titotito

As t 'il repéré Nail.exe ? Non c'est tout ce qu'il a repéré ! Je vais refaire les manip en mode administrateur, mais le probleme c'est que quand je démarre le pc en mode normal on ne me laisse pas le choix. Autre question est ce que je laisse la désactivation de la restauration? Merci Timothée

Voilà le résultat du scan TDS Scan Control Dumped @ 01:00:32 27-05-05 Positive identification (embedded in file): TrojanDownloader.Win32.Stubby.c1 File: e:\windows\backup\t\50501000.dat Positive identification (embedded in file): TrojanDownloader.Win32.Delmed.b File: e:\windows\backup\t\50501000.dat C'est tout... je les ai deletés. a+ et merci encore

Queruak j'ai tout fait exactement comme tu me l'as dit, trouvé tous les fichiers et dossiers en questions (avec vidage de corbeille en plus..) en mode sans echec (certifié) voici le log : Logfile of HijackThis v1.99.1 Scan saved at 23:02:04, on 26/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.exe E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe E:\WINDOWS\System32\CTSvcCDA.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\iPod\bin\iPodService.exe E:\WINDOWS\System32\wuauclt.exe E:\WINDOWS\System32\wuauclt.exe E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [pzqadj] e:\windows\system32\bwponej.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

euh... c'est mon pc et je suis le seul à l'utiliser mais manifestement il y a une autre session possible en mode sans echec qui s'appelle "administrateur" et qui est distincte de "timothée" (c compliqué lol)

timothée c'est moi

oui j'y parviens, j'ai cependant un doute quant au choix de l'utilisateur au démarrage en mode sans echec, windows me propose mon nom ou "admisnistrateur" (ce qu'il ne fait pas au démarage en mode normal) j'ai jusqu'ici choisi d'ouvrir des cessions sous mon nom peut etre que l'erreur vient de là? qu'en penses tu?

OK merci pour ta patience ! voilà les résultats des scans 1 - Secuser : n'a trouvé que : TROJ BUDDY.F - non cleanable - E\WINDOWS\xsiqkfgjbtw.exe 2 - Panda activescan : Adware:Adware/Aurora No Désinfecté e:\windows\system32\bwponej.exe Adware:Adware/SaveNow No Désinfecté Registre Windows Spyware:Spyware/AdClicker No Désinfecté E:\WINDOWS\usta32.ini Adware:Adware/KeenValue No Désinfecté E:\WINDOWS\System32\drivers\etc\hosts.bho Adware:Adware/SAHAgent No Désinfecté E:\WINDOWS\unstall.exe Spyware:Spyware/Searchcentrix No Désinfecté Registre Windows Adware:Adware/IPInsight No Désinfecté E:\WINDOWS\LastGood\INF\farmmext.inf Adware:Adware/WUpd No Désinfecté Registre Windows Adware:Adware/EliteBar No Désinfecté E:\WINDOWS\EliteSideBar Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\INF\dlmax.PNF Adware:Adware/Aurora No Désinfecté E:\WINDOWS\nail.exe Adware:Adware/KeenValue No Désinfecté E:\WINDOWS\system32\drivers\etc\hosts.bho Adware:Adware/Aurora No Désinfecté E:\WINDOWS\system32\bwponej.exe Adware:Adware/Transponder No Désinfecté E:\WINDOWS\system32\tgooeff.exe Adware:Adware/SAHAgent No Désinfecté E:\WINDOWS\unstall.exe Adware:Adware/Transponder No Désinfecté E:\WINDOWS\mpaohm.exe Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\INF\Pynix.inf Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\INF\Pynix.PNF Adware:Adware/IPInsight No Désinfecté E:\WINDOWS\LastGood\INF\farmmext.inf Adware:Adware/IPInsight No Désinfecté E:\WINDOWS\LastGood\INF\farmmext.PNF Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\INF\dlmax.inf Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\INF\dlmax.PNF Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\System32\DrPMon.dll Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\farmmext.ini Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\svcproc.exe Adware:Adware/Transponder No Désinfecté E:\WINDOWS\LastGood\Nail.exe Adware:Adware/Transponder No Désinfecté E:\WINDOWS\Nail.exe Spyware:Spyware/AdClicker No Désinfecté E:\WINDOWS\usta32.ini Spyware:Spyware/Altnet No Désinfecté E:\Program Files\Altnet\Download Manager\asm.exe Keep me posted TitO

Ok, je l'ai desactivé, j'ai redémarré, puis j'ai refait la manip avec le mypctuneup, et rdémarré. Enfin, j'ai vidé la corbeille. Voici le log : Logfile of HijackThis v1.99.1 Scan saved at 17:03:19, on 26/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe e:\windows\system32\pnqhow.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\WINDOWS\System32\CTSvcCDA.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\WINDOWS\System32\wuauclt.exe E:\WINDOWS\System32\wuauclt.exe E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 13 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [wkkssv] e:\windows\system32\pnqhow.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - E:\WINDOWS\svcproc.exe (file missing) Qu'est ce que c'est nail? est ce que tu me conseilles de tout recommencer depuis le début? Dois je réactiver la restauration du systeme? Merci Queruak pour ton aide précieuse!

