jcld1

bonsoir, je m'excuse pour mon manque d'aciduité mais je suis parti en expopsdition et je ne vais pas pouvoir continuer avant la semaine prochaine. j'ai commencé à voir les sites que tu m'as rtecommandé mais la je laisse tout tomber pour plus d'une semaine. merci encore pour toute l'aide appoprtée. bon courage pour la suite et à très bientot jcld

bonjour, merci beaucoup pour ton efficacité et ta disponibilité, ainsi qu'a tous ceux qui participe à nous aider. je prend bonne note de tes conseils. je suis pret pour l'optimisation de mon rapport et j'attend tes directives merci à tous jcld

j'espère que je ne te mets pas 2 fois le rapport standard hijackthis il n'a pas voulu en principe prendre à la suite?? pour info j'ai effectué un scan avec " l'outil de suppression des logiciels malveillants" de Microsoft ras Logfile of HijackThis v1.99.1 Scan saved at 18:00:57, on 22/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\WINDOWS\system32\CascSvc.exe C:\Program Files\Cobian Backup 7\cbs.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Livecom\Toaster\Toaster.exe C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\ftplayer.exe C:\Program Files\Files-Destructor\FILEDEST.EXE C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE E:\Program Files\SolSuite\SolSuite.exe C:\Program Files\ACT\act.exe C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\PROGRA~1\ACT\DrvWd6.wpi C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HjtackThis 2006\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Program Files\Girafa\GirafaBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Casc'ADSL (CascSvc) - Unknown owner - C:\WINDOWS\system32\CascSvc.exe O23 - Service: Cobian Backup 7 service (CobBackup7) - Luis Cobian - C:\Program Files\Cobian Backup 7\cbs.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe bonne interprétation jcld

bonsoir, le premier rapport avec "open the misc tools section" StartupList report, 22/03/2006, 17:56:04 StartupList version: 1.52.2 Started from : C:\HjtackThis 2006\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\WINDOWS\system32\CascSvc.exe C:\Program Files\Cobian Backup 7\cbs.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Livecom\Toaster\Toaster.exe C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\ftplayer.exe C:\Program Files\Files-Destructor\FILEDEST.EXE C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE E:\Program Files\SolSuite\SolSuite.exe C:\Program Files\ACT\act.exe C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\PROGRA~1\ACT\DrvWd6.wpi C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HjtackThis 2006\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\LE DU\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\Userinit.exe [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033 LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe EoEngine = EoClock = GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe FSASWREG = "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe" F-Secure TNB = "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW F-Secure Manager = "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash F-Secure Startup Wizard = "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot News Service = "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" RegistryMechanic = -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background Livecom = "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized Orb = "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run= HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\Johnny2.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - (no file) - {64F56FC1-1272-44CD-BA6E-39723696E350} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: Scheduled scanning task.job XoftSpy.job -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll CODEBASE = http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab [{2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA}] CODEBASE = http://acces.blonde.com/package/op/PackageHtmlCab.CAB [symantec AntiVirus scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab [symantec RuFSI Utility Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab [Housecall ActiveX 6.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll CODEBASE = http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [F-Secure Online Scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll CODEBASE = http://www.securitoo.com/fra/pages/navol/fscax.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8422.8687037037 [{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}] CODEBASE = http://www.trendmicro.com/spyware-scan/as4web.cab [Java Plug-in] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Service d'installation du pilote audio Intel® 82801 (WDM): system32\drivers\ac97intc.sys (manual start) Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart) USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) Securitoo Antivirus Firewall: C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Brother Popup Suspend service for Resource manager: "C:\WINDOWS\system32\Brmfrmps.exe" -service (autostart) BrSplService: C:\WINDOWS\system32\brsvc01a.exe (autostart) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Brother USB Still Image driver: System32\Drivers\BrScnUsb.sys (manual start) Casc'ADSL: C:\WINDOWS\system32\CascSvc.exe (autostart) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) Cobian Backup 7 service: C:\Program Files\Cobian Backup 7\cbs.exe (autostart) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) d347bus: system32\DRIVERS\d347bus.sys (system) d347prt: System32\Drivers\d347prt.sys (system) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Pilote de la carte EtherLink XL 90XB/C 3Com: system32\DRIVERS\el90xbc5.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) F-Secure File System Filter: \??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSfilter.sys (autostart) F-Secure Gatekeeper: \??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSgk.sys (autostart) F-Secure Gatekeeper Handler Starter: "C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe" (autostart) F-Secure File System Recognizer: \??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSrec.sys (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) fsbwsys: "C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe" (autostart) F-Secure Anti-Virus Firewall Daemon: "C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe" (manual start) F-Secure Firewall Driver: System32\drivers\fsdfw.sys (system) F-Secure Management Agent: "C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE" (autostart) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start) GhostStartService: C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (autostart) GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) HSFHWBS2: system32\DRIVERS\HSFBS2S2.sys (manual start) HSF_DP: system32\DRIVERS\HSFDPSP2.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) i81x: system32\DRIVERS\i81xnt5.sys (manual start) iAimFP0: system32\DRIVERS\wADV01nt.sys (manual start) iAimFP1: system32\DRIVERS\wADV02NT.sys (manual start) iAimFP2: system32\DRIVERS\wADV05NT.sys (manual start) iAimFP3: system32\DRIVERS\wSiINTxx.sys (manual start) iAimFP4: system32\DRIVERS\wVchNTxx.sys (manual start) iAimFP5: system32\DRIVERS\wADV07nt.sys (manual start) iAimFP6: system32\DRIVERS\wADV08nt.sys (manual start) iAimFP7: system32\DRIVERS\wADV09nt.sys (manual start) iAimTV0: system32\DRIVERS\wATV01nt.sys (manual start) iAimTV1: system32\DRIVERS\wATV02NT.sys (manual start) iAimTV3: system32\DRIVERS\wATV04nt.sys (manual start) iAimTV4: system32\DRIVERS\wCh7xxNT.sys (manual start) iAimTV5: system32\DRIVERS\wATV10nt.sys (manual start) iAimTV6: system32\DRIVERS\wATV06nt.sys (manual start) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (disabled) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) InCDPass: System32\DRIVERS\InCDPass.sys (system) InCD Helper: C:\Program Files\Ahead\InCD\InCDsrv.exe (disabled) IntelIde: system32\DRIVERS\intelide.sys (system) Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start) mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBT: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Orb Virtual Cable: system32\drivers\orbvckmd.sys (system) Pilote processeur Intel Pentium III: system32\DRIVERS\p3.sys (system) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) PCANDIS5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start) Pilote de bus PCI: system32\DRIVERS\pci.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Logitech QuickCam Pro 3000(PID_08B1): system32\DRIVERS\CamDrL20.sys (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) 802.11g USB 2.0 adapter: system32\DRIVERS\PRISMA02.sys (manual start) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Sandra Data Service: C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe (manual start) Sandra Service: C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: \SystemRoot\system32\DRIVERS\sr.sys (disabled) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{01B829E0-A519-4648-8EA3-E5F3BAE7DC1C} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Pilote miniport de contrôleur hôte ouvert USB Microsoft: system32\DRIVERS\usbohci.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) winachsf: system32\DRIVERS\HSFCXTS2.sys (manual start) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de lancement de WlanCfg: C:\Program Files\Inventel\Gateway\wlancfg.exe SVC (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemRoot%\System32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 39 277 bytes Report generated in 1,772 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only deuxième rapport hijathis classique Logfile of HijackThis v1.99.1 Scan saved at 18:00:57, on 22/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\WINDOWS\system32\CascSvc.exe C:\Program Files\Cobian Backup 7\cbs.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Livecom\Toaster\Toaster.exe C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\ftplayer.exe C:\Program Files\Files-Destructor\FILEDEST.EXE C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE E:\Program Files\SolSuite\SolSuite.exe C:\Program Files\ACT\act.exe C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\PROGRA~1\ACT\DrvWd6.wpi C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HjtackThis 2006\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Program Files\Girafa\GirafaBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Casc'ADSL (CascSvc) - Unknown owner - C:\WINDOWS\system32\CascSvc.exe O23 - Service: Cobian Backup 7 service (CobBackup7) - Luis Cobian - C:\Program Files\Cobian Backup 7\cbs.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Logfile of HijackThis v1.99.1 Scan saved at 18:00:57, on 22/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\WINDOWS\system32\CascSvc.exe C:\Program Files\Cobian Backup 7\cbs.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_F

