mercurefi

Géééniaaaal ! Super !!!!!!!!!!! Nous avons enfin récupéré le son ! Un grand merci à toi AliaS93 pour cette info de première ! Mercurefi

merci beaucoup pour le tuyau, on va tester. Mercurefi

ca serait avec plaisir mais la bibliotheque a ete upgradee pour itune 7 et pas trouve le moyen de revenir a la version 6 sans alterer le fichier librairy !! auriez vous un process precis et detaille pour revenir a la 6 et remettre la bibliotheque au format itune 6.5? mercurefi

oui oui! restauration tentee sur la version d'avant l'instllation d'Itune7! aucun effet et toujours pas de zic !!! vu la galere on a meme envisage de re-installer windows ! mais est ce que le probleme vient de windows vu que tout a part Quicktime 7 marche parfaitement? on est meme preneur de conseils de marabouts ou guerisseurs s'il le faut ! merci a tous!

Bonjour a tous. Nous avons installé la mise à jour d'itunes7 il y a environ 2 semaines. Depuis plus de son : d'après l'affichage de l'équaliseur il y a bien du son mais absolument rien en sortie. Les fichiers audios sont eux bien audibles par windows média player ou autre soft mais rien de rien avec itunes7 On a fait la mise à jour de quicktime, rien de neuf. désinstallation de itunes, désinstallation de quicktime et réinstallation du tout en commencant par quicktime ça ne fonctionne toujours pas. Tentative de retour à la version précédente de itunes = impossible... Mise à jour de tous les drivers de la carte son : rien de neuf résultat : tout est bloqué. plus de musique à la maison puisqu'on pilote tout avec itunes. Quelqu'un a-t-il une idée ?? Merci

Bon je ne sais pas s'il a eu peur ou s'il voulait me faire plaisir mais il me réaffiche de nouveau l'ajout/suppr !! yesssssssssssssss !!!! maintenant je vais essayer un easy recovery un un truc du genre pour récupérer mes fichiers. merci beaucoup pour ta patience et bonne soirée ! mercurefi la husarde

ah ben merci de me rassurer Mégataupe, cool Bon maintenant me reste plus qu'à trouver l'idée du siècle pour récuperer mon affichage des programmes dans l'ajout/suppr et voir comment je peux restaurer mes fichiers MP3 qui se cachent méticuleusement d'un parametrage explorer normal et se sont planqués dans des directeories found0../dir... sinon je formate tout grrrr bonne soirée mercurefi la hussarde

ooppsss oublié 2 précisions = j'ai toujours la restauration sytème déactivée (chais pas si ça peut servir) et il st chouette ton logo Mégataupe

Hello tout le monde ! j'ai bien fait de prendre du repos car c'était le jeu du plus têtu ce soir. Entre f-secure qui refuse de se lancer en mode sans échec et process guard qui ne veut pas que f-secure fasse ses vérifs, il a fallu que je fasse le shérif = process guard a perdu ! désinstallation complète car même fermé il continuait de bosser ! non mais ! lool pour être totalement honnête, process guard s'est vengé : je n'ai plus accès à l'ajout ou suppression de programme dans le panneau de config, et mcafee s'y met en me signalant la tentative d'intrusion de c:\windows\system32\alg.exe sur le port 1027 ! c'est qui cuilà ?!!!! GRRRRRRRRRRRR.... et tout ça pour obtenir un rapport f-secure lancé en mode normal = NEANT, que dchi, nada !!! No hidden items found !!! c'est où la décharge à ordis ??? Mercurefi

Bon, le K est revenu sur le c donc je vais pouvoir faire les manips qui nécessitent une vérif des 2 en mode accéléré.... mais demain soir !!! parce que j'avoue que là, je sature un peu ! loool Bonne nuit et merci

hello tesfaz, pour le moment le dd externe est pluggué en usb sur un portable pour l'isoler. Pour ce que tu me dis, j'attends que le chéri rentre car pour moi c'est chinois c que tu me dis... tout ce que je peux te dire, c'est que 90% des fichiers sont planqués où qu'on le branche... merci tu m'inquiètes mégataupe pour le process guard... je l'ai lancé tel quel sans paramétrer quoi que ce soit... faut-il que je recommence tout ? pour f-sécure, là encore j'attends qu'on me rebranche le dd externe sur le c car c'est vraiment trop long les manips sur le portable préhistorique... Donc à priori la suite demain... et merci beaucoup pour ta patience.. mercurefi

je ne sais pas si c'est moi qui ai autorisé services.exe... J'ai le plus petit brevet de pilote d'anglais existant et je passe mon temps à me battre contre mcafee et maintenant processguard qui me posent des question à chaque fois que je clique sur internet ou que j'installe un programme de vérif. Heureusement que j'ai désinstallé antivir sinon c'était plus possible lool. bon, voici les rapports = c:\windows\system32\services.exe = Service load: 0% 100% File: services.exe Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 63dcde1a0d86eeb8924d6738ff616ead Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing c:\windows\system32\spoolsv.exe = Service load: 0% 100% File: spoolsv.exe Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 da81ec57acd4cdc3d4c51cf3d409af9f Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing ps = j'applaudis ta patience !!!!

re bonsoir mégataupe... j'ai réussi à le charger finalement et voici les 2 rapports : AVEC LEARNING MODE = ---Process Guard Log Started--- Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\wdfmgr.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\wdfmgr.exe ] Sun 11 - 20:52:05 [EXECUTION] "c:\progra~1\mcafee.com\agent\mcagent.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\agent\mcagent.exe" ] Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\mspmspsv.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\mspmspsv.exe ] Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\svchost.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\svchost.exe -k netsvcs ] Sun 11 - 20:52:05 [EXECUTION] "c:\progra~1\mcafee.com\vso\mcvsshld.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\vso\mcvsshld.exe" ] Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\fxssvc.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\fxssvc.exe ] Sun 11 - 20:52:06 [EXECUTION] "c:\progra~1\mcafee.com\vso\mcvsescn.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2064] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled ] Sun 11 - 20:52:06 [EXECUTION] "c:\progra~1\mcafee\spamki~1\mskdetct.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee\spamki~1\mskdetct.exe" /startup ] Sun 11 - 20:52:07 [EXECUTION] "c:\progra~1\mcafee\spamki~1\mskagent.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee\spamki~1\msksrvr.exe" [2012] [EXECUTION] Commandline - [ c:\progra~1\mcafee\spamki~1\mskagent.exe /notifyagent ] Sun 11 - 20:52:07 [EXECUTION] "c:\progra~1\mcafee.com\vso\mcshield.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\progra~1\mcafee.com\vso\mcshield.exe ] Sun 11 - 20:52:07 [EXECUTION] "c:\program files\mcafee.com\shared\mghtml.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1000] [EXECUTION] Commandline - [ "c:\program files\mcafee.com\shared\mghtml.exe" -embedding ] Sun 11 - 20:52:07 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpftray.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\person~1\mpftray.exe" ] Sun 11 - 20:52:09 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpftray.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\person~1\mpftray.exe" ] Sun 11 - 20:52:11 [EXECUTION] "c:\program files\fichiers communs\real\update_ob\realsched.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot ] Sun 11 - 20:52:13 [EXECUTION] "c:\program files\processguard\procguard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" ] Sun 11 - 20:52:13 [EXECUTION] "c:\windows\system32\alg.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\alg.exe ] Sun 11 - 20:52:13 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpfagent.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1000] [EXECUTION] Commandline - [ c:\progra~1\mcafee.com\person~1\mpfagent.exe -embedding ] Sun 11 - 20:52:14 [EXECUTION] "c:\program files\natso backup\natsobackup_pro.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\natso backup\natsobackup_pro.exe" ] Sun 11 - 20:52:14 [EXECUTION] "c:\windows\system32\wbem\wmiprvse.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1000] [EXECUTION] Commandline - [ c:\windows\system32\wbem\wmiprvse.exe -embedding ] Sun 11 - 20:52:15 [EXECUTION] "c:\program files\quicktime\qttask.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\quicktime\qttask.exe" -atboottime ] Sun 11 - 20:52:15 [EXECUTION] "c:\program files\itunes\ituneshelper.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\itunes\ituneshelper.exe" ] Sun 11 - 20:52:16 [EXECUTION] "c:\program files\ipod\bin\ipodservice.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ "c:\program files\ipod\bin\ipodservice.exe" ] Sun 11 - 20:52:16 [EXECUTION] "c:\program files\processguard\pgaccount.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\processguard\pgaccount.exe" ] Sun 11 - 20:52:17 [EXECUTION] "c:\windows\system32\ctfmon.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\windows\system32\ctfmon.exe" ] Sun 11 - 20:52:19 [EXECUTION] "c:\program files\messenger\msmsgs.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\messenger\msmsgs.exe" /background ] Sun 11 - 20:52:19 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpfwizard.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee.com\person~1\mpftray.exe" [2420] [EXECUTION] Commandline - [ "mpfwizard.exe" ] Sun 11 - 20:52:20 [EXECUTION] "c:\program files\processguard\procguard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" -minimize ] Sun 11 - 20:52:21 [EXECUTION] "c:\program files\wintv\ir.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\wintv\ir.exe" /quiet ] Sun 11 - 20:52:21 [EXECUTION] "c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe" ] Sun 11 - 20:52:51 [EXECUTION] "c:\windows\system32\wuauclt.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1768] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[6e8]susds6fc9d8a98298f644bff72aa41bb0a33b ] Sun 11 - 20:53:13 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" c:\program files\processguard\logs\pglog_12_2005.txt ] SANS LEARNING MODE = ---Process Guard Log Started--- Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\wdfmgr.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\wdfmgr.exe ] Sun 11 - 20:52:05 [EXECUTION] "c:\progra~1\mcafee.com\agent\mcagent.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\agent\mcagent.exe" ] Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\mspmspsv.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\mspmspsv.exe ] Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\svchost.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\svchost.exe -k netsvcs ] Sun 11 - 20:52:05 [EXECUTION] "c:\progra~1\mcafee.com\vso\mcvsshld.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\vso\mcvsshld.exe" ] Sun 11 - 20:52:05 [EXECUTION] "c:\windows\system32\fxssvc.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\fxssvc.exe ] Sun 11 - 20:52:06 [EXECUTION] "c:\progra~1\mcafee.com\vso\mcvsescn.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2064] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled ] Sun 11 - 20:52:06 [EXECUTION] "c:\progra~1\mcafee\spamki~1\mskdetct.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee\spamki~1\mskdetct.exe" /startup ] Sun 11 - 20:52:07 [EXECUTION] "c:\progra~1\mcafee\spamki~1\mskagent.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee\spamki~1\msksrvr.exe" [2012] [EXECUTION] Commandline - [ c:\progra~1\mcafee\spamki~1\mskagent.exe /notifyagent ] Sun 11 - 20:52:07 [EXECUTION] "c:\progra~1\mcafee.com\vso\mcshield.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\progra~1\mcafee.com\vso\mcshield.exe ] Sun 11 - 20:52:07 [EXECUTION] "c:\program files\mcafee.com\shared\mghtml.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1000] [EXECUTION] Commandline - [ "c:\program files\mcafee.com\shared\mghtml.exe" -embedding ] Sun 11 - 20:52:07 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpftray.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\person~1\mpftray.exe" ] Sun 11 - 20:52:09 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpftray.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\progra~1\mcafee.com\person~1\mpftray.exe" ] Sun 11 - 20:52:11 [EXECUTION] "c:\program files\fichiers communs\real\update_ob\realsched.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot ] Sun 11 - 20:52:13 [EXECUTION] "c:\program files\processguard\procguard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" ] Sun 11 - 20:52:13 [EXECUTION] "c:\windows\system32\alg.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\alg.exe ] Sun 11 - 20:52:13 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpfagent.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1000] [EXECUTION] Commandline - [ c:\progra~1\mcafee.com\person~1\mpfagent.exe -embedding ] Sun 11 - 20:52:14 [EXECUTION] "c:\program files\natso backup\natsobackup_pro.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\natso backup\natsobackup_pro.exe" ] Sun 11 - 20:52:14 [EXECUTION] "c:\windows\system32\wbem\wmiprvse.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1000] [EXECUTION] Commandline - [ c:\windows\system32\wbem\wmiprvse.exe -embedding ] Sun 11 - 20:52:15 [EXECUTION] "c:\program files\quicktime\qttask.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\quicktime\qttask.exe" -atboottime ] Sun 11 - 20:52:15 [EXECUTION] "c:\program files\itunes\ituneshelper.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\itunes\ituneshelper.exe" ] Sun 11 - 20:52:16 [EXECUTION] "c:\program files\ipod\bin\ipodservice.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ "c:\program files\ipod\bin\ipodservice.exe" ] Sun 11 - 20:52:16 [EXECUTION] "c:\program files\processguard\pgaccount.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\processguard\pgaccount.exe" ] Sun 11 - 20:52:17 [EXECUTION] "c:\windows\system32\ctfmon.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\windows\system32\ctfmon.exe" ] Sun 11 - 20:52:19 [EXECUTION] "c:\program files\messenger\msmsgs.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\messenger\msmsgs.exe" /background ] Sun 11 - 20:52:19 [EXECUTION] "c:\progra~1\mcafee.com\person~1\mpfwizard.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee.com\person~1\mpftray.exe" [2420] [EXECUTION] Commandline - [ "mpfwizard.exe" ] Sun 11 - 20:52:20 [EXECUTION] "c:\program files\processguard\procguard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" -minimize ] Sun 11 - 20:52:21 [EXECUTION] "c:\program files\wintv\ir.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\wintv\ir.exe" /quiet ] Sun 11 - 20:52:21 [EXECUTION] "c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe" ] Sun 11 - 20:52:51 [EXECUTION] "c:\windows\system32\wuauclt.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1768] [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[6e8]susds6fc9d8a98298f644bff72aa41bb0a33b ] Sun 11 - 20:53:13 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" c:\program files\processguard\logs\pglog_12_2005.txt ] Sun 11 - 20:53:51 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" ] Sun 11 - 20:54:48 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [424] [EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" c:\program files\process guard 3150\rapport.txt ] Sun 11 - 20:55:52 [EXECUTION] "c:\windows\system32\logonui.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\winlogon.exe" [728] [EXECUTION] Commandline - [ logonui.exe /status /shutdown ] Sun 11 - 20:56:02 [TERMINATE] c:\windows\system32\services.exe [772] was blocked from terminating c:\windows\system32\spoolsv.exe [1596] ---Process Guard Log Started--- Sun 11 - 20:57:26 [EXECUTION] "c:\windows\system32\fxssvc.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\fxssvc.exe ] Sun 11 - 20:57:27 [EXECUTION] "c:\program files\ipod\bin\ipodservice.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ "c:\program files\ipod\bin\ipodservice.exe" ] Sun 11 - 20:57:28 [EXECUTION] "c:\program files\mcafee.com\vso\mcshield.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\progra~1\mcafee.com\vso\mcshield.exe ] Sun 11 - 20:57:30 [EXECUTION] "c:\program files\mcafee\spamkiller\mskagent.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee\spamki~1\msksrvr.exe" [1776] [EXECUTION] Commandline - [ c:\progra~1\mcafee\spamki~1\mskagent.exe /notifyagent ] Sun 11 - 20:57:31 [EXECUTION] "c:\windows\system32\alg.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\services.exe" [772] [EXECUTION] Commandline - [ c:\windows\system32\alg.exe ] Sun 11 - 20:57:32 [EXECUTION] "c:\windows\system32\wbem\wmiprvse.exe" was allowed to run [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1000] [EXECUTION] Commandline - [ c:\windows\system32\wbem\wmiprvse.exe -embedding ] Sun 11 - 20:57:32 [EXECUTION] "c:\program files\mcafee.com\personal firewall\mpfwizard.exe" was allowed to run [EXECUTION] Started by "c:\progra~1\mcafee.com\person~1\mpftray.exe" [532] [EXECUTION] Commandline - [ "mpfwizard.exe" ] Sun 11 - 20:57:36 [EXECUTION] "c:\program files\processguard\procguard.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1900] [EXECUTION] Commandline - [ "c:\program files\processguard\procguard.exe" -minimize ] Sun 11 - 20:57:37 [EXECUTION] "c:\program files\wintv\ir.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1900] [EXECUTION] Commandline - [ "c:\program files\wintv\ir.exe" /quiet ] Sun 11 - 20:57:37 [EXECUTION] "c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1900] [EXECUTION] Commandline - [ "c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe" ] Sun 11 - 20:58:02 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [1900] [EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" c:\program files\processguard\logs\pglog_12_2005.txt ] merci beaucoup mercurefi oooppssss j'ai oublié d'ajouter que je n'ai fait cette manip que sur le C. Dois-je la répéter sur le DD externe isolé sur un portable ?