Rebonjour Tout s'est bien passé avec l'application en question, qui m'a affirmé avoir successfully removed toutes les pubs et pop ups en question... voilà le log, nail.exe est toujours là du fil à retordre! Logfile of HijackThis v1.99.1 Scan saved at 16:34:25, on 26/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.exe E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe e:\windows\system32\dzrnyw.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\WINDOWS\System32\CTSvcCDA.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\WINDOWS\System32\wuauclt.exe E:\WINDOWS\System32\wuauclt.exe E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 12 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [aittcz] e:\windows\system32\dzrnyw.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - E:\WINDOWS\svcproc.exe (file missing)

tout s'est bien passé, voilà le log : Logfile of HijackThis v1.99.1 Scan saved at 16:01:43, on 26/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\CTSvcCDA.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\WINDOWS\System32\wuauclt.exe e:\windows\system32\iaevjg.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 11 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [wzesxhd] e:\windows\system32\iaevjg.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

Bonjour Queruak J'ai effectué les démarches, redémarré mon pc en mode normal, et aurora s'est immédiatement déclenché. voici le log : Logfile of HijackThis v1.99.1 Scan saved at 13:55:56, on 26/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.exe E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe E:\Program Files\MSN Messenger\MsnMsgr.Exe e:\windows\system32\yybyzi.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\WINDOWS\System32\CTSvcCDA.exe E:\Program Files\ewido\security suite\ewidoctrl.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\iPod\bin\iPodService.exe E:\WINDOWS\System32\wuauclt.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe E:\WINDOWS\xsiqkfgjbtw.exe E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 9 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [gexjyow] e:\windows\system32\yybyzi.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe J'ai l'impression que c'est impossible à erradiquer, j'espère que tu as d'autres idées, merci encore, tito

Alors J'ai commencé par supprimer E:\WINDOWS\System32\elitepmm32.exe E:\WINDOWS\System32\elitervw32.exe E:\WINDOWS\System32\eliterij32.exe E:\WINDOWS\System32\elitexix32.exe en mode sans echec J'ai redémaré en mode normal, mais wqpfxd.exe n'apparaissait pas dans l'onglet processus. J'ai tout de même lancé Hijackthis dans lequel n'apparaissait pas : O4 - HKLM\..\Run: [nlibrqg] e:\windows\system32\wqpfxd.exe j'ai ensuite suivi toutes les étapes avec succès (je pense) De même, lors de la dernière étape, aucun fichier : -E:\WINDOWS\System32\wqpfxd.exe n'est apparu voilà le log Logfile of HijackThis v1.99.1 Scan saved at 18:29:48, on 24/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\QuickTime\qttask.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe e:\windows\system32\ravzog.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\WINDOWS\System32\CTSvcCDA.exe E:\Program Files\ewido\security suite\ewidoctrl.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\iPod\bin\iPodService.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 8 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [vhdzjg] e:\windows\system32\ravzog.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - E:\WINDOWS\svcproc.exe

NB : deux pop ups "aurora" viennent de s'ouvrir sur mon pc!

Merci Queruak! Tout s'est bien passé sauf : Etape 7: il n'y avait pas les lignes : O4 - HKLM\..\Run: [inhkla] e:\windows\system32\xzyxde.exe O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O23 - Service: System Startup Service (SvcProc) - Unknown owner - E:\WINDOWS\svcproc.exe Etape 9: il n'y avait pas les fichiers : -E:\WINDOWS\Bolger.dll -E:\WINDOWS\System32\xzyxde.exe il n'y avait pas les dossiers : -E:\WINDOWS\System32\picsvr -E:\Program Files\Fichiers Communs\WinTools Cependant, j'ai noté la présence de fichiers suspects : E:\WINDOWS\System32\elitepmm32.exe E:\WINDOWS\System32\elitervw32.exe E:\WINDOWS\System32\eliterij32.exe E:\WINDOWS\System32\elitexix32.exe Mais j'ai préféré ne pas y toucher Voici le dernier log de Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 16:34:10, on 24/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.exe E:\WINDOWS\System32\CTSvcCDA.exe E:\Program Files\ewido\security suite\ewidoctrl.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe E:\Program Files\QuickTime\qttask.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe e:\windows\system32\wqpfxd.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\Program Files\iPod\bin\iPodService.exe E:\WINDOWS\System32\wuauclt.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [nlibrqg] e:\windows\system32\wqpfxd.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe Merci encore pour ton aide Titotito

Bonjour, C'est encore moi, titotito, j'ai effectué toutes les procédures recommandées mais mon pc est toujours aussi infecté. De plus, la version d'evaluation de ewido a touché à son terme. Je suis completement perdu, merci de me venir en aide voici le dernier log de hijackthis Logfile of HijackThis v1.99.1 Scan saved at 14:31:44, on 24/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.exe E:\Program Files\Creative\ShareDLL\CtNotify.exe E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe e:\windows\system32\xzyxde.exe E:\Program Files\Creative\ShareDLL\MediaDet.Exe E:\WINDOWS\System32\CTSvcCDA.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe E:\Program Files\ewido\security suite\ewidoctrl.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe E:\Program Files\Outlook Express\msimn.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Messenger\msmsgs.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Documents and Settings\timothée\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - E:\WINDOWS\Bolger.dll (file missing) O4 - HKLM\..\Run: [Détecteur de disque] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [Disc Detector] E:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [checkrun] E:\windows\system32\elitejzv32.exe O4 - HKLM\..\Run: [WinTools] E:\PROGRA~1\FICHIE~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [picsvr] E:\WINDOWS\System32\picsvr\picsvr.exe O4 - HKLM\..\Run: [ASDPLUGIN] E:\WINDOWS\System32\france.exe -N O4 - HKLM\..\Run: [HELPER] E:\WINDOWS\System32\france.exe -N O4 - HKLM\..\Run: [inhkla] e:\windows\system32\xzyxde.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ad Arrest] E:\Program Files\Ad Arrest Pop Up Stopper for Kazaa\adarrest.exe O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...bridge-c293.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-motor.net/cabs/diamond.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - E:\WINDOWS\svcproc.exe