-13 12:31:12 60416 ( ..... ) "C:\WINDOWS\system32\tzchange.exe"
2007-11-07 20:43:52 413696 ( A.... ) "C:\WINDOWS\system32\wrap_oal.dll"
2007-11-07 20:43:52 86016 ( A.... ) "C:\WINDOWS\system32\OpenAL32.dll"
2007-11-07 10:28:32 728576 ( A.... ) "C:\WINDOWS\system32\lsasrv.dll"
2007-10-31 00:23:48 3590656 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2007-10-29 23:43:32 1293824 ( A.... ) "C:\WINDOWS\system32\quartz.dll"
2007-10-29 16:07:16 369152 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2007-10-25 17:43:26 8516608 ( A.... ) "C:\WINDOWS\system32\shell32.dll"

((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DrvLsnr"="C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\\\vptray.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{F0D1515A-0958-4108-1230-020404220029}"="\"C:\\Program Files\\Fichiers communs\\{F0D1515A-0958-4108-1230-020404220029}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CONNECTAUTrayApp.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\CONNECTAUTrayApp.lnk"
"backup"="C:\\WINDOWS\\pss\\CONNECTAUTrayApp.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sony\\CONNEC~1\\CONNEC~3.EXE "
"item"="CONNECTAUTrayApp"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Getting Started with MacDrive 5.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Getting Started with MacDrive 5.lnk"
"backup"="C:\\WINDOWS\\pss\\Getting Started with MacDrive 5.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{B173DFDA-04BB-4626-ACF4-E850294B35EC}\\IconC76F88591.exe "
"item"="Getting Started with MacDrive 5"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
"backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Lancement rapide d'Adobe Reader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TabUserW.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\TabUserW.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\TabUserW.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\WTablet\\TabUserW.exe "
"item"="TabUserW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^tony^Menu Démarrer^Programmes^Démarrage^RAR Password Cracker.lnk]
"path"="C:\\Documents and Settings\\tony\\Menu Démarrer\\Programmes\\Démarrage\\RAR Password Cracker.lnk"
"backup"="C:\\WINDOWS\\pss\\RAR Password Cracker.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\RARPAS~1\\rpc.exe /c \"D:\\Backup Bureau\\Bordel Bureau\\Nouveau dossier\\coco2.rpc\""
"item"="RAR Password Cracker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Agent"
"hkey"="HKLM"
"command"="C:\\Program Files\\CyberLink\\PowerVCRII\\Agent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Anti-Blaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\Anti-Blaxx 1.18\\Anti-Blaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Christmas"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\tony\\LOCALS~1\\Temp\\Rar$EX00.500\\Christmas.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CONNECTScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CONNECTScheduler"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony\\CONNECTAutoUpdate\\CONNECTScheduler.exe\" /RUN_SCHEDULER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDVDDET"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTXFIHLP"
"hkey"="HKLM"
"command"="CTXFIHLP.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon06"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hphmon06.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeWire Acceleration Patch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LimeWire Acceleration Patch"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\LimeWire Acceleration Patch\\LimeWire Acceleration Patch.lnk"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MACVNTFY"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Mediafour\\MACVNTFY.EXE\" /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteAgent"
"hkey"="HKLM"
"command"="C:\\Program Files\\CyberLink\\PowerVCRII\\RemoteAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=dword:00000002
"wuauserv"=dword:00000002
"helpsvc"=dword:00000002

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Daily.job

Completion time: 25.01.2008 1:34:38.50
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
0
Réponse 6 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

dis moi tes problemes actuels
0
Réponse 7 / 17
Hiro
 
Hello, depuis le démarrage ce matin le tea timer demande si j'accepte une modification du registre, je l'ai refusée plusieurs fois mais elle continue à venir. Catégorie : Global Browser toolbar, modif : valeur supprimée. Je ne sais pas si je devrais accepter la modification... je le laisse en attente.

Toujours le message sur le bouclier qui dit que des spyware sont présent dans le système.

