tiamat69fr

Non, Je ne vois pas le répertoire. Je ne vois d'ailleurs rien qui "ressemble" au panneau de config. Ou alors je suis bigleux. A++

Un peu mieux (copie d'écran) : Mais mon "répertoire", dans le panneau de config, est toujours la A++

Non, ça n'a pas supprimé l'icone. Par contre, lors de la suppressions des "inutiles", esaycleaner n'a pu supprimer 16 fichiers (cause en utilisation par d'autres programmes). Je te mets une copie d'écran :

Je l'ai fait pas plus tard que ce soir : pas de changement

Donc, Re salut, régis Mon soucis : quand je vais dans le panneau de config, j'ai, en début de liste, un icone, sans nom ni rien. Icone du type "répertoire". Quand je clique dessus : message d'erreur comme quoi aucun programme n'est associé pour le lancer, qu'il faut que je passe par l'association, etc, etc... A+

Incroyable, le nombre de choses qu'à vu regseeker, par rapport à ccleaner !!!! Maintenant, suivant le tuto, j'ai viré les clés "vertes", pour les rouges, j'observe.... En attendant, GROS merci....

Salut, J'ai donc désinstallé a2-free et ad-aware, ainsi que quelques applis dont je ne me sers plus (ou quasiment). J'ai viré Avast pour mettre Antivir. Après reboot, j'ai fait un nettoyage de la BDR, mais tel que je sais le faire. C'est à dire que j'ai laissé faire ccleaner. Perso, aller plus loin dans la base, moi, je ne m'y risque pas, car je suis plus que débutant en la matière. Pour info, après le reboot suivant les désinstallations, ça restait encore un bon moment sur le fond d'écran. PS : je speak english, mais une version fr de antivir, ça existe ? Ce serait plus "confortable" A plus Edit : Tiens tiens, je viens de voir que "LicCtrl Service" est de retour (mais il est désactivé, dans les services). J'en fais quoi ? Comme l'autre fois, je détruis ?

Salut, L'url du rapport : http://gsi.kaspersky.fr/lire.php?hl=fr&amp...ab=&search= A+

Re (et oui ) Alors voilà, je bien fait d'attendre un peu pour mettre "résolu". Suivant les conseils au dessus, j'ai viré ZA pro, pour mettre un autre fire-wall. Un pote me conseille Outpost. J'installe la version d'essai. Je ne suis pas du tout satisfait. Je vire donc Outpost pour remettre ZA pro. Mais à partir du moment où j'ai viré outpost, c'est reparti commen en 40 : plus de 2 minutes sur le fond d'écran avant affichage des icones (enfin du bureau en général). Je refais tout les tests que tu m'as fait faire avant ? A+

Oula, grosse tartine à étudier, là Vais m'imprimer tout ça histoire de bien le lire (plus pratique qu'à l'écran, je trouve). En attendant, je te dis un grand merci pour l'aide apportée. A plus, Tiamat

Pas mal de changement effectivement : Il s'arrete vite (5 sec max, comme neuf), et démarrage beaucoup plus vite (on va dire un 15aine de seconde après l'écran "Bienvenu"). Ca me parait donc tout à fait normal. Qu'en pense-tu ? Sinon, l'étape finale dont tu parlais, elle consistait en quoi ? Pas un format c:, au moins ?

Oui oui, c'était bien panda, mais j'ai juste fait un copier/coller de l'écran de résultat. (pas pensé à sauver le log). Sinon, le log bitdefender : BitDefender Online Scanner Scan report generated at: Sun, Jun 17, 2007 - 20:15:48 Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;Z:\; Statistics Time 00:45:54 Files 280840 Folders 7258 Boot Sectors 3 Archives 3099 Packed Files 41672 Results Identified Viruses 2 Infected Files 2 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 2 Engines Info Virus Definitions 514020 Engine build AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[subject: Mail a garder][From: JOURNAUD Laurent DSGC /GCF]=>kcarc.rar=>Collectorzcom_Crack_MP3Collector.exe Infected with: Backdoor.Pcclient.GV C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[subject: Mail a garder][From: JOURNAUD Laurent DSGC /GCF]=>kcarc.rar=>Collectorzcom_Crack_MP3Collector.exe Disinfection failed C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[subject: Mail a garder][From: JOURNAUD Laurent DSGC /GCF]=>kcarc.rar=>Collectorzcom_Crack_MP3Collector.exe Deleted C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst=>[subject: Mail a garder][From: JOURNAUD Laurent DSGC /GCF]=>kcarc.rar Update failed Z:\Mes Programmes\Video\Dvd2Svcd122B3.zip=>D2S122B3.exe=>(Instyler o)=>(Instyler Module 59)=>(bz2_data) Infected with: Trojan.Peed.Gen Z:\Mes Programmes\Video\Dvd2Svcd122B3.zip=>D2S122B3.exe=>(Instyler o)=>(Instyler Module 59)=>(bz2_data) Disinfection failed Z:\Mes Programmes\Video\Dvd2Svcd122B3.zip=>D2S122B3.exe=>(Instyler o)=>(Instyler Module 59)=>(bz2_data) Deleted Z:\Mes Programmes\Video\Dvd2Svcd122B3.zip=>D2S122B3.exe=>(Instyler o)=>(Instyler Module 59) Updated Z:\Mes Programmes\Video\Dvd2Svcd122B3.zip=>D2S122B3.exe=>(Instyler o) Update failed