comme je te l'ai déja dit je pense que nous avons réussi à éliminer les virus que j'avais pu attrapés et je t'en remercie. je ne rencontre plus de problème particulier excepté , mais c'est peut etre un réglage, je ne peux pas lancer depuis microsoft outlook des sites sur internet comme on peux me le demander quelque fois. Ce que je voudrais savoir c'est ce qu'il est bon de controler régulièrement comme le scan avec mon anti-virus, ad-aware, easy cleaner.... je vais effectuer les manips que tu m'as demandé demainet te les adresserais merci encore et bonsoir jcld

bonsoir, je pense que nous avons un problème de liaison je n'ai plus de nouvelles?? jcld

bonsoir, je t'ai mis le résultat en réponse à la suite de ton message je pensais que tu l'avais vu et j'attendais de mon coté de tes nouvelles, avec toutes mes excuses, comme indiqué le scan était négatif jcld

bonsoir et merci de prendre le temps de suivre mon problème je n'ai pas pu avoir de rapport maios il m'a indiqué 13 cookies 1 trojan :TSPY_lineage.LU 1 TRACKWARE: spyware_track_ISpy au stade ou j'en suis je me demande si il reste des virus panda e,n avait détruit, je ne recoie plus de message quand je transfert sur mon portable le scan de securitoo est bon? jcld

bonjour, n'ayant plus de nouvelles je me pose la question? suite à mes derniers résultats restés sans commentaireque paeux t-on faire jcld