Merci pour ton aide

SmitFraudFix v2.274

Rapport fait à 12:35:28.71, 25.01.2008
Executé à partir de C:\Documents and Settings\tony\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tony

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tony\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\tony\Favoris

C:\DOCUME~1\tony\Favoris\Antivirus Test Online.url PRESENT !
C:\DOCUME~1\tony\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !
C:\Program Files\VirusProtect 3.9\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Intel(R) PRO/100+ Alert on LAN* pour gestion - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 8 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
desactive le tea timer le temps de la desinfection

______________
redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

puis relance smitfraudfix ,sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée et colle moi le rapport

________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

____________________

recolle hiajckhtis et dis tes problemes
0
Réponse 9 / 17
Hiro
 
Hello, j'ai du redémarré pour etre connecté, le tea timer attend que je lui dise si oui ou non j'accepte la modif dans C:\windows\system32\blank.htm. Que dois je lui dire ?

Et l'icone du bouclier qui dis qu'il y a des spyware a disparu. Merci pour ça déjà. L'es bien infecté mon PC on dirait

Sinon le rapport Smit établi en mode sans echec cet après midi

SmitFraudFix v2.274

Rapport fait à 14:25:19.76, 25.01.2008
Executé à partir de C:\Documents and Settings\tony\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\shlahsd.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\shlahsd.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ot.ico supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url supprimé
C:\DOCUME~1\tony\Favoris\Antivirus Test Online.url supprimé
C:\DOCUME~1\tony\Favoris\Online Security Test.url supprimé
C:\Program Files\Helper\ supprimé
C:\Program Files\VirusProtect 3.9\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Intel(R) PRO/100+ Alert on LAN* pour gestion - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Et le hihjack établi en mode sans echec

Logfile of HijackThis v1.99.1
Scan saved at 00:16:42, on 26.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 10 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Hello, j'ai du redémarré pour etre connecté, le tea timer attend que je lui dise si oui ou non j'accepte la modif dans C:\windows\system32\blank.htm. Que dois je lui dire ? TU METS OUI (le mieux etant de desactiver le tea timer le temps des analyses)

___________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O20 - Winlogon Notify: winowl32 - C:\WINDOWS\

___________________

mets a jour JAVA: DEMARRER puis PANNEAU DE CONFIG puis JAVA puis MISE A JOUR
____________________

colle un rapport d'un scan en ligne

______________________
recolle hiajckhtis et dis tes problemes
0
Réponse 11 / 17
Hiro
 
Hello, j'ai fais le rapport avec bitdefender, il s'est excité comme un fou sur les fichiers mis en quarantaine par Norton et sur d'autre fichiers qui semblaient être des virus actif. Et puis les clè que je vais viré avec hihjack hier sont déjà de retour..... {21ECA600 et d'autre saloperies

Je vais encore tester avec un autre de ces scan online.
En attendant, le rapport hihjack et le rapport bitdefender.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:26, on 27.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BitDefender Online Scanner

Rapport d'analyse généré à: Sun, Jan 27, 2008 - 04:01:10

Voie d'analyse: A:\;C:\;D:\;E:\;J:\;M:\;

Statistiques

Temps

02:09:46

Fichiers

654546

Directoires

15999

Secteurs de boot

5

Archives

3699

Paquets programmes

40367

Résultats

Virus identifiés

25

Fichiers infectés

96

Fichiers suspects

0

Avertissements

0

Désinfectés

2

Fichiers effacés

130

Info sur les moteurs

Définition virus

893929

Version des moteurs

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins

14

Archive des plugins

38

Unpack des plugins

7

E-mail plugins

6

Système plugins

1

Paramètres d'analyse

Première action

Désinfecté

Seconde Action

Supprimé

Heuristique

Oui

Acceptez les avertissements

Oui

Extensions analysées

*;

Excludez les extensions

Analyse d'emails

Oui

Analyse des Archives

Oui

Analyser paquets programmes

Oui

Analyse des fichiers

Oui

Analyse de boot

Oui

Fichier analysé

Statut

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\ikernel.ex_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\INSTALL.INI

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\layout.bin

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\Setup.exe

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\Setup.ini

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\setup.inx

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\setup.iss

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\shortcut.iss

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 0)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 1)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 2)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 2)=>(Embedded EXE o)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 3)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 4)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 6)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 7)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 8)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 9)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 10)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 11)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 12)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.hdr