Résultat : No viruses or other malicious software have been found! Scan again See report Scan finished Stop 322499 Files scanned Z:\Upload\cdtheque_co.xlsScan report Save report Scan again Send to laboratory Save report Scan again ActiveScan only disinfects viruses. To disinfect all threats, buy or try a recommended security product. ActiveScan gives you a deep second opinion analysis of the security level of your PC. Detected Disinfected Virus 0 0 Spyware 0 0 Hacking tools and rootkits 0 0 Dialers 0 0 Security Risks 0 0 Suspicious files 0 0 A++

Bon, ca scan bien, mais quand il passe à la phase 3 (recensement et suppression des infections et des failles de sécurité détectées), il devient inactif. Il bloque Pour info, il m'a trouvé TROJ-GENERIC.Z et SPYWARE_TRAK_ACESPY Je ne peux donc coller le rapport trendmicro A+

Bon, j'ai réussi (apparemment) avec killbox. Le log kaspersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, June 16, 2007 9:30:59 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 16/06/2007 Kaspersky Anti-Virus database records: 347398 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Z:\ Scan Statistics: Total number of scanned objects: 82086 Number of viruses found: 1 Number of infected objects: 0 Number of suspicious objects: 2 Duration of the scan process: 01:06:22 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102006-181507.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip/sk02.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\ft\Cookies\index.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\dfsr.db Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\fsr.log Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\fsrtmp.log Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\tmp.edb Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows Live Contacts\ljournaud@wanadoo.fr\real\members.stg Object is locked skipped C:\Documents and Settings\ft\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Historique\History.IE5\MSHist012007061620070617\index.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Temp\~DFD063.tmp Object is locked skipped C:\Documents and Settings\ft\Local Settings\Temp\~DFEC09.tmp Object is locked skipped C:\Documents and Settings\ft\Local Settings\Temp\~DFEF0A.tmp Object is locked skipped C:\Documents and Settings\ft\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\ft\ntuser.dat Object is locked skipped C:\Documents and Settings\ft\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\Program Files\PeerGuardian2\history.db Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP1\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\FT-A26CC26E803B.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_758.dat Object is locked skipped C:\WINDOWS\Temp\ZLT0423a.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT0423d.TMP Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Z:\OldPart\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Z:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. PS : Si tu trouves plus simple de me guider via msn, pm moi que je te file l'adresse

Le log Kaspersky, mais juste avant, petit truc : avec killbox, je n'ai trouvé aucun des deux fichiers que tu m'indiques (en mode sans échec). Le log, donc : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, June 15, 2007 7:20:10 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 15/06/2007 Kaspersky Anti-Virus database records: 347238 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Z:\ Scan Statistics: Total number of scanned objects: 86225 Number of viruses found: 4 Number of infected objects: 10 Number of suspicious objects: 2 Duration of the scan process: 01:04:57 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102006-181507.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip/sk02.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\ft\Cookies\index.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\ft\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\ft\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\ft\ntuser.dat Object is locked skipped C:\Documents and Settings\ft\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP13\A0002586.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP13\A0002586.exe Vise: infected - 1 skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004366.dll Infected: not-a-virus:AdWare.Win32.VB.y skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.VB.y skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe NSIS: infected - 3 skipped C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_750.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Z:\Mes Programmes\Video\Rippackv3beta161.exe/data/divx5/0/DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped Z:\Mes Programmes\Video\Rippackv3beta161.exe/data/divx5/0/DivXPro502GAINBundle.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped Z:\Mes Programmes\Video\Rippackv3beta161.exe CAB: infected - 2 skipped Z:\OldPart\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Z:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.

