Sacros

Bonjour à tous..............et à chacun............. Comme le titre l'indique, le PC se bloque quand apparait les zones bleu 'claire au milieu et foncée en haut et en bas. Je n'ai même pas "bienvenue", ni les deux noms "utilisateurs". XP Familiale SP2 Je vous remercie d'avance pour votre temps pris, et j'ajoute que c'est mon fils qui m'a téléphonné son problème. La veille ils avaient essayé de le nettoyer et de fermer des ports ???? puis éteint le PC à la sauvage. Merci Ð

Bonjour à tous................ Voilà Zonk, tu avais raison je crois. Tout à l'air bloqué dans le rapport ?? Merci d'avance.

Bonjour à tous, Merci Zonk. Voici le rapport Kaspersky. Merci Le rapport HiJackThis est plus haut au cas ou ? ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, January 31, 2008 8:16:34 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 31/01/2008 Kaspersky Anti-Virus database records: 540183 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 65951 Number of viruses found: 3 Number of infected objects: 10 Number of suspicious objects: 0 Duration of the scan process: 05:25:29 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys5e883230a20d45ccfbfdaeccb5f363c_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys6dc3b0f4a54789fa1e6741de3f0196c_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa0262c321d143cdff8303e89f011e80_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa3679052e329078290f2024e459bf93_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1873ab1b0b582ff8925dbfd4457381e5_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19106eb29853377bdc2f61534092a43c_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d0e056cf9532c96e51339c013dc3ed2_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1dd3e7d22be4eb7030391d8a0ba92c3f_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e578fa5359cd23427a52d9638935c24_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21c18aeb6477042fbd96fbe275616884_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26e25b5bb0b1369582ed8d7e992a85d6_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cf1df0eedac2e0091718ac29efa307f_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d0593576c5bf12df79c6b5b36c442aa_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\315b0433c7c89986d53b55a9b1ed9da2_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32892d03f519891ce71e0bc53901e927_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34860087fea67600697e910609b30cfa_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34b0cecb4082fea59722e120ecbd98f2_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38175fbba239529ce7dc5afca21e538f_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4bcb5c8e41b946079f2d89719ab3b690_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c0762d4de138771747ab55aa913d81b_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5038b229b8b3885e83a7f6181d8d150a_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\508ef68ea4fc3d89d94061743ea752d8_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5356de8504cda3494cd587eaba7c6721_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56d5c06ae6b6afbe5068e2869ed61f53_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a078b7b668603998685df2926f73bcf_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cd2ea48003e031d6335d83fcb4212f1_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66025c1aa06bf585685261ade1fefbbd_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67575ec732601390f6e2d2c14a173a2e_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\705f3632755e42636ec2be7c0183f002_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74746255300da6e8b33f2a05ca800df4_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771cd7f8277c501b361f56a4a142b7f7_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c3300ae2fd75a3c30ab98447680f59e_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cc51ca9858b0a32e9f998dd0a25f320_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f6a5f1ac438fa73ce99501fd24c731e_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fcbf67d4783bbece249b63703ce5dfc_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8089e6e6f6738e359bac95ee9f6aa9e8_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\850a269ee30a2dd3391f6e939663462b_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89689499fc264027f701075bf111be97_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89c6f910e2277dce3c9c22bf4c103bc1_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b700e18c0bf3d44e02ca54948132ffa_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c7cb39cccecb75f687dff7f0b04834f_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e55a2ed977e3e8132dd5894fb8f962a_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8efe841de1a553cd090ff7d3fc742133_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9043975232ac6a2f34e8fca62f24f3eb_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92bb140db3dc9ded13cd6f745a7049e3_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94f8dbead99660815a2d958bef7a7c91_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96e1d8ec8b889ca24ad2f86f0059aaf9_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\983968929dc305cfe19a8f37248f7f90_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9bcd6ea78f5e15eda616068568d6cc9b_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c4e2a101a213a7e5fd94bd569ea0bf7_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d78a9d1fa8c78897f4f3c45e6e1e582_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e1a81d943d7d37b3d342722a8a44c75_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f0b85d0c5df9a86008a0ac1c24f0886_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a037874ca04d93c00e2d6d713c3d1a6c_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0dc81932d9a1c0653b03010609f8c5e_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a373e972ca9c433ed18c9fa8473438ff_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3f7e64db7eab4fba3079ccfefc730ee_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a75ab1c99441e85725c84a95275e6763_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a81c3e1af6608bcd872aa96ea443c998_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a99f40c12f38c1bdab77ce500a0b89f0_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abe49bdf4dcaba1d95305aed6e76ef79_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad090d99aa0376b4493c53c1b6a95597_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae3941c05b0260428353f9f96e12a83b_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e88f9dfc961dd4bf656ac0e43e77c8_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3dd1d56373b9c05ec3bb5551ba60cb0_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5e1ee90460bc2cdd1ea423b9cadc069_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b737d179cffac8161ca3f55848342084_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8596b6154501a3d7dfc338272120378_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b8b8470f7686ccefeb7c5e5216b881bc_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c765c222efbfe1da8ab279e8561a5b19_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7f32d8b8f84e63937bc6febfec4a716_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c88c6e09ab629f424a564512e46a3933_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9029b08dcd0749bdd6258177c1b55d7_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd689ff1423f4f0d763a171e886351ca_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9c3ee16135ccbf5e130061c8ae7102a_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da9a0b56c679ab2cb439444d23ce4723_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dae2307ef5afadac865338171b217219_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbe315436f9e97eed8adc930415852c0_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0354b7a483e5e2fa45f208edd763530_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb20339bf609ae917deb175c35ee7e9f_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee4ac5cf032f028ec0a1bb1e6a3d13f7_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee71a8d308bafba12b14c11251219484_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1bb812329d8e777418644535b2fef18_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9601d687c46bc6dba313b10a45833f9_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa10c52df1b3439b2792746436458535_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd52dbb14fe79e0cb4393914b4e29ffc_9355d71d-33c3-42a9-85c4-1f85ab218493 Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT.001\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT.001\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT.001\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT.001\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Sacros.DOMBIS.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Sacros.DOMBIS.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Sacros.DOMBIS.001\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Sacros.DOMBIS.001\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sacros.DOMBIS.001\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sacros.DOMBIS.001\Mes documents\My Downloads\UltraVNC-102-Setup-Fr.exe/file004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\Documents and Settings\Sacros.DOMBIS.001\Mes documents\My Downloads\UltraVNC-102-Setup-Fr.exe/file005 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\Documents and Settings\Sacros.DOMBIS.001\Mes documents\My Downloads\UltraVNC-102-Setup-Fr.exe/file034 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped C:\Documents and Settings\Sacros.DOMBIS.001\Mes documents\My Downloads\UltraVNC-102-Setup-Fr.exe/file051 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\Documents and Settings\Sacros.DOMBIS.001\Mes documents\My Downloads\UltraVNC-102-Setup-Fr.exe Inno: infected - 4 skipped C:\Documents and Settings\Sacros.DOMBIS.001\ntuser.dat Object is locked skipped C:\Documents and Settings\Sacros.DOMBIS.001\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\_restore{8F3CEC0B-F8DD-4934-AC89-D6654BC91675}\RP567\A0113481.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\System Volume Information\_restore{8F3CEC0B-F8DD-4934-AC89-D6654BC91675}\RP567\A0113490.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\System Volume Information\_restore{8F3CEC0B-F8DD-4934-AC89-D6654BC91675}\RP567\A0113491.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped C:\System Volume Information\_restore{8F3CEC0B-F8DD-4934-AC89-D6654BC91675}\RP575\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Program Files\BillP Studios\WinPatrol\Setup.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ak skipped D:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped D:\Sauvegarde\E 2006-12-05 10;56;39\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000240.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000241.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000242.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000243.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000244.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000245.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000246.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000247.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000248.ver Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000249.inf Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000250.cat Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000251.sys Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000252.ver Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000253.inf Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000254.cat Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000255.sys Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000256.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000257.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000258.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000259.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP10\A0000260.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000212.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000213.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000214.sys Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000215.cat Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000216.inf Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000217.ver Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000218.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000219.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000220.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000221.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000222.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000223.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000224.ver Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000225.inf Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000226.cat Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000227.sys Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000228.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000229.exe Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000230.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000231.dll Object is locked skipped D:\System Volume Information\_restore{56150063-41FB-403C-81D5-1AD5B4BF7FEA}\RP9\A0000232.exe Object is locked skipped Scan process completed.