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data2.cab

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\atiiseag.ini

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2cqag.dl_

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2cqag.dl_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2dvag.dl_

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2dvag.dl_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2edxx.dl_

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2edxx.dl_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2erec.dl_

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2erec.dl_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.dl_

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.dl_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.ex_

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.ex_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mdxx.ex_

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mdxx.ex_=>(MS-Compress 5)

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mtag.sy_

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn7.zip=>icmntr.exe

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn7.zip=>sbRecovery.ini

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>ictmdl.dll_tobedeleted_old

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>isfmdl.dll_tobedeleted_old_tobedeleted_old

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>isfmntr.exe_tobedeleted_old

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>sbRecovery.ini

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip=>sbRecovery.reg

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip=>sbRecovery.ini

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip=>sbRecovery.reg

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip=>sbRecovery.ini

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\Layered Service Providers.csv

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegBHO-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegDPF-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegDummy-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtBat-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtCmd-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtCom-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtExe-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtPif-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtReg-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtScr-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtScrc-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBME-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP1-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP2a-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP2b-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP3-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP4-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBTB1-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBTB2-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGCP-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGIESH-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGNTCVW-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGNTCVWL-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS1-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS1SM-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS2-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS2SM-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS3-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS3SM-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS4-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGSS-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGSSODL-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGWLN-Global.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBME-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP1-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2a-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2b-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP3-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP4-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBTB1-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBTB2-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUCP-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUDesk-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUIESH-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUNTCVW-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUNTCVWL-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS1-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS2-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS3-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS4-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUSSODL-tony.reg

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\System startup.csv

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\Uninstall info.csv

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccEmlPxy.dat

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Configuration.Log.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:cur.scr

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:ESRDEF.999

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCDEFS.998

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN7.997

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN8.996

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN9.995

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.tri

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.grd

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.sig

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.mar_symalllanguages_livetri.zip

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)

Infecté par: Trojan.Vundo.M

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN

Infecté par: Win32.Gael.3666

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN

Infecté par: Win32.Gael.3666

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE163.VBN=>(Quarantine-PE)

Infecté par: Trojan.Spy.SpyAnytime.D

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE163.VBN=>(Quarantine-PE)

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 1)

Infecté par: Trojan.Spy.SpyAnytime.D

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 1)

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)

Infecté par: Trojan.Spy.Keylogger.Y

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Infecté par: Virtool.HiddenRun.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Infecté par: Trojan.Bat.Zapchast.BT

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Infecté par: Backdoor.Mirc.S

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Infecté par: Backdoor.FTP.ioFtpd.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

Infecté par: Backdoor.Irc.Zapchast.BB

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

Infecté par: Trojan.Leechpie.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

Infecté par: Backdoor.IRC.Zapchast

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Infecté par: Virtool.HiddenRun.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Infecté par: Trojan.Bat.Zapchast.BT

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Infecté par: Backdoor.Mirc.S

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Infecté par: Backdoor.FTP.ioFtpd.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

Infecté par: Backdoor.Irc.Zapchast.BB

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

Infecté par: Trojan.Leechpie.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

Infecté par: Backdoor.IRC.Zapchast

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN

Infecté par: Win32.Gael.3666

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Infecté par: Virtool.HiddenRun.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Infecté par: Trojan.Bat.Zapchast.BT

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Infecté par: Backdoor.Mirc.S

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Infecté par: Backdoor.FTP.ioFtpd.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiV
0
Réponse 12 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O20 - Winlogon Notify: winowl32 - C:\WINDOWS\

_____________________

vire ce qui est en quarantaine dans norton et dans la sauvegarde de spybot

_____________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________________

refais un scan bit defender et dis tes problemes actuels
0
Réponse 13 / 17
Hiro
 
Comme ça à première vue je n'ai plus de problème (si ce n'est le virus polit32 il me semble qui s'est fait repéré par Norton pendant le scan de Bitdefender)
J'ai viré ce qui était en quarantaine dans Norton mais je n'ai pas vu ou virer les fichiers spybot, et j'ai passé 3x le ccleaner

De nouveau je n'ai pas encore redémarré depuis tous ces nettoyages.