Re, Le log spy sweeper : 22:18: Removal process completed. Elapsed time 00:00:11 22:18: Quarantining All Traces: webhancer 22:18: Quarantining All Traces: ist sidefind 22:18: Quarantining All Traces: ist surf accuracy 22:18: Quarantining All Traces: xiti cookie 22:18: Quarantining All Traces: cydoor 22:18: Removal process initiated 22:18: Traces Found: 13 22:18: Custom Sweep has completed. Elapsed time 00:50:00 22:18: File Sweep Complete, Elapsed Time: 00:48:13 21:58: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned. 21:58: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned. 21:58: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned. 21:58: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned. 21:58: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned. 21:58: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned. 21:58: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned. 21:58: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned. 21:57: 682791a6-4b41-47e4-bb26-1a9e29 (ID = 188794) 21:57: Found Adware: webhancer 21:48: swpxa52u.dll (ID = 462590) 21:45: df2b7f4a-3439-45aa-b07e-37fd0e (ID = 158779) 21:45: Found Adware: ist sidefind 21:40: 1160911966.exe (ID = 462837) 21:36: 092e2ec4-d77b-4930-bbbf-0fda68 (ID = 162775) 21:36: Found Adware: ist surf accuracy 21:29: Starting File Sweep 21:29: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned. 21:29: Cookie Sweep Complete, Elapsed Time: 00:00:00 21:29: ft@xiti[1].txt (ID = 3717) 21:29: Found Spy Cookie: xiti cookie 21:29: Starting Cookie Sweep 21:29: Registry Sweep Complete, Elapsed Time:00:00:26 21:29: HKLM\software\classes\typelib\{81f04ef2-a31e-41ce-a72e-69dc8a290c79}\ (ID = 1988624) 21:29: HKLM\software\classes\clsid\{060fdc78-71c0-4766-b430-5db4dfc29f90}\ (ID = 1987854) 21:29: HKLM\software\classes\swpxau.clsdll\ (ID = 1987762) 21:29: HKCR\typelib\{81f04ef2-a31e-41ce-a72e-69dc8a290c79}\ (ID = 1987396) 21:29: HKCR\clsid\{060fdc78-71c0-4766-b430-5db4dfc29f90}\ (ID = 1986626) 21:29: HKCR\swpxau.clsdll\ (ID = 1986534) 21:29: HKLM\software\microsoft\windows\currentversion\shell extensions\approved\ || {51d8eab2-a055-487f-bbe0-dfb79dd0e76d} (ID = 1838857) 21:29: Found Adware: cydoor 21:29: Starting Registry Sweep 21:29: Memory Sweep Complete, Elapsed Time: 00:01:08 21:28: Starting Memory Sweep 21:28: Sweep initiated using definitions version 930 21:28: Spy Sweeper 5.3.2.2361 started 21:28: | Start of Session, jeudi 14 juin 2007 | *************** 21:27: Program Version 5.3.2.2361 Using Spyware Definitions 930 21:27: Spy Sweeper 5.3.2.2361 started 21:27: | Start of Session, jeudi 14 juin 2007 | *************** 21:15: ApplicationMinimized - EXIT 21:15: ApplicationMinimized - ENTER 21:15: Your definitions are up to date. 21:14: Your spyware definitions have been updated. Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 21:13: Shield States 21:13: Spyware Definitions: 866 21:13: Spy Sweeper 5.3.2.2361 started 21:13: Spy Sweeper 5.3.2.2361 started 21:13: | Start of Session, jeudi 14 juin 2007 | *************** 21:21: ApplicationMinimized - EXIT 21:21: ApplicationMinimized - ENTER 21:21: ApplicationMinimized - EXIT 21:21: ApplicationMinimized - ENTER 21:21: None 21:21: Traces Found: 0 21:21: Memory Sweep Complete, Elapsed Time: 00:01:03 21:21: Sweep Canceled 21:20: Starting Memory Sweep 21:20: Start Custom Sweep 21:20: Sweep initiated using definitions version 930 21:19: The Internet Communication shield has blocked access to: WWW.COMETSYSTEMS.COM 21:19: The Internet Communication shield has blocked access to: WWW.COMETSYSTEMS.COM 21:19: The Internet Communication shield has blocked access to: WWW.COMETCURSOR.COM 21:19: The Internet Communication shield has blocked access to: WWW.COMETCURSOR.COM 21:19: The Internet Communication shield has blocked access to: WWW.CASHSURFERS.COM 21:19: The Internet Communication shield has blocked access to: WWW.CASHSURFERS.COM 21:19: The Internet Communication shield has blocked access to: WWW.BRILLIANTDIGITAL.COM 21:19: The Internet Communication shield has blocked access to: WWW.BRILLIANTDIGITAL.COM 21:19: The Internet Communication shield has blocked access to: WWW.BONZI.COM 21:19: The Internet Communication shield has blocked access to: WWW.BONZI.COM 21:18: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE 21:18: The Internet Communication shield has blocked access to: LOP.COM 21:18: The Internet Communication shield has blocked access to: LOP.COM 21:17: The Internet Communication shield has blocked access to: IMG.LOP.COM 21:17: The Internet Communication shield has blocked access to: IMG.LOP.COM Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 21:16: Shield States 21:16: Spyware Definitions: 930 21:16: Spy Sweeper 5.3.2.2361 started 21:16: Spy Sweeper 5.3.2.2361 started 21:16: | Start of Session, jeudi 14 juin 2007 | *************** Le log hijackthis : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:25:40, on 14/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NTR global\NTRconnect\NTRconnect.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\MSN Messenger\usnsvc.exe Z:\Temp\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "C:\Program Files\Gene6 FTP Server\G6FTPTray.exe" O4 - HKCU\..\Run: [NoSpam] "C:\Program Files\StofWare\NoSpam\NoSpam.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181667480984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149494919515 O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo.fr/Commo...sCamControl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{831A0816-5169-4B01-83C5-FA84CE6DB289}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8CC37F-87A6-4DAA-8E76-A0DBAD50AD31}: NameServer = 80.10.246.1,80.10.246.139 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NTRconnect (ntrconnect) - Unknown owner - C:\Program Files\NTR global\NTRconnect\NTRconnect.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9925 bytes A plus