re, Exactement, je voulais savoir si après les mises en quarantaine pendant le scan, mon Ordi n'avait pas d'autres bestioles. Merci donc pour ta réponse. Cordialement, Ð

Bonjour, Les deux Trojan sont en quarantaine. Après nettoyage normal du PC, je vous envoie le rapport HiJackThis. Merci pour votre travail. PS: J'ai des photos, mais je ne sais pas m'en servir avec SHACK. http://img172.imageshack.us/my.php?image=t...n1300108xu7.jpg http://img341.imageshack.us/my.php?image=t...n2300108dl6.jpg -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at -- Ð -- 15:52:53, on 30/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe D:\Program Files\UltraVNC\WinVNC.exe C:\windows\system32\mqsvc.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\windows\system32\mqtgsvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe D:\Program Files\Picasa2\PicasaMediaDetector.exe D:\Program Files\Secunia\PSI (RC1)\psi.exe D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe D:\Program Files\IEPro\MiniDM.exe C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE C:\Documents and Settings\Sacros.DOMBIS.001\Mes documents\My Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SACROS NET R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SearchPageURL.dll O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Startup: Secunia PSI (RC1).lnk = D:\Program Files\Secunia\PSI (RC1)\psi.exe O4 - Startup: TransBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1076C0CB-272F-427E-B59C-ED07D4CB387D}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{54A7A52F-7054-45F2-BC8E-3527F0A67BBE}: NameServer = 192.168.1.1 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: uvnc_service - www.ultravnc.fr - D:\Program Files\UltraVNC\WinVNC.exe -- End of file - 7282 bytes à bientôt

Bonsoir slimme, J'ai la version "essai", et j'ai le même problème; Je me suis aperçu quand même que la config est bonne. Rien n'empêche de continuer après. Je l'enlèverais, car j'ai un disque externe qui fait sauvegarde Synchro Disque libre et redémarrage en cas de bug. Disque touch 4 mini 160 Go. Cela me suffit largement et plus simple pour les configs . Par contre il ne fait pas les sauvegardes système. Bonne chance pour ton problème. Penses quand même que j'ai le même. Donc cela ne vient pas forcément d'un driver de ton PC. Cordialement Ð

Bonjour slimme, Tu dois avoir le prog "essai de 15 jours" gratuit ? As-tu déja fais une sauvegarde "True Image" ? puis désinstallé ? Si oui, je crois que la désinstalle est mal faite. Tu ne dois pouvoir faire qu'une sauvegarde ou qu'un essai. Cordialement, Ð PS. Désolé, après cela, je ne peux plus te renseigner. J'espère que tu seras dépanné. Bonne chance.

re, Il arrive à quel moment ton message ? et sur quelle catégorie ? Cordfialement, Ð

Bonjour, Es-tu allé sur le site? Il y a pas mal d'explications.. http://www.acronis.fr/enterprise/support/kb/ http://www.acronis.fr/enterprise/support/k...cts&cid=175 Cordialement, Ð

re, C'est Powerquest. Va voir ici. http://www.clubic.com/actualite-6446-powerquest-lance-partition-magic-8-0.html Il est en DÉMO 8 jours. Regarde chez Zébulon il y a sûrement ce qu'il te faut pour t'aider. Cordialement

Bonjour, Tu peux le faire avec "POWER QUEST". 'Renseigne toi avant, qu'il n'y ai pas de limitation en Mo sur les DD pour les travailler. Je l'ai déjà fait: prendre des Mo sur la partition 2 pour les mettre sur la partition 1. Pas de problème. Fait attention aux manips par contre. Si tu n'a pas Power Quest, demande à quelqu'un. Peut-être qu'il est en essai avant l'achat? Cordialement.