ci-joint rapport silent runners "Silent Runners.vbs", revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Livecom" = ""C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe"" [empty string] "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."] "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."] "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "EoEngine" = (empty string) "EoClock" = (empty string) "GhostStartTrayApp" = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" ["Symantec Corporation"] "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "FSASWREG" = ""C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"" [null data] "F-Secure TNB" = ""C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"] "F-Secure Manager" = ""C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash" ["F-Secure Corporation"] "F-Secure Startup Wizard" = ""C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"] "News Service" = ""C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"" ["F-Secure Corporation"] "RegistryMechanic" = (empty string) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "OE_WMPWMFSDK_Install_2" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmnetmgr.dll"" [MS] "OE_WMPWMFSDK_Install_3" = "C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll"" [MS] "OE_WMPWMFSDK_Install_4" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmod.dll"" [MS] "OE_WMPWMFSDK_Install_5" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmoe2.dll"" [MS] "OE_WMPWMFSDK_Install_6" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmoe.dll"" [MS] "OE_WMPWMFSDK_Install_7" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmod.dll"" [MS] "OE_WMPWMFSDK_Install_8" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmoe.dll"" [MS] "OE_WMPWMFSDK_Install_9" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe.dll"" [MS] "OE_WMPWMFSDK_Install_10" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe2.dll"" [MS] "OE_WMPWMFSDK_Install_20" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmod.dll"" [MS] "OE_WMPWMFSDK_Install_21" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mpg4dmod.dll"" [MS] "OE_WMPWMFSDK_Install_22" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp43dmod.dll"" [MS] "OE_WMPWMFSDK_Install_23" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp4sdmod.dll"" [MS] "OE_WMPWMFSDK_Install_24" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmod.dll"" [MS] "OE_WMPWMFSDK_Install_30" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\laprxy.dll"" [MS] "OE_WMPWMFSDK_Install_31" = ""C:\WINDOWS\system32\logagent.exe" /RegServer" [MS] "OE_WMPWMFSDK_Install_32" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvcore.dll"" [MS] "OE_WMPDRM_Install_1" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmstor.dll"" [MS] "OE_WMPDRM_Install_2" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmclien.dll"" [MS] "OE_WMPDRM_Install_4" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmv2clt.dll"" [MS] "OE_WMPDRM_Install_5" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\blackbox.dll"" [MS] "OE_WMPDRM_Install_6" = "C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\msnetobj.dll"" [MS] "OE_WMPWMP7_Install_0" = "C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary" [MS] "OE_WMPWMP7_Install_1" = ""C:\Program Files\Windows Media Player\migrate.exe" /s" [MS] "OE_WMPWMP7_Install_2" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmp.dll" [MS] "OE_WMPWMP7_Install_8" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpshell.dll" [MS] "OE_WMPWMP7_Install_9" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpasf.dll" [MS] "OE_WMPWMP7_Install_10" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpdxm.dll" [MS] "OE_WMPWMP7_Install_11" = "C:\WINDOWS\system32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"" [MS] "OE_WMPWMDM_Install_7" = "C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll" [MS] "OE_WMPWMP7_Install_20" = "C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ "load" = (value not set) "run" = (value not set) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ "AppInit_DLLs" = (value not set) HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.exe" [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp" Active Desktop web content: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "FriendlyName" = "" "Source" = "file:///C:/DOCUME~1/LEDU~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg" "SubscribedURL" = "file:///C:/DOCUME~1/LEDU~1/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\ "SCRNSAVE.EXE" = "C:\WINDOWS\Johnny2.scr" ["MacSourcery"] Enabled Scheduled Tasks: ------------------------ "Scheduled scanning task" -> launches: "C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-V~1\report.txt " ["F-Secure Corporation"] "XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {C6075FF0-1F32-11D4-A681-0050DA502650}\ = "&GirafaBar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Girafa\GirafaBar.dll" ["Girafa.Com Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {C6075FF0-1F32-11D4-A681-0050DA502650}\ = "&GirafaBar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Girafa\GirafaBar.dll" ["Girafa.Com Inc."] {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {78A7D3B4-23E3-11D4-A682-0050DA502650}\ "ButtonText" = "Girafa" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Brother Popup Suspend service for Resource manager, brmfrmps, ""C:\WINDOWS\system32\Brmfrmps.exe" -service " ["Brother Industries, Ltd."] BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"] Casc'ADSL, CascSvc, "C:\WINDOWS\system32\CascSvc.exe" [null data] Cobian Backup 7 service, CobBackup7, "C:\Program Files\Cobian Backup 7\cbs.exe" ["Luis Cobian"] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"] F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."] F-Secure Management Agent, FSMA, ""C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE"" ["F-Secure Corporation"] fsbwsys, fsbwsys, ""C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe"" ["F-Secure Corp."] GhostStartService, GhostStartService, "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe" ["Symantec Corporation"] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} Securitoo Antivirus Firewall, BackWeb Plug-in - 8520111, "C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE" [null data] Service de lancement de WlanCfg, Wlancfg, "C:\Program Files\Inventel\Gateway\wlancfg.exe SVC" ["Inventel"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ VSP1:\Driver = "vsmon1.dll" [null data] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 267 seconds, including 15 seconds for message boxes)

ci-joint rapport demandé pour trendmicro je n'ai pas su comment sauvegarder le rapport. si tu as une solution, elle sera la bienvenue car cela fait plusieurs fois que je ne sais comment effectuer la sauvegarde;le résultat était: 14 tracking cookie 4 peer to peer 7 adaware 5 trojan 14 dialer 2 parasite après suppression il m'a été demandé de réinstaller le servic pack 2 ? ce que j'ai fait pour spybot tout a été corrigé sauf eAcceleration 2 éléments eAcceleration: Dossier Programme (Répertoire, nothing done) C:\Program Files\Acceleration Software\Anti-Virus\ eAcceleration: Dossier Programme (Répertoire, nothing done) C:\Program Files\Acceleration Software\ DoubleClick: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done) Advertising.com: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done) Avenue A, Inc.: Cookie traceur (Internet Explorer: LE DU) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2006-03-09 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2006-03-10 Includes\Cookies.sbi (*) 2006-03-10 Includes\Dialer.sbi (*) 2006-03-10 Includes\Hijackers.sbi (*) 2006-03-10 Includes\Keyloggers.sbi (*) 2006-03-10 Includes\Malware.sbi (*) 2006-03-10 Includes\PUPS.sbi (*) 2006-03-10 Includes\Revision.sbi (*) 2006-03-10 Includes\Security.sbi (*) 2006-03-10 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti 2006-03-10 Includes\Trojans.sbi (*) jcld

bonjour désolé pour hier mais je n'étais pas la pour le scan de Spybot je l'avais déjà fais et il n'a a 1 éléments e accelerator qu'il ne veut pas me supprimer je te met le rapport de ad-aware et à la suite celui de f-secure spyware que j'ai trouvé sur mon PC et exécuté ac Ad-Aware SE Build 1.06r1 Logfile Created on:samedi 11 mars 2006 11:25:58 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R96 09.03.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):14 total references Tracking Cookie(TAC index:3):14 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11-03-2006 11:25:58 - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 352 ThreadCreationTime : 11-03-2006 10:07:29 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 684 ThreadCreationTime : 11-03-2006 10:07:34 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 708 ThreadCreationTime : 11-03-2006 10:07:35 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 752 ThreadCreationTime : 11-03-2006 10:07:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applications Services et Contrôleur InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 764 ThreadCreationTime : 11-03-2006 10:07:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 908 ThreadCreationTime : 11-03-2006 10:07:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 956 ThreadCreationTime : 11-03-2006 10:07:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 992 ThreadCreationTime : 11-03-2006 10:07:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1048 ThreadCreationTime : 11-03-2006 10:07:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1108 ThreadCreationTime : 11-03-2006 10:07:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [brsvc01a.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1400 ThreadCreationTime : 11-03-2006 10:07:41 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : brother Industries Ltd brsvc01a CompanyName : brother Industries Ltd FileDescription : brsvc01a InternalName : brsvc01a LegalCopyright : Copyright © Brother Industries, Ltd 2001 OriginalFilename : brsvc01a.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1420 ThreadCreationTime : 11-03-2006 10:07:41 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [brss01a.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1432 ThreadCreationTime : 11-03-2006 10:07:41 BasePriority : Normal FileVersion : 1.004 ProductVersion : 1, 0, 0, 4 ProductName : brother Industries Ltd brss01a.exe CompanyName : brother Industries Ltd FileDescription : brss01a.exe InternalName : brss01a.exe LegalCopyright : Copyright ? 2001 OriginalFilename : brss01a.exe Comments : Brsplproc XP wrapper #:14 [servic~1.exe] FilePath : C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\ ProcessID : 1604 ThreadCreationTime : 11-03-2006 10:07:42 BasePriority : Normal #:15 [brmfrmps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1616 ThreadCreationTime : 11-03-2006 10:07:42 BasePriority : Normal FileVersion : 1.10.10.144 ProductVersion : 1.45.11.403 ProductName : Brother MFL Pro CompanyName : Brother Industries, Ltd. FileDescription : Brother Popup Suspend service ( for R/M ) InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager LegalCopyright : Copyright © 2002 brother OriginalFilename : BrmfRmps.exe #:16 [cascsvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1628 ThreadCreationTime : 11-03-2006 10:07:42 BasePriority : Normal #:17 [cbs.exe] FilePath : C:\Program Files\Cobian Backup 7\ ProcessID : 1656 ThreadCreationTime : 11-03-2006 10:07:42 BasePriority : Normal FileVersion : 7.3.0.156 ProductVersion : 7.0 ProductName : Cobian Backup 7 Service CompanyName : Luis Cobian FileDescription : Cobian Backup 7 Service InternalName : Luz de Luna LegalCopyright : ©2000-2005 by Luis Cobian LegalTrademarks : All rights reserved OriginalFilename : cbs.exe #:18 [ewidoctrl.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 1696 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:19 [fsgk32st.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\ ProcessID : 1708 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 1, 0, 7360, 0 ProductVersion : 1, 0, 7360, 56 ProductName : F-Secure Corp. Startup service CompanyName : F-Secure Corp. FileDescription : fsgk32st InternalName : fsgk32 LegalCopyright : Copyright © 2001 OriginalFilename : fsgk32st.exe Comments : Startup service for Gatekeeper Handler #:20 [fsbwsys.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\ ProcessID : 1724 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 6.70.738 ProductVersion : 6.70 ProductName : F-Secure BackWeb CompanyName : F-Secure Corp. FileDescription : fsbwsys InternalName : fsbwsys LegalCopyright : Copyright © 2004 F-Secure Corporation OriginalFilename : fsbwsys.exe #:21 [fsgk32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\ ProcessID : 1736 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 6.10.11380 ProductVersion : 6.10.11380 ProductName : F-Secure Corp. fsgk32 CompanyName : F-Secure Corp. FileDescription : Gatekeeper Handler II InternalName : fsgk32 LegalCopyright : Copyright © 2004-2005 OriginalFilename : fsgk32.exe Comments : release #:22 [fsma32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Common\ ProcessID : 1748 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 5.62.7676 ProductVersion : 5.62 Build 7676 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Management Agent InternalName : VCH LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows is a trademark of Microsoft Corporation OriginalFilename : FSMA32.EXE #:23 [ghoststartservice.exe] FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\ ProcessID : 1824 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 2003.775 ProductVersion : 2003.775 ProductName : Norton Ghost Start Service CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartService LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved. OriginalFilename : GhostStartService.exe #:24 [fsmb32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Common\ ProcessID : 1836 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 5.62.7676 ProductVersion : 5.62 Build 7676 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Message Broker InternalName : FSMB LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows is a trademark of Microsoft Corporation OriginalFilename : FSMB32.EXE #:25 [fssm32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\ ProcessID : 1832 ThreadCreationTime : 11-03-2006 10:07:43 BasePriority : Normal FileVersion : 6.10.11480 ProductVersion : 6.10.11480 ProductName : F-Secure Corp. fssm32 CompanyName : F-Secure Corp. FileDescription : fssm32 InternalName : fssm32 LegalCopyright : Copyright © 2004-2005 OriginalFilename : fssm32.exe Comments : release #:26 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1940 ThreadCreationTime : 11-03-2006 10:07:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:27 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 380 ThreadCreationTime : 11-03-2006 10:07:44 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:28 [fch32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Common\ ProcessID : 408 ThreadCreationTime : 11-03-2006 10:07:45 BasePriority : Normal FileVersion : 5.62.7676 ProductVersion : 5.62 Build 7676 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Configuration Handler InternalName : FCH LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows is a trademark of Microsoft Corporation OriginalFilename : FCH32.EXE #:29 [wlancfg.exe] FilePath : C:\Program Files\Inventel\Gateway\ ProcessID : 508 ThreadCreationTime : 11-03-2006 10:07:46 BasePriority : Normal FileVersion : 4, 0, 0, 0 ProductVersion : 4, 0, 0, 0 ProductName : Application WLANCfg CompanyName : Inventel FileDescription : WLANCfg InternalName : WLANCfg LegalCopyright : Copyright © 2003 - 2004 Inventel LegalTrademarks : Inventel OriginalFilename : WLANCfg.EXE #:30 [fameh32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Common\ ProcessID : 604 ThreadCreationTime : 11-03-2006 10:07:48 BasePriority : Normal FileVersion : 5.62.7676 ProductVersion : 5.62 Build 7676 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Alert and Management Extension Handler InternalName : FAMEH LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows is a trademark of Microsoft Corporation OriginalFilename : FAMEH32.EXE #:31 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 1348 ThreadCreationTime : 11-03-2006 10:07:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:32 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2292 ThreadCreationTime : 11-03-2006 10:07:59 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorateur Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : EXPLORER.EXE #:33 [fsdfwd.