Bitdefender

Statistiques

Temps

02:34:28

Fichiers

648076

Directoires

15339

Secteurs de boot

5

Archives

3720

Paquets programmes

40267

Résultats

Virus identifiés

4

Fichiers infectés

7

Fichiers suspects

0

Avertissements

0

Désinfectés

2

Fichiers effacés

5

Info sur les moteurs

Définition virus

894049

Version des moteurs

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins

14

Archive des plugins

38

Unpack des plugins

7

E-mail plugins

6

Système plugins

1

Paramètres d'analyse

Première action

Désinfecté

Seconde Action

Supprimé

Heuristique

Oui

Acceptez les avertissements

Oui

Extensions analysées

*;

Excludez les extensions

Analyse d'emails

Oui

Analyse des Archives

Oui

Analyser paquets programmes

Oui

Analyse des fichiers

Oui

Analyse de boot

Oui

Fichier analysé

Statut

C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005

Infecté par: Trojan.Agent.BFJ

C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005

Echec de la désinfection

C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005

Supprimé

C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)

Echec de la mise à jour

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN=>(Quarantine-PE)

Infecté par: Win32.Polip.A

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN=>(Quarantine-PE)

Désinfecté

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN

Echec de la mise à jour

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN=>(Quarantine-PE)

Infecté par: Win32.Parite.B

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN=>(Quarantine-PE)

Désinfecté

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN

Echec de la mise à jour

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Echec de la désinfection

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Supprimé

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

Echec de la mise à jour

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Echec de la désinfection

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Supprimé

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

Echec de la mise à jour

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Echec de la désinfection

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Supprimé

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

Echec de la mise à jour

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Echec de la désinfection

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe

Supprimé

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)

Echec de la mise à jour
0
Réponse 14 / 17
Hiro
 
Mon pc devient agaçant, je désactive le tea timer pendant les analyses et quand je redémarre, il voit qu'il y a eu des changements et il me demande si c'est normal que telle ou telle clè ait disparue (ancienne valeure 21ec4600..., nouvelle valeure Rien)... je lui dis oui et quand je rescan elles sont de nouveau là. Je les vire et au démarrage suivant il me demande si c'est normal que ça ait disparu (comme je l'interprétait en tout cas) mais je lui dis non... pour voir, et c'est toujorus pareil... ou est l'erreur?

Logfile of HijackThis v1.99.1
Scan saved at 04:23:17, on 28.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Documents and Settings\tony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 15 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
accepte tout avec le tea timer!!! pendant la desinfection!

______________

fix ces lignes

O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O20 - Winlogon Notify: winowl32 - C:\WINDOWS\

______________
mets a jour JAVA: DEMARRER puis PANNEAU DE CONFIG puis JAVA puis MISE A JOUR

_____________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN
D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________

vire ce qui est dans moved files en allant dans poste de travail puis C puis

C:\_OTMoveIt\MovedFiles.

__________________

recolle un rapport bitdefender et hijakchtis et surtout dis tes soucis actuels
0
Réponse 16 / 17
Hiro
 
Hello,

Des problèmes je n'en constate plus, mais bon on dirait qu'il reste du merdier vu que ça revient dans les scans. J'ai réeffacé les trucs avec hihjack, accepté une fois par éléments supprimés dans le tea timer et puis je suis emmerdé avec Otmoveit, il ne s'éxecute pas, c'est seulement une petite fenêtre dos qui s'ouvre une seconde et rien après, il y a même pas d'icone sur l'éxécutable. Dis moi comment je peux l'éxécuter, j'ai essayé depuis une fenêtre de commande pour voir mais ça change rien.

Counting on you mate.

Merci

Hiro
0
Réponse 17 / 17
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
desactive le tea timer le temps des scans

a la place de otmovit:

télécharges et installes :

kill box
https://www.bleepingcomputer.com/download/linux/

aide kill box
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Double-clic sur fix.reg

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le dossier jaune à droite et sélectionne le fichier :

C:\Documents and Settings\tony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN
D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe

- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox

__________________

recolle un rapport bitdefender et hijakchtis et surtout dis tes soucis actuels
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses