Help Spyware ou virus Fermé

Question

Bonjour,

J'ai depuis peu un virus sur mon ordinateur et une icone de bouclier dans la zone de notification qui fait apparaitre le message "System has detected a number of active spywares on your computer...." quelqu'un est allé sur des site non sur depuis mon PC et je pense qu'il est infecté. J'ai nettoyé plusieurs choses à l'aide de spybot et de adaware mais il semble qu'il reste des virus.


Voila le rapport navilog :

Search Navipromo version 3.4.2 commencé le 23.01.2008 à 16:39:31.76

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings	ony\application data" *** 



*** Recherche dossiers dans "C:\Documents and Settings	ony\local settings\application data" *** 



*** Recherche dossiers dans "C:\Documents and Settings	ony\MENUDM~1\PROGRA~1" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings	ony\local settings\application data" * 



*** Recherche fichiers *** 




*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\mc trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings	ony\local settings\application data" : 


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :



*** Analyse terminée le 23.01.2008 à 16:46:24.70 ***


merci d'avance

jlpjlp · Answer

slt , tu peux desinstaller navilog . Colle un rapport hijackthis

Hiro · Answer

Hello, voila le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 13:29:03, on 24.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings	ony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201003758.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Fichiers communs\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://hotnight.dyndns.org/vnc/msrdp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Merci

jlpjlp · Answer

désactivé le tea timer de spybot je temps des analyses. Colle un rapport combofix. Http://www.techsupportforum.com/sectouls/susbs/combofix.exe

jlpjlp · Answer

desinstalle via ton panneau de configuration  

Viewpoint Toolbar BHO
___________



relance hijakchtis et fix ces lignes (fix cheked)



O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Online Add-on\isfmdl.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201003758.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Fichiers communs\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: IE Custom Tools - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing).
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://hotnight.dyndns.org/vnc/msrdp.cab
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing) 

____________________

recolle un rapport hijackthis et colle bien le rapport combofix

Hiro · Answer

J'ai fais le rapport navilog après avoir nettoyé avec higjackthis, et je n'ai pas redémarré depuis le nettoyage


Rapport highjackthis :

Logfile of HijackThis v1.99.1
Scan saved at 01:32:29, on 25.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings	ony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Rapport Navilog :


Start Time= 25.01.2008  1:34:12.25

QuickScan did not find any signs of infected files

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-01-23     16:35:30                       ( .D... )   "C:\Program Files\Navilog1"
2008-01-22     13:10:22                       ( .D... )   "C:\Program Files\VirusProtect 3.9"
2008-01-22     13:09:20                       ( .D... )   "C:\Program Files\Helper"
2008-01-22     11:51:04        13312       ( A.S.. )   "C:\WINDOWS\system32\shlahsd.dll"
2008-01-02     10:21:38     17642616       ( A.... )   "C:\WINDOWS\system32\MRT.exe"
2007-12-26     00:20:26                       ( .D... )   "C:\Program Files\CDBurnerXP"
2007-12-26     00:17:50                       ( .D... )   "C:\Program Files\MSBuild"
2007-12-26     00:17:34                       ( .D... )   "C:\Program Files\Reference Assemblies"
2007-12-26     00:13:54                       ( .D... )   "C:\Program Files\MSXML 6.0"
2007-12-25     23:40:12        34308       ( A.... )   "C:\WINDOWS\system32\bassmod.dll"
2007-12-25     23:34:12                       ( .D... )   "C:\Program Files\MagicISO"
2007-12-20     09:43:48       248448       ( A.... )   "C:\WINDOWS\system32\PROUnstl.exe"
2007-12-14     20:05:14        35424       ( A.... )   "C:\WINDOWS\system32\e100bmsg.dll"
2007-12-04     18:14:58                       ( .D... )   "C:\Program Files\WorldPx"
2007-11-29     06:38:46        40056       ( A.... )   "C:\WINDOWS\system32\NicInst.dll"
2007-11-13     12:31:12        60416       ( ..... )   "C:\WINDOWS\system32	zchange.exe"
2007-11-07     20:43:52       413696       ( A.... )   "C:\WINDOWS\system32\wrap_oal.dll"
2007-11-07     20:43:52        86016       ( A.... )   "C:\WINDOWS\system32\OpenAL32.dll"
2007-11-07     10:28:32       728576       ( A.... )   "C:\WINDOWS\system32\lsasrv.dll"
2007-10-31     00:23:48      3590656       ( A.... )   "C:\WINDOWS\system32\mshtml.dll"
2007-10-29     23:43:32      1293824       ( A.... )   "C:\WINDOWS\system32\quartz.dll"
2007-10-29     16:07:16       369152       ( A.... )   "C:\WINDOWS\system32\xpsp3res.dll"
2007-10-25     17:43:26      8516608       ( A.... )   "C:\WINDOWS\system32\shell32.dll"


(((((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun]
"ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"ccApp"="\"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe\""
"RCSystem"="\"C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe\" RCSystem * -Startup"
"AudioDrvEmulator"="\"C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe\" -1 AudioDrvEmulator \"C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll\""
"VolPanel"="\"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe\" /r"
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe"
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe"
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
"HP Component Manager"="\"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"Zone Labs Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Creative Detector"="\"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe\" /R"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorerun]
"{F0D1515A-0958-4108-1230-020404220029}"="\"C:\Program Files\Fichiers communs\{F0D1515A-0958-4108-1230-020404220029}\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"msnmsgr"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversionun]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CONNECTAUTrayApp.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\CONNECTAUTrayApp.lnk"
"backup"="C:\WINDOWS\pss\CONNECTAUTrayApp.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Sony\CONNEC~1\CONNEC~3.EXE "
"item"="CONNECTAUTrayApp"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Getting Started with MacDrive 5.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Getting Started with MacDrive 5.lnk"
"backup"="C:\WINDOWS\pss\Getting Started with MacDrive 5.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{B173DFDA-04BB-4626-ACF4-E850294B35EC}\IconC76F88591.exe "
"item"="Getting Started with MacDrive 5"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk"
"backup"="C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk"
"backup"="C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE "
"item"="Lancement rapide d'Adobe Reader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TabUserW.exe.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TabUserW.exe.lnk"
"backup"="C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\system32\WTablet\TabUserW.exe "
"item"="TabUserW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^tony^Menu Démarrer^Programmes^Démarrage^RAR Password Cracker.lnk]
"path"="C:\Documents and Settings\tony\Menu Démarrer\Programmes\Démarrage\RAR Password Cracker.lnk"
"backup"="C:\WINDOWS\pss\RAR Password Cracker.lnkStartup"
"location"="Startup"
"command"="C:\PROGRA~1\RARPAS~1\rpc.exe /c \"D:\Backup Bureau\Bordel Bureau\Nouveau dossier\coco2.rpc\""
"item"="RAR Password Cracker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Agent"
"hkey"="HKLM"
"command"="C:\Program Files\CyberLink\PowerVCRII\Agent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Anti-Blaxx"
"hkey"="HKLM"
"command"="C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChristmasTree]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Christmas"
"hkey"="HKCU"
"command"="C:\DOCUME~1\tony\LOCALS~1\Temp\Rar$EX00.500\Christmas.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CONNECTScheduler]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="CONNECTScheduler"
"hkey"="HKLM"
"command"="\"C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe\" /RUN_SCHEDULER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="CTDVDDET"
"hkey"="HKLM"
"command"="\"C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="CTXFIHLP"
"hkey"="HKLM"
"command"="CTXFIHLP.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\Program Files\DAEMON Tools\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"c:\Program Files\HP\HP Software Update\HPWuSchd2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="hphmon06"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\hphmon06.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\system32\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeWire Acceleration Patch]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="LimeWire Acceleration Patch"
"hkey"="HKCU"
"command"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="MACVNTFY"
"hkey"="HKLM"
"command"="\"C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE\" /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\Program Files\Messenger\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="RemoteAgent"
"hkey"="HKLM"
"command"="C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="SMTray"
"hkey"="HKLM"
"command"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\WINDOWS\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\system32\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=dword:00000002
"wuauserv"=dword:00000002
"helpsvc"=dword:00000002
 

Contents of the 'Scheduled Tasks' folder 
C:\WINDOWS	asks\HP Usg Daily.job

Completion time: 25.01.2008  1:34:38.50
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

jlpjlp · Answer

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php


2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. 


dis moi tes problemes actuels

Hiro · Answer

Hello, depuis le démarrage ce matin le tea timer demande si j'accepte une modification du registre, je l'ai refusée plusieurs fois mais elle continue à venir. Catégorie : Global Browser toolbar, modif : valeur supprimée. Je ne sais pas si je devrais accepter la modification... je le laisse en attente.

Toujours le message sur le bouclier qui dit que des spyware sont présent dans le système.

Merci pour ton aide


SmitFraudFix v2.274

Rapport fait à 12:35:28.71, 25.01.2008
Executé à partir de C:\Documents and Settings	ony\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings	ony


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings	ony\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1	ony\Favoris

C:\DOCUME~1	ony\Favoris\Antivirus Test Online.url PRESENT !
C:\DOCUME~1	ony\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Helper\ PRESENT !
C:\Program Files\VirusProtect 3.9\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Intel(R) PRO/100+ Alert on LAN* pour gestion - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

jlpjlp · Answer

desactive le tea timer le temps de la desinfection

______________
 redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) 

puis relance smitfraudfix ,sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée et colle moi le rapport

________________


 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

____________________

recolle hiajckhtis et dis tes problemes

Hiro · Answer

Hello, j'ai du redémarré pour etre connecté, le tea timer attend que je lui dise si oui ou non j'accepte la modif dans C:\windows\system32\blank.htm. Que dois je lui dire ?

Et l'icone du bouclier qui dis qu'il y a des spyware a disparu. Merci pour ça déjà. L'es bien infecté mon PC on dirait

Sinon le rapport Smit établi en mode sans echec cet après midi

SmitFraudFix v2.274

Rapport fait à 14:25:19.76, 25.01.2008
Executé à partir de C:\Documents and Settings	ony\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"="aposiopetic"

[HKEY_CLASSES_ROOT\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{91316323-2ad5-4794-9589-52a2eaa60a68}\InProcServer32]
@="C:\WINDOWS\system32\shlahsd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\shlahsd.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\shlahsd.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ot.ico supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url supprimé
C:\DOCUME~1	ony\Favoris\Antivirus Test Online.url supprimé
C:\DOCUME~1	ony\Favoris\Online Security Test.url supprimé
C:\Program Files\Helper\ supprimé
C:\Program Files\VirusProtect 3.9\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Intel(R) PRO/100+ Alert on LAN* pour gestion - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CE167E1-1E27-4A73-9F9D-8F481528349B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Et le hihjack établi en mode sans echec


Logfile of HijackThis v1.99.1
Scan saved at 00:16:42, on 26.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings	ony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

jlpjlp · Answer

Hello, j'ai du redémarré pour etre connecté, le tea timer attend que je lui dise si oui ou non j'accepte la modif dans C:\windows\system32\blank.htm. Que dois je lui dire ?  TU METS OUI (le mieux etant de desactiver le tea timer le temps des analyses)



___________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O20 - Winlogon Notify: winowl32 - C:\WINDOWS\

___________________

mets a jour JAVA: DEMARRER puis PANNEAU DE CONFIG puis JAVA puis MISE A JOUR
____________________

colle un rapport d'un scan en ligne

______________________
recolle hiajckhtis et dis tes problemes

Hiro · Answer

Hello, j'ai fais le rapport avec bitdefender, il s'est excité comme un fou sur les fichiers mis en quarantaine par Norton et sur d'autre fichiers qui semblaient être des virus actif. Et puis les clè que je vais viré avec hihjack hier sont déjà de retour..... {21ECA600 et d'autre saloperies

Je vais encore tester avec un autre de ces scan online.
En attendant, le rapport hihjack et le rapport bitdefender.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:26, on 27.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Documents and Settings	ony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe








BitDefender Online Scanner
	

 
	

 

Rapport d'analyse généré à: Sun, Jan 27, 2008 - 04:01:10

 
	

 
	

 

Voie d'analyse: A:\;C:\;D:\;E:\;J:\;M:\;
	

 
	

 

 
	

 
	

 

Statistiques

Temps
	

02:09:46

Fichiers
	

654546

Directoires
	

15999

Secteurs de boot
	

5

Archives
	

3699

Paquets programmes
	

40367
	

 
	

 

Résultats

Virus identifiés
	

25

Fichiers infectés
	

96

Fichiers suspects
	

0

Avertissements
	

0

Désinfectés
	

2

Fichiers effacés
	

130
	

 
	

 

Info sur les moteurs

Définition virus
	

893929

Version des moteurs
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
	

14

Archive des plugins
	

38

Unpack des plugins
	

7

E-mail plugins
	

6

Système plugins
	

1
	

 
	

 

Paramètres d'analyse

Première action
	

Désinfecté

Seconde Action
	

Supprimé

Heuristique
	

Oui

Acceptez les avertissements
	

Oui

Extensions analysées
	

*;

Excludez les extensions
	

 

Analyse d'emails
	

Oui

Analyse des Archives
	

Oui

Analyser paquets programmes
	

Oui

Analyse des fichiers
	

Oui

Analyse de boot
	

Oui
	

 
	

 
 

Fichier analysé
	

 Statut

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\ikernel.ex_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\INSTALL.INI
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\layout.bin
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\Setup.exe
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\Setup.ini
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\setup.inx
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\setup.iss
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\CPanel\shortcut.iss
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 0)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 1)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 2)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 2)=>(Embedded EXE o)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 3)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 4)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 6)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 7)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 8)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 9)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 10)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 11)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.cab=>(IShield Module 12)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data1.hdr
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\data2.cab
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\atiiseag.ini
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2cqag.dl_
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2cqag.dl_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2dvag.dl_
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2dvag.dl_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2edxx.dl_
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2edxx.dl_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2erec.dl_
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2erec.dl_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.dl_
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.dl_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.ex_
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2evxx.ex_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mdxx.ex_
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mdxx.ex_=>(MS-Compress 5)
	

Nettoyé

C:\ATI\SUPPORT\5-9_xp-2k_dd_cp_wdm_26409\Driver\2KXP_INF\B_26509\ati2mtag.sy_
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn7.zip=>icmntr.exe
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn7.zip=>sbRecovery.ini
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>ictmdl.dll_tobedeleted_old
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>isfmdl.dll_tobedeleted_old_tobedeleted_old
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>isfmntr.exe_tobedeleted_old
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn8.zip=>sbRecovery.ini
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip=>sbRecovery.reg
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderodn9.zip=>sbRecovery.ini
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip=>sbRecovery.reg
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderoid.zip=>sbRecovery.ini
	

Protection par mot de passe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\Layered Service Providers.csv
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegBHO-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegDPF-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegDummy-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtBat-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtCmd-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtCom-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtExe-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtPif-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtReg-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtScr-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegExtScrc-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBME-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP1-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP2a-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP2b-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP3-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBP4-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBTB1-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGBTB2-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGCP-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGIESH-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGNTCVW-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGNTCVWL-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS1-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS1SM-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS2-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS2SM-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS3-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS3SM-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGS4-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGSS-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGSSODL-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegGWLN-Global.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBME-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP1-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2a-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP2b-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP3-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBP4-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBTB1-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUBTB2-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUCP-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUDesk-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUIESH-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUNTCVW-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUNTCVWL-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS1-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS2-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS3-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUS4-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegUSSODL-tony.reg
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\System startup.csv
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\Uninstall info.csv
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccEmlPxy.dat
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Configuration.Log.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:cur.scr
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:ESRDEF.999
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCDEFS.998
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN7.997
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN8.996
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177085186jtun_sav10en70412048.m25=>archstored:TCSCAN9.995
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.apr_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.aug_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.curdefs_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.dec_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.feb_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jan_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jul_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.tri
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.grd
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.jun_symalllanguages_livetri.zip=>liveupdt.sig
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$20microdefs25$20savcorp10_microdefsb.mar_symalllanguages_livetri.zip
	

Nettoyé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)
	

Infecté par: Trojan.Vundo.M

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02E80000\47EE05D4.VBN=>(Quarantine-PE)
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN
	

Infecté par: Win32.Gael.3666

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\46EB0532.VBN
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN
	

Infecté par: Win32.Gael.3666

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001\46EC89CD.VBN
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE163.VBN=>(Quarantine-PE)
	

Infecté par: Trojan.Spy.SpyAnytime.D

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE163.VBN=>(Quarantine-PE)
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 1)
	

Infecté par: Trojan.Spy.SpyAnytime.D

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 1)
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)
	

Infecté par: Trojan.Spy.Keylogger.Y

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)=>(Instyler Module 6)
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\077C0000\477CE164.VBN=>(Quarantine-PE)=>(Instyler o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Infecté par: Virtool.HiddenRun.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Infecté par: Trojan.Bat.Zapchast.BT

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Infecté par: Backdoor.Mirc.S

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Infecté par: Backdoor.FTP.ioFtpd.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe
	

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll
	

Infecté par: Backdoor.Irc.Zapchast.BB

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll
	

Infecté par: Trojan.Leechpie.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys
	

Infecté par: Backdoor.IRC.Zapchast

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07880000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Infecté par: Virtool.HiddenRun.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Infecté par: Trojan.Bat.Zapchast.BT

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Infecté par: Backdoor.Mirc.S

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Infecté par: Backdoor.FTP.ioFtpd.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe
	

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll
	

Infecté par: Backdoor.Irc.Zapchast.BB

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>es32.dll
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll
	

Infecté par: Trojan.Leechpie.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>msmqins.dll
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys
	

Infecté par: Backdoor.IRC.Zapchast

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>ntio40.sys
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN
	

Infecté par: Win32.Gael.3666

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4EEEAE94.VBN
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Infecté par: Virtool.HiddenRun.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>runsvc.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Infecté par: Trojan.Bat.Zapchast.BT

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>setuphlp.cmd
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>stt.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Infecté par: Backdoor.Mirc.S

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>csrs.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Infecté par: Backdoor.FTP.ioFtpd.B

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Echec de la désinfection

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>lssas.exe
	

Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)
	

Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A380000.VBN=>(Quarantine-PE)=>(RAR Sfx o)=>unpack7.exe=>(RAR Sfx o)=>stt.exe
	

Infecté par: VirTool.Maxxx.A

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiV

jlpjlp · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 


O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O20 - Winlogon Notify: winowl32 - C:\WINDOWS\



_____________________

vire ce qui est en quarantaine dans norton et dans la sauvegarde de spybot

_____________________

utilise  pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________________

refais un scan  bit defender et dis tes problemes actuels

Hiro · Answer

Comme ça à première vue je n'ai plus de problème (si ce n'est le virus polit32 il me semble qui s'est fait repéré par Norton pendant le scan de Bitdefender)
J'ai viré ce qui était en quarantaine dans Norton mais je n'ai pas vu ou virer les fichiers spybot, et j'ai passé 3x le ccleaner

De nouveau je n'ai pas encore redémarré depuis tous ces nettoyages.



Bitdefender


Statistiques

Temps
	

02:34:28

Fichiers
	

648076

Directoires
	

15339

Secteurs de boot
	

5

Archives
	

3720

Paquets programmes
	

40267
	

 
	

 

Résultats

Virus identifiés
	

4

Fichiers infectés
	

7

Fichiers suspects
	

0

Avertissements
	

0

Désinfectés
	

2

Fichiers effacés
	

5
	

 
	

 

Info sur les moteurs

Définition virus
	

894049

Version des moteurs
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
	

14

Archive des plugins
	

38

Unpack des plugins
	

7

E-mail plugins
	

6

Système plugins
	

1
	

 
	

 

Paramètres d'analyse

Première action
	

Désinfecté

Seconde Action
	

Supprimé

Heuristique
	

Oui

Acceptez les avertissements
	

Oui

Extensions analysées
	

*;

Excludez les extensions
	

 

Analyse d'emails
	

Oui

Analyse des Archives
	

Oui

Analyser paquets programmes
	

Oui

Analyse des fichiers
	

Oui

Analyse de boot
	

Oui
	

 
	

 
 

Fichier analysé
	

 Statut

C:\Documents and Settings	ony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005
	

Infecté par: Trojan.Agent.BFJ

C:\Documents and Settings	ony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005
	

Echec de la désinfection

C:\Documents and Settings	ony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)=>lzma_solid_nsis0005
	

Supprimé

C:\Documents and Settings	ony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe=>(NSIS o)
	

Echec de la mise à jour

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN=>(Quarantine-PE)
	

Infecté par: Win32.Polip.A

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN=>(Quarantine-PE)
	

Désinfecté

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN
	

Echec de la mise à jour

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN=>(Quarantine-PE)
	

Infecté par: Win32.Parite.B

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN=>(Quarantine-PE)
	

Désinfecté

C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN
	

Echec de la mise à jour

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Echec de la désinfection

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Supprimé

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)
	

Echec de la mise à jour

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Echec de la désinfection

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Supprimé

D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)
	

Echec de la mise à jour

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Echec de la désinfection

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Supprimé

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)
	

Echec de la mise à jour

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Infecté par: Generic.Adw.SaveNow.56AD4696

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Echec de la désinfection

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)=>VVSN.exe
	

Supprimé

D:\Old computer\Bureau\Bordel Bureau\eXeem_0.22_setup.exe=>(ZIP Sfx 2r)=>setup.exe=>(Instyler o)=>(Instyler Module 81)=>(CAB Sfx r)
	

Echec de la mise à jour

Hiro · Answer

Mon pc devient agaçant, je désactive le tea timer pendant les analyses et quand je redémarre, il voit qu'il y a eu des changements et il me demande si c'est normal que telle ou telle clè ait disparue (ancienne valeure 21ec4600..., nouvelle valeure Rien)... je lui dis oui et quand je rescan elles sont de nouveau là. Je les vire et au démarrage suivant il me demande si c'est normal que ça ait disparu (comme je l'interprétait en tout cas) mais je lui dis non... pour voir, et c'est toujorus pareil... ou est l'erreur?


Logfile of HijackThis v1.99.1
Scan saved at 04:23:17, on 28.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Documents and Settings	ony\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcappcapd.exe" -d -f "%ProgramFiles%\WinPcappcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

jlpjlp · Answer

accepte tout avec le tea timer!!! pendant la desinfection!

______________

fix ces lignes 

O2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O20 - Winlogon Notify: winowl32 - C:\WINDOWS\






______________
mets a jour JAVA: DEMARRER puis PANNEAU DE CONFIG puis JAVA puis MISE A JOUR 

_____________


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 


C:\Documents and Settings	ony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN
D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe



clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

_______________


vire ce qui est dans moved files en allant dans poste de travail puis C puis

C:\_OTMoveIt\MovedFiles. 

__________________

recolle un rapport bitdefender et hijakchtis et surtout dis tes soucis actuels

Hiro · Answer

Hello,

Des problèmes je n'en constate plus, mais bon on dirait qu'il reste du merdier vu que ça revient dans les scans. J'ai réeffacé les trucs avec hihjack, accepté une fois par éléments supprimés dans le tea timer et puis je suis emmerdé avec Otmoveit, il ne s'éxecute pas, c'est seulement une petite fenêtre dos qui s'ouvre une seconde et rien après, il y a même pas d'icone sur l'éxécutable. Dis moi comment je peux l'éxécuter, j'ai essayé depuis une fenêtre de commande pour voir mais ça change rien.

Counting on you mate.

Merci

Hiro

jlpjlp · Answer

desactive le tea timer le temps des scans

a la place de otmovit:


télécharges et installes : 

kill box 
https://www.bleepingcomputer.com/download/linux/ 


aide kill box 
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm 


- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci 

- Double-clic sur fix.reg 

Ouvres killbox 
- Sélectionne "delete on reboot" 
- Clique sur le dossier jaune à droite et sélectionne le fichier : 


C:\Documents and Settings	ony\Bureau\BUREAU BORDEL\Bureau bordel\divx-4.5.1.exe
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc3\4FBCD9CD.VBN
C:\RECYCLER\S-1-5-21-1645522239-1275210071-839522115-1003\Dc4\4C7F4993.VBN
D:\Backup Bureau\Bordel Bureau\eXeem_0.22_setup.exe



- Clique sur la croix rouge et et blanche 
- Répond yes et laisse redémarrer ton pc. 
N'hésite pas à consulter l'Aide killbox 



__________________

recolle un rapport bitdefender et hijakchtis et surtout dis tes soucis actuels

Help Spyware ou virus

17 réponses

Discussions similaires