nestor02

Bonjour, L'analyse de Kaspersky avance très lentement. Il y a un processus 'services.exe' qui prend 99% du temps CPU. Est-ce normal ? A plus, Nestor02

re, Je suis un affreux puriste, j'ai désinstallé IE il y a bien longtemps. Mais l'analyse est en cours, j'ai utilisé le navigateur de real one player, et ç a l'air de marcher. Je poste le résultat dès que c'est fini... Merci et a plus, Nestor02

Re, J'ai un nouveau problème: mon pare-feu Kerio ne fonctionne plus. Il me demande un hostname et un password, alors que sunbelt m'avait envoyé un message disant que je n'avais pas besoin de 'key' pour cette version. Si je clique sur connect, puis sur l'icone de kerio en bas à droide (barre des programmes résidents) elle disparait. Mon PC n'est plus protégé, dès que je le branche sur le réseau: le virus msdntsrv.exe apparait et ajoute un cle de lancement dans chaque répertoire 'run' de la registry. il se copie aussi dans C:\windows\system32 et dans le répertoire 'temporary internet files'. J'arrive à m'en débarrasser en terminant le processus 'msdntsrv.exe' et en le supprimant partout ou il se copie. Je n'ai pas internet explorer sur mon PC, comme je ne peux rien réinstaller, je ne peux pas non plus l'installer. J'ai cherché des traces d'antivir dans la registry et j'en ai trouvé dans des clés nommées 'LEGACY_...' Ces clés ne peuvent pas être effacées, elles sont protégées. Je pense que mes problèmes d'installation viennent de là. Y a-t-il un moyen de faire en sorte que windows considère mes réinstallations comme des premières installations ? A plus, Nestor02

bonjour, non, j'ai désinstallé bit defender et antivir. mais, je ne peux plus installer de logiciels dont windows a gardé une trace d'installation précédente. le virus a du modifier quelque chose qui fait croire à la sécurité de windows que le fichier d'installation que je veux utiliser est corrompu, alors que c'est la trace qu'elle a mémorisé qui l'est. je suis sur un autre PC. Lorsque j'essaie d'installer antivir, un popup affiche: ********************************************************* The CRC sum of C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\RarSFX0\upgrade.exe has been changed! This could be due to a virus! Do you want to shut down setup? ********************************************************* et un bouton 'Ok', qui ne laisse aucun choix: arret de l'installation. A plus, Nestor02

minuit une, bonjour, C'est agréable d'être pris par la main et guidé vers la sortie... En mode sans échec, ewido ne se lance pas correctement, il a créé un fichier error.txt: ****************************************************** Error: failed to connect to server, Value: 00002741, Position: .\DownloadHttp.cpp, 287 ****************************************************** En mode normal, ça donne: ****************************************************** --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 23:54:24 30/06/2006 + Scan result: C:\RECYCLED\Dc5.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined). D:\Download\Desperados\Desperados_1.0.zip/Desperados v1.0 No CD Crack.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined). E:\LAN 2005 04 09\Patch et nocd\Far cry\FarCry.Keygen.DEViANCE.rar/FarCry.Keygen.DEViANCE.exe -> Dropper.ExeBundle.b : Cleaned with backup (quarantined). :mozilla.25:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.39:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.40:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.41:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.42:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.45:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.46:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.47:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.48:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.116:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.117:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Philippe Coderch\Cookies\coderch@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. :mozilla.34:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.35:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.36:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.37:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.72:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.54:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.96:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.195:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.230:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.231:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.167:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.168:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.169:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.170:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Comclick : Cleaned. :mozilla.33:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.61:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Estat : Cleaned. C:\Documents and Settings\Philippe Coderch\Cookies\coderch@estat[1].txt -> TrackingCookie.Estat : Cleaned. :mozilla.220:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.253:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.55:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.57:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.58:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.53:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.225:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.226:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.227:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned. :mozilla.286:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.287:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.288:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.196:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.269:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.28:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.29:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.30:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.31:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.197:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.198:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.145:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.259:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.199:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.146:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.147:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.26:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned. :mozilla.27:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned. :mozilla.254:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.284:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.285:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.273:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.191:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.192:C:\Documents and Settings\Philippe Coderch\Application Data\Mozilla\Profiles\default\etaafzrj.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end ****************************************************** Il y avait du monde... Ensuite le HijackThis donne: ****************************************************** Logfile of HijackThis v1.99.1 Scan saved at 23:57:10, on 30/06/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINNT\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\HijakThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fr.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: hpoddt01.exe.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: hp psc 1000 series.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AVPersonal\AVGUARD.EXE (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: FLEXlm License Manager - Unknown owner - C:\PROGRA~1\TELELO~1\DOORS\flex\lmgrd.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe ****************************************************** J'espère que les virus ont été éliminés. Antivir affiche toujours le même problème de CRC lorsque j'essaie de l'installer. Merci, Nestor02