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\FWES\Program\ ProcessID : 2412 ThreadCreationTime : 11-03-2006 10:08:19 BasePriority : Normal FileVersion : 5.70.600 ProductVersion : 5.70 Build 600 ProductName : F-Secure Anti-Virus Internet Shield CompanyName : F-Secure Corporation FileDescription : F-Secure Anti-Virus Internet Shield daemon InternalName : fsdfwd LegalCopyright : Copyright © F-Secure Corporation 1997-2004 OriginalFilename : fsdfwd.exe #:34 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2516 ThreadCreationTime : 11-03-2006 10:08:23 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:35 [daemon.exe] FilePath : C:\Program Files\D-Tools\ ProcessID : 2612 ThreadCreationTime : 11-03-2006 10:08:25 BasePriority : Normal #:36 [lvcomsx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2636 ThreadCreationTime : 11-03-2006 10:08:31 BasePriority : Normal FileVersion : 8.3.0.1096 ProductVersion : 8.3.0.1096 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe LegalCopyright : © 1996-2004 Logitech. All rights reserved. OriginalFilename : LVComS.exe #:37 [logitray.exe] FilePath : C:\Program Files\Logitech\Video\ ProcessID : 2672 ThreadCreationTime : 11-03-2006 10:08:33 BasePriority : Normal FileVersion : 8.3.0.1098 ProductVersion : 8.3.0.1098 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : ImageStudio Tray Application InternalName : LogiTray.exe LegalCopyright : © 1996-2004 Logitech. All rights reserved. OriginalFilename : LogiTray.exe #:38 [ghoststarttrayapp.exe] FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\ ProcessID : 2680 ThreadCreationTime : 11-03-2006 10:08:33 BasePriority : Normal FileVersion : 2003.775 ProductVersion : 2003.775 ProductName : Norton Ghost Start CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartTrayApp LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved. OriginalFilename : GhostStartTrayApp.exe #:39 [realsched.exe] FilePath : C:\Program Files\Fichiers communs\Real\Update_OB\ ProcessID : 2696 ThreadCreationTime : 11-03-2006 10:08:35 BasePriority : Normal FileVersion : 0.1.0.3492 ProductVersion : 0.1.0.3492 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:40 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_06\bin\ ProcessID : 2716 ThreadCreationTime : 11-03-2006 10:08:36 BasePriority : Normal #:41 [fsav32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\ ProcessID : 2744 ThreadCreationTime : 11-03-2006 10:08:36 BasePriority : Normal FileVersion : 5.53.10480 ProductVersion : 5.53.10480 ProductName : F-Secure Anti-Virus CompanyName : F-Secure Corporation FileDescription : FSAV Handler InternalName : FSAV32 LegalCopyright : Copyright © 1998-2004, F-Secure Corporation OriginalFilename : FSAV32.exe #:42 [fsm32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Common\ ProcessID : 2792 ThreadCreationTime : 11-03-2006 10:08:42 BasePriority : Normal FileVersion : 5.62.7676 ProductVersion : 5.62 Build 7676 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Settings and Statistics InternalName : FSM LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows is a trademark of Microsoft Corporation OriginalFilename : FSM32.EXE #:43 [ispnews.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\FSGUI\ ProcessID : 2808 ThreadCreationTime : 11-03-2006 10:08:42 BasePriority : Normal FileVersion : 1, 0, 0, 14 ProductVersion : 1, 0, 0, 14 ProductName : News Service Application CompanyName : F-Secure Corporation FileDescription : News Service InternalName : ISP News LegalCopyright : Copyright © 2003,2004 F-Secure Corporation OriginalFilename : ispnews.exe #:44 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 2828 ThreadCreationTime : 11-03-2006 10:08:44 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:45 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2956 ThreadCreationTime : 11-03-2006 10:08:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe #:46 [livecom.exe] FilePath : C:\PROGRA~1\Livecom\APPLIC~1\Exe\ ProcessID : 3224 ThreadCreationTime : 11-03-2006 10:09:01 BasePriority : Normal FileVersion : 1, 1, 0, 10 ProductVersion : 1, 1, 0, 10 ProductName : Livecom FileDescription : Livecom InternalName : Livecom LegalCopyright : Copyright 2004 OriginalFilename : Livecom.EXE Comments : Version de validation #:47 [fsguiexe.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\FSGUI\ ProcessID : 3640 ThreadCreationTime : 11-03-2006 10:09:11 BasePriority : Normal FileVersion : 5, 70, 2090, 0 ProductVersion : 5, 1, 0, 0 ProductName : ISP 2005 FileDescription : gui standby component InternalName : fsguiexe LegalCopyright : Copyright © 2004-2005 OriginalFilename : fsguiexe.exe #:48 [alertm~1.exe] FilePath : C:\WINDOWS\System32\ALERTM~1\ ProcessID : 1456 ThreadCreationTime : 11-03-2006 10:09:27 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Application AlertModule FileDescription : Application MFC AlertModule InternalName : AlertModule LegalCopyright : Copyright © 2003 OriginalFilename : AlertModule.EXE #:49 [fxsvr2.exe] FilePath : C:\Program Files\Logitech\Video\ ProcessID : 3320 ThreadCreationTime : 11-03-2006 10:09:42 BasePriority : Normal FileVersion : 8.3.0.1098 ProductVersion : 8.3.0.1098 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : QuickCam Framework Server InternalName : FxSvr.EXE LegalCopyright : © 1996-2004 Logitech. All rights reserved. OriginalFilename : FxSvr.EXE #:50 [toaster.exe] FilePath : C:\PROGRA~1\Livecom\Toaster\ ProcessID : 3884 ThreadCreationTime : 11-03-2006 10:09:56 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Application Toaster CompanyName : France Telecom R&D FileDescription : Application MFC Toaster InternalName : Toaster LegalCopyright : Copyright France Telecom R&D © 2004 OriginalFilename : Toaster.EXE #:51 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2440 ThreadCreationTime : 11-03-2006 10:10:23 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:52 [fspex.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\ ProcessID : 3792 ThreadCreationTime : 11-03-2006 10:10:49 BasePriority : Normal #:53 [ftplayer.exe] FilePath : C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\ ProcessID : 3512 ThreadCreationTime : 11-03-2006 10:10:58 BasePriority : Normal FileVersion : 4, 0, 0, 1 ProductVersion : 4, 0, 0, 1 ProductName : eConf CompanyName : France Telecom FileDescription : eConf player InternalName : ftplayer LegalCopyright : Copyright © 1999 - 2004 - France Telecom R&D OriginalFilename : ftplayer.exe #:54 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2920 ThreadCreationTime : 11-03-2006 10:23:43 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:55 [solsuite.exe] FilePath : E:\Program Files\SolSuite\ ProcessID : 2308 ThreadCreationTime : 11-03-2006 10:24:19 BasePriority : Normal FileVersion : 16.1.0.0 ProductVersion : 14.2 CompanyName : TreeCardGames.com FileDescription : SolSuite #:56 [outlook.exe] FilePath : C:\Program Files\Microsoft Office\Office\ ProcessID : 2688 ThreadCreationTime : 11-03-2006 10:24:47 BasePriority : Normal Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : C:\Documents and Settings\LE DU\recent Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\google\navclient\1.1\history Description : MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\internet explorer\typedurls Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\search assistant\acmru Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences Description : MRU List Object Recognized! Location: : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows media\wmsdk\general Description : Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@tradedoubler[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:le du@tradedoubler.com/ Expires : 04-03-2026 10:59:22 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:le du@2o7.net/ Expires : 08-03-2011 15:57:22 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@bluestreak[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:73 Value : Cookie:le du@bluestreak.com/ Expires : 07-03-2016 17:43:08 LastSync : Hits:73 UseCount : 0 Hits : 73 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@estat[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:le du@estat.com/ Expires : 06-03-2016 11:00:12 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@as1.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:88 Value : Cookie:le du@as1.falkag.de/ Expires : 09-05-2006 20:42:20 LastSync : Hits:88 UseCount : 0 Hits : 88 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@doubleclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:9 Value : Cookie:le du@doubleclick.net/ Expires : 09-03-2009 22:42:14 LastSync : Hits:9 UseCount : 0 Hits : 9 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@wreport.weborama[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:le du@wreport.weborama.fr/ Expires : 12-05-2006 11:33:58 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@fastclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:le du@fastclick.net/ Expires : 09-03-2008 21:57:02 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:9 Value : Cookie:le du@tribalfusion.com/ Expires : 01-01-2038 01:00:00 LastSync : Hits:9 UseCount : 0 Hits : 9 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@weborama[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:10 Value : Cookie:le du@weborama.fr/ Expires : 08-03-2011 15:49:32 LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@www.smartadserver[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:103 Value : Cookie:le du@www.smartadserver.com/ Expires : 06-03-2026 11:38:24 LastSync : Hits:103 UseCount : 0 Hits : 103 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@www.cibleclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:11 Value : Cookie:le du@www.cibleclick.com/ Expires : 01-03-2036 15:57:06 LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@valueclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:le du@valueclick.com/ Expires : 05-03-2031 11:36:44 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : le du@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:le du@atdmt.com/ Expires : 09-03-2011 01:00:00 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 14 Objects found so far: 28 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 28 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 28 12:07:28 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:41:29.940 Objects scanned:137526 Objects identified:14 Objects ignored:0 New critical objects:14 Securitoo Anti-Spyware Build 1.06r1 Fichier journal créé le :dimanche 12 mars 2006 10:38:10 Utilisation du fichier de définitions :SE1R94 28.02.