Bonjour, As-tu été voir à l'adresse que ta réponse à donnée la première fois ? et qu'as -tu fais ? http://support.microsoft.com/?kbid=322205 Commence par faire ce que dis Microsoft pour dépanner. A la limite, enlève tes périphériques, pilotes, et redémarres. Nettoies tout et redémarres ton PC. Cordialement, Ð

Bonjour, Tu peux jeter un oeil ici. Tu trouveras un début de réponse. http://support.microsoft.com/kb/275678/fr Cordialement. Ð

Bonjour à tous.........; Comme l'indique le titre, cela fait une semaine que InprocServer32 ne peut-être enlevé.(ou enregisteré?) XP pro SP2. Lorsque je nettoie avec EasyCleaner dans Registre, Easy enlève tout ce qu'il trouve, sauf InprocServer32; HKLM>Software>Classes>CLSID>[1171A62F-05D2-11D1-83FC-00AOC9089C5A] Dossier "InprocServer"> (par défaut)>c:\>WINDOWS\SYSTEM32\macromed\flash\flash.ocx ThreadingModel>apartment "Programmable" comme dossier suivant .Rien dedans. Voilà Mon souci... Merci pour une réponse Ð (PS: les autre outils de nettoyage Indispensables ne le trouvent pas.C'est idiot cela. Je laisse. )

Bonjour à tous et à chacun....... En faisant travailler SpybotSD sur PC dombis, Avira à détecté SPR/FakeDirect (dans win rar) Peu de temps après, AVIRA à trouvé le même sur PC domter (dans win zip) ainsi que sur domter une seconde fois (dans system volume information). Il est bien évident que cette bestiole était en quarantaine dès la première alerte. Un scan antivir n'a rien donné sur domter dont j'ai fait un HijackThis. Dombis est sous scan avira en ce moment. Système XP Pro sp 2 sur les deux PC. Je vous mets HiJackThis et le scan AVIRA en mode sans échec. Merci pour votre réponse J'ai nettoyer avant comme d'habitude et comme tous les jours... AntiVir PersonalEdition Classic Report file date: vendredi 11 janvier 2008 14:31 Scanning for 1025502 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Sacros Computer name: DOMTER Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 09:23:19 ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 09:19:36 ANTIVIR3.VDF : 7.0.1.225 124928 Bytes 11/01/2008 13:03:14 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 07/01/2008 09:23:20 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 07/01/2008 09:23:20 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: repair Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: I:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: vendredi 11 janvier 2008 14:31 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! Master boot sector HD2 [NOTE] No virus was found! Master boot sector HD3 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Boot sector 'I:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' <DISKEVO> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DISKEVO > Begin scan in 'G:\' <MINUS USB> Begin scan in 'I:\' <MINI I> End of the scan: vendredi 11 janvier 2008 15:08 Used time: 37:33 min The scan has been done completely. 3018 Scanning directories 132159 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 132159 Files not concerned 1988 Archives were scanned 1 Warnings 0 Notes -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:44, on 11/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe D:\Program Files\Maxtor\Sync\SyncServices.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Maxtor\Sync\MaxSync.exe D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe D:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Outlook Express\msimn.exe C:\DOCUME~1\SACROS~1.DOM\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe C:\HiJackThis\scanners.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ------ SACROS NET ------ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [mxomssmenu] "D:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [C:\Documents and Settings\Sacros\Menu Démarrer\Programmes\Démarrage\TransBar.lnk] C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [uberIcon] "D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191746421437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191825686859 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwared...on_2_0_4_12.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{38C0799F-AB82-4449-AE44-3A39595AA1E8}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{38C0799F-AB82-4449-AE44-3A39595AA1E8}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{38C0799F-AB82-4449-AE44-3A39595AA1E8}: NameServer = 192.168.1.1 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Program Files\Maxtor\Sync\SyncServices.exe -- End of file - 6741 bytes ____________________________________________________________________ Rapports 2è PC DOMBIS AntiVir PersonalEdition Classic Report file date: vendredi 11 janvier 2008 15:37 Scanning for 1025237 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Sacros Computer name: DOMBIS Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:02:24 ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 09:54:59 ANTIVIR3.VDF : 7.0.1.223 121856 Bytes 11/01/2008 09:55:06 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 19/12/2007 18:21:01 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 19/12/2007 18:21:01 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: delete Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: vendredi 11 janvier 2008 15:37 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '26' files ). Starting the file scan: Begin scan in 'C:\' <DISK> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <Disque 40G > Begin scan in 'E:\' Search path E:\ could not be opened! Le chemin d'accès spécifié est introuvable. End of the scan: vendredi 11 janvier 2008 17:15 Used time: 1:37:54 min The scan has been done completely. 4642 Scanning directories 479536 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 479536 Files not concerned 8115 Archives were scanned 1 Warnings 2 Notes _____________ Dombis HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at -- Ð -- 18:13:06, on 11/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\windows\system32\mqsvc.exe C:\WINDOWS\Explorer.EXE C:\windows\system32\mqtgsvc.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe D:\Program Files\OutClock\OutClock.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\IEPro\MiniDM.exe C:\Documents and Settings\Sacros.DOMBIS.001\Mes documents\My Downloads\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SACROS NET R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SearchPageURL.dll O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1076C0CB-272F-427E-B59C-ED07D4CB387D}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{54A7A52F-7054-45F2-BC8E-3527F0A67BBE}: NameServer = 192.168.1.1 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 7040 bytes Merci.................

Bonjour Pear;;;; Merci d'être là pour que l'on puisse avancer. Avec ce site je vais pouvoir me débrouiller. D'ailleurs j'ai rettrouvé mesdisques et "mes petites choses".HI Je vais pouvoir mettre résolu sur cette affaire . Avec toute ma reconnaissance....... Cordialement, Ð

Bonjour à tous, Suite au plantage, je n'ai pas réussir à trouver une récupération du système. Je me suis aperçu que la restauration du système était désactivée ???????. Alors voilà, je ne peux pas réinstaller mes petites affaires pouvez vous me donner une autre solution pour retrouver mes trucs et mes bidules d'origines. Merci d'avance à vous........... Cordialement Ð

Bonjour pear, bonjour thorgal.......merci, pear, je suis entrain de recommencer la procédure. Cela bloquai, parceque je n'avais pas d'administrateur. Donc tout m'était fermé. Je viens de le refaire en mettant plusieurs utilitaires plus admin. Voilà, windows vient de s'ouvrir. Il a choisi son invité lui même. Il y en avait quatre dont deux admin. Il procède à la définition des paramètres. Donc cela est bon, je remettrais les utils en place, et un point de récup. thorgal, J'ai tenté dernière bonne config, mais comme j'ai ouvert, bidouillé refermé etc, je n'en ai pas eu. J'étais en mode sans échec aussi. Je vous remercie pour votre intervention. Je vais recommencer, car Windows s'est ouvert avec le compte "Super invité. au procochain redémarrage je ferais attention au lieu de taper. Je vous remerci, et si je n'y arrive pas (m'étonnerait), je ferais appel à vos connaissances. Merci à, plus. Je ne ferme pas le topic....... Cordialement Ð

Bonjour, En voulant bidouiller pour un problème réseau, j'ai réussi à perdre les utilisateurs de bienvenue pour ouvrir Windows etc. J'ai deux ordis que je configurais pareil, dans "stratégie de sécurité locale". Ils n'ont pas redémarrés. J'ai pu en sauver un avec démarrage sans échec, j'ai mis un administrateur, et reparti par récupération du système. Impossible sur le deuxième. Windows XP Pro SP2 pour les deux PC. Si quelqu'un pouvait m'aider, je le saurai gré. Merci... Ð

Bonjour, pour le partage, filtrer voulait dire "passer". Ils sont dans les exceptions pare-feux.(je me suis mal exprimé,désolé). D'accord pour TCP 445 (faute de frappe) Je vais m'occuper des droits d'utilisateurs. Je vois que pour moi tu as fais un excellent travail....depuis que je galère (rien de grave, mais deux PC qui servent..) Si je n'arrive pas à me débrouiller pour le partage et les droits, je ferais un autre topic. Là dessus, je te tire mon chapeau, à bientôt avec plaisir....... Merci, cordialement, Ð

Bonjour, En allumant les PC ce matin, les deux Ordis étaient dans le groupe travail. Dans DOMBIS, j'acccède aux fichiers parrtagés de DOMTER. Mais dans le Gr.Trav. de DOMTER, je n'ai pas les droits pour ouvrir les fichierts partagés de Dombis. Merci pour ton travail et ton temps passé. Cordialement Ð PS: Que fais-je des UDP 137 et 138 ?

Fait sur DOMBIS Microsoft Windows XP [version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Sacros.DOMBIS.001>net config server /hidden:no La commande s'est terminée correctement. C:\Documents and Settings\Sacros.DOMBIS.001>nbtstat -R Purge et préchargement de la table nom de cache distant NBT terminés. C:\Documents and Settings\Sacros.DOMBIS.001>net view Nom de serveur Remarque ----------------------------------------------------------------------- -------- \\DOMTER EVO La commande s'est terminée correctement. _________________________________________________________________________________________________________________________________________________________________________________________ Les deux PC n'apparaissent pas encore. Il n'y a que DOMTER Partage imprimante est filtré par le Pare feu Windows: TCP 139 Sous Réseau TCP 145 "" "" UDP 137 "" "" UDP 138 "" "" Voilà GreyWolf merci pour ton travail qui est assez pointu.....à bientôt.. Cordialement.... Ð

______________________ORDINATEUR DOMBIS (celui qui n'apparait pas dans groupe de travail) ____ 192.168.1.10 net view sur DOMBIS Microsoft Windows XP [version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Sacros.DOMBIS.001>net view Nom de serveur Remarque ------------------------------------------------------------------------------- \\DOMTER EVO La commande s'est terminée correctement. ______________________________________________________________________________________________________________________________________ nbtstat -a Domter par DOMBIS C:\Documents and Settings\Sacros.DOMBIS.001>nbtstat -a 192.168.1.115 Connexion au réseau local: Adresse IP du noeud : [192.168.1.10] ID d'étendue : [] Table de noms NetBIOS des ordinateurs distants Nom Type État --------------------------------------------- DOMTER <00> UNIQUE Inscrit MSHOME <00> Groupe Inscrit DOMTER <20> UNIQUE Inscrit MSHOME <1E> Groupe Inscrit Adresse MAC = 00- D2-4C ---------------------------------------------------___________________________________________________________________________________________ nbtstat -a Dombis par Dombis C:\Documents and Settings\Sacros.DOMBIS.001>nbtstat -a 192.168.1.10 Connexion au réseau local: Adresse IP du noeud : [192.168.1.10] ID d'étendue : [] Table de noms NetBIOS des ordinateurs distants Nom Type État --------------------------------------------- DOMBIS <00> UNIQUE Inscrit MSHOME <00> Groupe Inscrit DOMBIS <20> UNIQUE Inscrit MSHOME <1E> Groupe Inscrit MSHOME <1D> UNIQUE Inscrit ..__MSBROWSE__.<01> Groupe Inscrit Adresse MAC = 00- -71 ______________________________________________________________________________________________________________________________________________ nbtstat -A DOMBIS par DOMBIS C:\Documents and Settings\Sacros.DOMBIS.001>nbtstat -A 192.168.1.10 Connexion au réseau local: Adresse IP du noeud : [192.168.1.10] ID d'étendue : [] Table de noms NetBIOS des ordinateurs distants Nom Type État --------------------------------------------- DOMBIS <00> UNIQUE Inscrit MSHOME <00> Groupe Inscrit DOMBIS <20> UNIQUE Inscrit MSHOME <1E> Groupe Inscrit MSHOME <1D> UNIQUE Inscrit ..__MSBROWSE__.<01> Groupe Inscrit Adresse MAC = 00- 71 ______________________________________________________________________________________________________________________________________________ nbtstat -A DOMTER par DOMBIS C:\Documents and Settings\Sacros.DOMBIS.001>nbtstat -A 192.168.1.115 Connexion au réseau local: Adresse IP du noeud : [192.168.1.10] ID d'étendue : [] Table de noms NetBIOS des ordinateurs distants Nom Type État --------------------------------------------- DOMTER <00> UNIQUE Inscrit MSHOME <00> Groupe Inscrit DOMTER <20> UNIQUE Inscrit MSHOME <1E> Groupe Inscrit Adresse MAC = 00-0B-CD-48-D2-4C