Ok, donc, avec un peu de retard 1) Rapport AVG Anti-Spyware : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:34:15 14/06/2007 + Résultat de l'analyse: C:\WINDOWS\system32\1160911966.exe -> Adware.BHO : Ignoré. C:\WINDOWS\system32\swpxa52u.dll -> Adware.VB : Ignoré. Z:\Mes fichiers reçus\Nero v7.0 (KeyGen).zip/Nero v7.0 (KeyGen).exe -> Backdoor.Hupigon : Nettoyé et sauvegardé (mise en quarantaine). Z:\Temp\A Trier\Nero-7012-FR+ENG+Keygen\Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\ft\Cookies\ft@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\ft\Cookies\ft@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\ft\Cookies\ft@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé. C:\WINDOWS\system32\1163842435.exe -> Trojan.VB.an : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport 2) Rapport BlackLight : 06/14/07 19:42:44 [info]: BlackLight Engine 1.0.61 initialized 06/14/07 19:42:44 [info]: OS: 5.1 build 2600 (Service Pack 2) 06/14/07 19:42:44 [Note]: 7019 4 06/14/07 19:42:44 [Note]: 7005 0 06/14/07 19:42:46 [Note]: 7006 0 06/14/07 19:42:46 [Note]: 7011 1572 06/14/07 19:42:46 [Note]: 7026 0 06/14/07 19:42:47 [Note]: 7026 0 06/14/07 19:42:50 [Note]: FSRAW library version 1.7.1021 06/14/07 19:50:01 [Note]: 7007 0 3) Nouveau rapport HijackThis! : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:53:31, on 14/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSN Messenger\usnsvc.exe Z:\Temp\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "C:\Program Files\Gene6 FTP Server\G6FTPTray.exe" O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181667480984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149494919515 O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo.fr/Commo...sCamControl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{831A0816-5169-4B01-83C5-FA84CE6DB289}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8CC37F-87A6-4DAA-8E76-A0DBAD50AD31}: NameServer = 80.10.246.1,80.10.246.139 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NTRconnect (ntrconnect) - Unknown owner - C:\Program Files\NTR global\NTRconnect\NTRconnect.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9535 bytes Voilà. Je mate d'ici quelques temps

Effectivement, j'ai oublié le "Apply all actions". Par contre je le ferai ce soir, car là, boulot. Je tiens au courant vers 19h