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Références détectées lors de l’analyse : »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(Index TAC :0):14 Nombre total de références Tracking Cookie(Index TAC :3):16 Nombre total de références »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Securitoo Anti-Spyware Settings =========================== Définir : Rechercher les entrées à risque négligeable Définir : Mode sécurisé (tjrs demander confirm.) Définir : Analyser les processus actifs Définir : Analyser le registre Définir : Analyser en profondeur le registre Définir : Analyser mes favoris IE pour rech. URL interdites Définir : Analyser mon fichier Hosts Extended Securitoo Anti-Spyware Settings =========================== Définir : Décharger les modules et les processus reconnus pendant l’analyse Définir : Ignorer les fichiers fractionnés lors de l’analyse des archives .CAB Définir : Anal. reg. pr tous utili. et non pr utili. actuel uniqmnt Définir : Toujours essayer de décharger les modules avant la suppression Définir : Lors de la suppression, décharger l’Explorateur et IE si nécessaire Définir : Perm. Win. supp. fich. en cours au proch. démar. Définir : Supprimer les objets en quarantaine après la restauration Définir : Forcer le blocage des fenêtres publicitaires Définir : Sélec. auto. objets problématiques dans listes de résultats Définir : Inclure les paramètres de base d'Anti-Spyware dans le fichier journal Définir : Inclure les paramètres de base d'Anti-Spyware dans le fichier journal Définir : Inclure un récapitulatif des références dans le fichier journal Définir : Inclure les détails des données ADS dans le fichier journal Définir : Afficher l’écran d’accueil Définir : Sauvegarder le fichier de définitions utilisé avant d’effectuer une mise à jour Définir : Émettre un son à la fin de l’analyse en cas de détection d'objets critiques 12-03-2006 10:38:10 - L’analyse a démarré. (Analyse complète du système) MRU List Objet reconnu ! Emplacement : : C:\Documents and Settings\LE DU\recent Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\google\navclient\1.1\history Description : MRU List Objet reconnu ! Emplacement : : software\microsoft\direct3d\mostrecentapplication Description : MRU List Objet reconnu ! Emplacement : : software\microsoft\direct3d\mostrecentapplication Description : MRU List Objet reconnu ! Emplacement : : software\microsoft\directdraw\mostrecentapplication Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\internet explorer\typedurls Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\search assistant\acmru Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\realnetworks\realplayer\6.0\preferences Description : MRU List Objet reconnu ! Emplacement : : S-1-5-21-1606980848-706699826-1343024091-1004\software\microsoft\windows media\wmsdk\general Description : Affichage des processus en cours d'exécution »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 352 ThreadCreationTime : 12-03-2006 09:16:23 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 684 ThreadCreationTime : 12-03-2006 09:16:28 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 708 ThreadCreationTime : 12-03-2006 09:16:29 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 752 ThreadCreationTime : 12-03-2006 09:16:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applications Services et Contrôleur InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 764 ThreadCreationTime : 12-03-2006 09:16:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 912 ThreadCreationTime : 12-03-2006 09:16:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 960 ThreadCreationTime : 12-03-2006 09:16:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1000 ThreadCreationTime : 12-03-2006 09:16:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1044 ThreadCreationTime : 12-03-2006 09:16:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1108 ThreadCreationTime : 12-03-2006 09:16:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [brsvc01a.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1404 ThreadCreationTime : 12-03-2006 09:16:35 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : brother Industries Ltd brsvc01a CompanyName : brother Industries Ltd FileDescription : brsvc01a InternalName : brsvc01a LegalCopyright : Copyright © Brother Industries, Ltd 2001 OriginalFilename : brsvc01a.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1428 ThreadCreationTime : 12-03-2006 09:16:35 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [brss01a.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1440 ThreadCreationTime : 12-03-2006 09:16:35 BasePriority : Normal FileVersion : 1.004 ProductVersion : 1, 0, 0, 4 ProductName : brother Industries Ltd brss01a.exe CompanyName : brother Industries Ltd FileDescription : brss01a.exe InternalName : brss01a.exe LegalCopyright : Copyright ? 2001 OriginalFilename : brss01a.exe Comments : Brsplproc XP wrapper #:14 [servic~1.exe] FilePath : C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\ ProcessID : 1608 ThreadCreationTime : 12-03-2006 09:16:37 BasePriority : Normal #:15 [brmfrmps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1620 ThreadCreationTime : 12-03-2006 09:16:37 BasePriority : Normal FileVersion : 1.10.10.144 ProductVersion : 1.45.11.403 ProductName : Brother MFL Pro CompanyName : Brother Industries, Ltd. FileDescription : Brother Popup Suspend service ( for R/M ) InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager LegalCopyright : Copyright © 2002 brother OriginalFilename : BrmfRmps.exe #:16 [cascsvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1632 ThreadCreationTime : 12-03-2006 09:16:37 BasePriority : Normal #:17 [cbs.exe] FilePath : C:\Program Files\Cobian Backup 7\ ProcessID : 1660 ThreadCreationTime : 12-03-2006 09:16:37 BasePriority : Normal FileVersion : 7.3.0.156 ProductVersion : 7.0 ProductName : Cobian Backup 7 Service CompanyName : Luis Cobian FileDescription : Cobian Backup 7 Service InternalName : Luz de Luna LegalCopyright : ©2000-2005 by Luis Cobian LegalTrademarks : All rights reserved OriginalFilename : cbs.exe #:18 [ewidoctrl.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 1716 ThreadCreationTime : 12-03-2006 09:16:38 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:19 [fsgk32st.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\ ProcessID : 1736 ThreadCreationTime : 12-03-2006 09:16:38 BasePriority : Normal FileVersion : 1, 0, 7360, 0 ProductVersion : 1, 0, 7360, 56 ProductName : F-Secure Corp. Startup service CompanyName : F-Secure Corp. FileDescription : fsgk32st InternalName : fsgk32 LegalCopyright : Copyright © 2001 OriginalFilename : fsgk32st.exe Comments : Startup service for Gatekeeper Handler #:20 [fsgk32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Anti-Virus\ ProcessID : 1764 ThreadCreationTime : 12-03-2006 09:16:38 BasePriority : Normal FileVersion : 6.10.11380 ProductVersion : 6.10.11380 ProductName : F-Secure Corp. fsgk32 CompanyName : F-Secure Corp. FileDescription : Gatekeeper Handler II InternalName : fsgk32 LegalCopyright : Copyright © 2004-2005 OriginalFilename : fsgk32.exe Comments : release #:21 [fsbwsys.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\ ProcessID : 1772 ThreadCreationTime : 12-03-2006 09:16:38 BasePriority : Normal FileVersion : 6.70.738 ProductVersion : 6.70 ProductName : F-Secure BackWeb CompanyName : F-Secure Corp. FileDescription : fsbwsys InternalName : fsbwsys LegalCopyright : Copyright © 2004 F-Secure Corporation OriginalFilename : fsbwsys.exe #:22 [fsma32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Common\ ProcessID : 1804 ThreadCreationTime : 12-03-2006 09:16:38 BasePriority : Normal FileVersion : 5.62.7676 ProductVersion : 5.62 Build 7676 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Management Agent InternalName : VCH LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows is a trademark of Microsoft Corporation OriginalFilename : FSMA32.EXE #:23 [ghoststartservice.exe] FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\ ProcessID : 1852 ThreadCreationTime : 12-03-2006 09:16:38 BasePriority : Normal FileVersion : 2003.775 ProductVersion : 2003.775 ProductName : Norton Ghost Start Service CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartService LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved. OriginalFilename : GhostStartService.exe #:24 [fsmb32.exe] FilePath : C:\Program Files\Securitoo\Av_Fw\Common\ ProcessID : 1884 ThreadCreationTime : 12-03-2006 09:16:38 BasePriority : Normal FileVersion : 5.62.7676 ProductVersion : 5.62 Build 7676 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Message Broker Inter