Bonjour GreyWolf..merci pour l'imprimante je ne sais pas comment elle est partagée. j'ai suivi le processus "partage de fichier" Elle est sur DOMTER, et en partage sur DOMBIS, j'en ai à revendre ?????? Pas réussi à partager scanner (DOMTER). Je ne connais pas l'informatique, pour répondre "Netbt n'est désactivé que sur la pseudo-interface de tunneling IPv6 et a l'air activé sur l'interface IPv4" Voici ce que j'ai fait. Ce que tu m'as demandé, sur les deux ordinateurs. La deuxième partie sera envoyé par DOMBIS. ____________________________ORDINATEUR DOMTER_____________________________________ 192.168.1.115 net view sur DOMTER Microsoft Windows XP [version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Sacros>net view Nom de serveur Remarque ------------------------------------------------------------------------------- \\DOMTER EVO La commande s'est terminée correctement. _____________________________________________________________________________________ nbtstat -a Domter par Domter C:\Documents and Settings\Sacros>nbtstat -a 192.168.1.115 Connexion au réseau local : Adresse IP du noeud : [192.168.1.115] ID d'étendue : [] Table de noms NetBIOS des ordinateurs distants Nom Type État --------------------------------------------- DOMTER <00> UNIQUE Inscrit MSHOME <00> Groupe Inscrit DOMTER <20> UNIQUE Inscrit MSHOME <1E> Groupe Inscrit ____________________________________________________________________________ nbtstat -a DOMBIS par Domter C:\Documents and Settings\Sacros>nbtstat -a 192.168.1.10 Connexion au réseau local : Adresse IP du noeud : [192.168.1.115] ID d'étendue : [] Table de noms NetBIOS des ordinateurs distants Nom Type État --------------------------------------------- DOMBIS <00> UNIQUE Inscrit MSHOME <00> Groupe Inscrit DOMBIS <20> UNIQUE Inscrit MSHOME <1E> Groupe Inscrit MSHOME <1D> UNIQUE Inscrit ..__MSBROWSE__.<01> Groupe Inscrit Adresse MAC = 00- -71 ____________________________________________________________________________________ nbtstat -A \\DOMTER par DOMTER C:\Documents and Settings\Sacros>nbtstat -A \\DOMTER Connexion au réseau local : Adresse IP du noeud : [192.168.1.115] ID d'étendue : [] L'adresse IP n'est pas au bon format. Elle doit être décimale pointée, par exemple 11.11.12.13 Vous avez entré "\\DOMTER" C:\Documents and Settings\Sacros> __________________________________________________________________________________ nbtstat -A \\DOMBIS par DOMTER C:\Documents and Settings\Sacros>nbtstat -A \\DOMBIS Connexion au réseau local : Adresse IP du noeud : [192.168.1.115] ID d'étendue : [] L'adresse IP n'est pas au bon format. Elle doit être décimale pointée, par exemple 11.11.12.13 Vous avez entré "\\DOMBIS" ___________________________________________________________________________________________________________________________________________________________________________________________________

Bonjour Alex ainsi qu'à tous.........; Je te remercie de ton conseil, mais c'est ce que je viens de faire; c'est pourquoi j'ai mis les ping et contact entre les deux. Le problème est que je ne vois pas dombis dans le groupe de travail. Pas trouvé pourquoi. Je pense à une désactivation dans les services ou autres ? Merci pour ta réponse, je le referais si je ne trouve pas de soluce. Cordialement, Ð