Donc, 1) Rapport AVG Anti-Spyware : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 20:56:28 13/06/2007 + Résultat de l'analyse: C:\WINDOWS\system32\1160911966.exe -> Adware.BHO : Aucune action entreprise. C:\WINDOWS\system32\swpxa52u.dll -> Adware.VB : Aucune action entreprise. Z:\Mes fichiers reçus\Nero v7.0 (KeyGen).zip/Nero v7.0 (KeyGen).exe -> Backdoor.Hupigon : Aucune action entreprise. Z:\Temp\A Trier\Nero-7012-FR+ENG+Keygen\Nero7Keygen.exe -> Backdoor.Hupigon : Aucune action entreprise. C:\Documents and Settings\ft\Cookies\ft@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise. C:\Documents and Settings\ft\Cookies\ft@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise. C:\Documents and Settings\ft\Cookies\ft@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise. C:\WINDOWS\system32\1163842435.exe -> Trojan.VB.an : Aucune action entreprise. Fin du rapport 2) Rapport BlackLight (l'exe est "fsbl.exe", est-ce le bon ?) : 06/13/07 21:07:12 [info]: BlackLight Engine 1.0.61 initialized 06/13/07 21:07:12 [info]: OS: 5.1 build 2600 (Service Pack 2) 06/13/07 21:07:12 [Note]: 7019 4 06/13/07 21:07:12 [Note]: 7005 0 06/13/07 21:07:18 [Note]: 7006 0 06/13/07 21:07:18 [Note]: 7011 1568 06/13/07 21:07:18 [Note]: 7026 0 06/13/07 21:07:19 [Note]: 7026 0 06/13/07 21:07:21 [Note]: FSRAW library version 1.7.1021 06/13/07 21:20:45 [Note]: 7007 0 3) Nouveau rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:22:24, on 13/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSN Messenger\usnsvc.exe Z:\Temp\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "C:\Program Files\Gene6 FTP Server\G6FTPTray.exe" O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181667480984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149494919515 O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo.fr/Commo...sCamControl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{831A0816-5169-4B01-83C5-FA84CE6DB289}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8CC37F-87A6-4DAA-8E76-A0DBAD50AD31}: NameServer = 80.10.246.1,80.10.246.139 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NTRconnect (ntrconnect) - Unknown owner - C:\Program Files\NTR global\NTRconnect\NTRconnect.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9478 bytes Voilà, bon courage à toi (vous si quelqu'un se joint à toi). Je surveille réponse, sinon demain A++

Pas mieux. J'ai bien désactiver LicCtrl Service, mais je ne le trouve pas quand je fais le scan only. Peut-être un nouveau log, maintenant qu'il est désactivé ?

Bonjour, J'ai depuis quelques temps un petit soucis : windows (XP SP2) est lent au démarrage. J'entends par là qu'il reste un moment sur le fond d'écran avant d'afficher les icones et tout le reste. J'ai fait le nécessaire au niveau des progs qui se lancent au démarrage. J'ai passé a2-square, ad-aware et spybot, ménage fait. Mais le mal perdure. Je vous colle le rapport hijackthis pour analyse (j'y connais rien) : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:39:15, on 13/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe Z:\Temp\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "C:\Program Files\Gene6 FTP Server\G6FTPTray.exe" O4 - HKCU\..\Run: [NoSpam] C:\Program Files\StofWare\NoSpam\NoSpam.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181667480984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149494919515 O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo.fr/Commo...sCamControl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{831A0816-5169-4B01-83C5-FA84CE6DB289}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8CC37F-87A6-4DAA-8E76-A0DBAD50AD31}: NameServer = 80.10.246.1,80.10.246.139 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing) O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NTRconnect (ntrconnect) - Unknown owner - C:\Program Files\NTR global\NTRconnect\NTRconnect.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 9576 bytes D'avance merci Tiamat

Salut, Suis nouveau et malgré les recherches, j'ai pas trouvé. Voilà mon problème : J'ai installé, ce soir, la livebox (j'avais avant un modem usb, que j'ai viré avant install de la LB). MAIS, ca m'a installer AUSSI l'espace wanadoo. Je n'arrive pas à le virer. Quand je vais dans le menu démarrer/programmes/wanadoo, il n'y a pas de "désinstaller) Quand je vais de le panneau de config, je n'ai à aucun moment non plus un choix pour désinstaller cet espace wanadoo. Je n'ai ABSOLULENT pas besoin de cet espace wanadoo. Pouvez-vous m'aider, svp Thanx