installation à nouveau de spysweeper sans adresse e-mail (on peut pas le deviner) toujours la meme réponse délai dépasser peut etre est-ce le virus qui empeche cette installation pendant un moment j'ai été dans l'impossibilité d'installer mon anti virus Securitoo je ne sais plus sur quel site il était indiqué que le virus que j'avais contracté empechait le bon fonctionnement des anti virus? pour firefox je l'ai utilisé pendant des années pas beaucoup de différences avec IE, par contre sans IE on ne peut pas tout faire: scan de symantec impose IE de plus je l'ai désinstallé car je ne pouvais plus l'ouvrir depuis que j'avais pris des virus, et lors du scan de PANDA? il apparaissait souvent en anomalie as-tu autre chose à me proposer pour décontaminer mon PC? sinon je vais passer le week end à le réinstaller jcld

j'ai désinstallé et réinstallé spysweeper avec une autre adresse e-mail il me dit période d'essai "arrivé à échéance" désolé jcld

j'ai effectué les différentes manips mais pour le scan de spysweeper il me dit d'abord qu'il détecte un fichier système qui risque d'etre incompatible c'est f-secue mon anti virus wanadoo en continuant l'installation il me dit que la période de test est arrivée à échéance?? jcld ps: je n'ai plus mon oeuf et quand je veut ouvrir un dossier sur le bureau j'obtiens "nouveau dossier", comme auparavent, et non plus un nom d'oiseau j'en profite pour te faire un nouveau rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 14:43:11, on 09/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CascSvc.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\Program Files\Cobian Backup 7\cbs.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Livecom\Toaster\Toaster.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\PROGRA~1\Livecom\APPLIC~1\eConfv4\ftplayer.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE E:\Program Files\SolSuite\SolSuite.exe C:\HjtackThis 2006\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe" O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Program Files\Girafa\GirafaBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Casc'ADSL (CascSvc) - Unknown owner - C:\WINDOWS\system32\CascSvc.exe O23 - Service: Cobian Backup 7 service (CobBackup7) - Luis Cobian - C:\Program Files\Cobian Backup 7\cbs.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