Merci, je suis impatient d'avoir le verdict de ta réponse.

Merci de m'avoir répondu. J'ai essayé de suivre ta procédure, mais j'ai un problème: Je ne peux plus installer grand chose: Windows affiche à chaque fois un message indiquant que le fichier d'installation que je cherche à éxécuter est corrompu. - antivir indique un problème de CRC du fichier 'upgrade.exe' et stoppe son installation. - les patchs de sécurité de windows indiquent un problème de fichier corrompu et ne s'installent pas. - le patch windows 2000 SP4 indique que le fichier atapi.sys est déjà ouvert par une autre application... j'ai changé le nom du fichier 'logon.exe' en 'inhibe_logon.exe', il prenait beaucoup de temps CPU. Peut-être faut-il que j'écrase le fichier 'lsass.exe' (qui a surement été modifié par le virus) par son équivalent non corrompu ? Mais je ne parviens pas à trouver ou me le procurer. J'ai pu installer kerio personnal firewall 4, qui semble pour le moement empêcher les reboots de mon PC. En mode sans échec, mes problèmes d'installation persistent... ******************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 19:37:29, on 30/06/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINNT\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\windows\system32\msdntsrv.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe C:\Program Files\mozilla.org\Mozilla\mozilla.exe C:\Program Files\HijakThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fr.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Windows Security Protocol] sme.exe O4 - HKLM\..\Run: [Windows Network Firewall] hidden_C:\WINNT\system32\firewall.exe O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\logon.exe O4 - HKLM\..\Run: [Microsoft DNT Service] c:\windows\system32\msdntsrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\RunServices: [Windows Security Protocol] sme.exe O4 - HKLM\..\RunServices: [winsystems25] spread.exe O4 - HKCU\..\Run: [Windows Security Protocol] sme.exe O4 - HKCU\..\Run: [Microsoft DNT Service] c:\windows\system32\msdntsrv.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: hpoddt01.exe.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: hp psc 1000 series.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AVPersonal\AVGUARD.EXE (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: FLEXlm License Manager - Unknown owner - C:\PROGRA~1\TELELO~1\DOORS\flex\lmgrd.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe ******************************************************************** Nestor02

Je suis sous windows 2000 Je ne sais pas quels virus j'ai, mais il y en a... Merci d'avance ********************************************************************* Logfile of HijackThis v1.99.1 Scan saved at 00:06:57, on 30/06/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\logon.exe C:\windows\system32\msdntsrv.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\HijakThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fr.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Windows Security Protocol] sme.exe O4 - HKLM\..\Run: [Windows Network Firewall] hidden_C:\WINNT\system32\firewall.exe O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\logon.exe O4 - HKLM\..\Run: [Microsoft DNT Service] c:\windows\system32\msdntsrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\RunServices: [Windows Security Protocol] sme.exe O4 - HKLM\..\RunServices: [winsystems25] spread.exe O4 - HKCU\..\Run: [Windows Security Protocol] sme.exe O4 - HKCU\..\Run: [Microsoft DNT Service] c:\windows\system32\msdntsrv.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: hpoddt01.exe.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: hp psc 1000 series.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{2F81894D-C2AB-4F5E-8553-C6181BA5B9C5}: NameServer = 212.27.53.252,212.27.54.252 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AVPersonal\AVGUARD.EXE (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: FLEXlm License Manager - Unknown owner - C:\PROGRA~1\TELELO~1\DOORS\flex\lmgrd.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe *********************************************************************