bonjourj'ai effectué TREND MICRO mais une deuxième fis je n'ai pu supprimer les infections, je n'avais plus accès à internet??? j'ai quand meme eu le rapport de PANDA que je te joins pour info j'avais lors de mon premier scan PANDA vu qu j'avais des infections sur Mozilla j'avais donc désinstallé le logiciel ayant Internet Explorer Incident Status Location Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@2o7[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@advertising[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@as1.falkag[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@bluestreak[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@doubleclick[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@tribalfusion[1].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@weborama[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@www.myaffiliateprogram[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\LE DU\Cookies\le du@xiti[1].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064724.MOZ[] Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00064727.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064728.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064729.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064730.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064731.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064732.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064740.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064741.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064742.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064743.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064744.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064745.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064746.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064747.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064749.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064752.MOZ[] Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00064753.MOZ[] Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00064754.MOZ[] Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00064756.MOZ[] Spyware:Cookie/Ask Not disinfected C:\RECYCLER\NPROTECT\00064757.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064767.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064768.MOZ[] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\00064769.MOZ[] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\00064770.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064771.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064773.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064774.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064775.MOZ[] Spyware:Cookie/Sexsuche Not disinfected C:\RECYCLER\NPROTECT\00064776.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064777.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064778.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064779.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064780.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064781.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064782.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064784.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064790.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064791.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064792.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064800.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064801.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064802.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064803.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064805.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064806.MOZ[] Spyware:Cookie/Sexsuche Not disinfected C:\RECYCLER\NPROTECT\00064807.MOZ[] Spyware:Cookie/Sexsuche Not disinfected C:\RECYCLER\NPROTECT\00064808.MOZ[] Spyware:Cookie/Sexsuche Not disinfected C:\RECYCLER\NPROTECT\00064813.MOZ[] Spyware:Cookie/Sexsuche Not disinfected C:\RECYCLER\NPROTECT\00064821.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064822.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064824.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064825.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064826.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064827.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064829.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064860.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064861.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064862.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064864.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064865.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064866.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064867.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064868.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064869.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064878.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064879.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064880.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064881.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064882.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064883.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064884.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064885.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064886.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064887.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064888.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064889.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064890.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064891.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064893.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064894.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064895.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064896.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064897.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064898.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064899.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064900.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064902.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064909.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064910.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064913.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064914.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064915.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064916.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064917.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064918.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064919.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064920.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064921.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064922.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064923.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064925.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064926.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064927.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064928.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064929.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064930.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064931.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064932.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064933.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064934.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064936.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064937.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064938.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064939.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064940.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064941.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064942.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064943.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064944.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064945.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064953.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064957.MOZ[] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\00064959.MOZ[] Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\NPROTECT\00064961.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064962.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064963.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064964.MOZ[] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\00064965.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064966.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064967.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064968.MOZ[] Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\00064970.MOZ[] Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00064971.MOZ[] Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00064974.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064976.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064977.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064979.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064980.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064982.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064985.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064986.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064987.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064988.MOZ[] Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00064990.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064991.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00064999.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065000.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065002.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065006.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065009.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065010.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065011.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065013.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065014.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065015.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065016.MOZ[] Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00065017.MOZ[] Spyware:Cookie/adultfriendfinder Not

j'ai parlé trop vite mais je ne comprend vraiment pas ce qui se passe dans les différents fournisseurs de scan. SYMANTEC me trouve 0 virus sur 84189 aucun virus détecté dans la mémoire aucun virus détecté dans les fichiers analysés.il est impossible d'analyser les fichiers compressés TRENMicro me trouve: graywares et programmes espions détectés TRAK_SE.781 ADW_SE.1633 1635 TRAK_SE.10340 10419 ADW_SE.20186 TROJ_SE.108781 782 107334 335 ADW_SE.82545 DIAL_SE.71764 TROJ_SE.107331 329 330 333 332 328 69649 113259 cookies TTTP 9 détectés appelés "cookies de profil" ils ont pour unique but d'espionner votre comportement d'utilisateur je ne sais pazs comment sauvegarder le rapport; impossibilité de mettre en surbrillance et de copier j'attend une réponse pour la copie du rapport sinon, je vais les nettoyer comme me le propose TREND MICRO je pense ainsi etre propre pour mes virus???? jcld

bonsoir le scan de Securitoo n'a trouvé aucun virus j'effectue depuis 9 h ce matin les scans de Symantec que m'avait recommandé Securitoo du fait d'une alerte virus par Wanadoo. j'effectue depuis ce matin également TREND MICRO en parallèle Je pense que les résultats seront négatifs et que je n'ai plus de virus depuis que PANDA m'a supprimé des virus, malheureusement je n'ai pu sauvegarder le rapport. je me suis adressé un message sur le portable il n'y a plus de rejet pour message infecté. J'ai peut etre une explication pour mon oeuf sans pouvoir expliquer les appellations d'oiseaux qu'il me donne à chaque création de dossier. J'utilise le logiciel ALZipv6.13 de décompression et leur symbole est un oeuf ( site que l'on retrouve par Google en recherchant ALZip) Quand je clic droit sur un dossier crée il m'indique à 4 endroit avec en début de ligne un oeuf jaune: -auto extracteur ALZip(exe) -ajouter avec ALZip -ajouter à -ajouter à puis envoyer par courrier nota: d'autres logiciels totalement gratuit sont proposés notamment un "picture viewer" Pour l'avenir afin de'éviter des pertes de temps qu'est-il préférable?: faire un GHOST avec mise à jour régulière ou avez-vous une autre solution. le point de restauration ne semble pas répondre pour des virus à ces problèmes je vous remercie beaucoup pour votre aide et continuer pour les autres vous etes des champions et avez beaucoup de patience avec des gens qui ne sont pas toujours à la heuteur, mais vos explications sont généralement assez claires jcld