hello tout le monde... après avoir posté les rapports du C d'aproposfix et hijackthis voici ceux du portable sur lequel est isolé le DD externe défaillant. je ne sais pas si ça sera d'une quelconque utilité mais dans le doute.... APROPOSFIX = Log of AproposFix v1 *********** Running from directory: C:\Documents and Settings\Siboni\Bureau\aproposfix ************ Registry entries found: ************ No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished! HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 14:53:01, on 11/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/navig/mail.phtml R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\WinFax Plus\CapFax.EXE O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Wireless Client Manager.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106413635273 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: SHYXOA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Siboni\LOCALS~1\Temp\SHYXOA.exe voilà voilà... et encore merci à tous

Merci Jack Burton ! je vais le redéplacer... a vrai dire je vais même faire des recherches car je dois l'avoir en triple exemplaire maintenant A+

Megataupe, voici les rapport pour le C : APROPOFIX = Log of AproposFix v1 ************ Running from directory: C:\Documents and Settings\Salon\Bureau\aproposfix ************ Registry entries found: ************ No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished! HIJACKTHIS = Logfile of HijackThis v1.99.1 Scan saved at 13:21:22, on 11/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\Salon\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: McAfee Privacy Service Helper Object - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [start Natso Backup Pro 4.2] C:\Program Files\Natso Backup\natsobackup_pro.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sB Audigy 2 Startup Menu] /L:FRN O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barre Privacy - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe Inutile de dire que ce n'est toujours pas très explicite pour moi Bon je vais faire la même chose sur le portable pour le disque externe... Mais heu, il me semble tout de même que ces 2 utilitaires ne vérifient que le c dont je ne sais pas s'ils vont voir quelque chose sur le K... je ne suis pas très douée je l'avoue... Je m'y mets quand même A+ Mégataupe Mercurefi

Merci pour ta réponse super rapide, c'est sympa... en revanche mes manips à moi vont être plus longues puisque mon chéri a laissé le K sur le portable qui date de cromagnon... Donc il faut que je double les manips.. En revanche j'ai l'avantage d'avoir un 2ème portable (qui ne doit surtout pas être infecté) à portée de main pour suivre tes instructions. Je m'y mets A+ mercurefi

Hello Megataupe ! je te donne les news de la bataille qui a duré jusqu'à la moitié de la nuit = on a tout fait !!! mais alors tout ! desaction de la restauration, ewido & antivir => NADA ! rien ! sauf un seul et unique cookie chargé en même temps qu'ewido... qui s'en est occupé tout seul d'ailleurs pour le nettoyage. Antivir lui, ne trouve que des traces sur le c et rien sur le K on a lancé norton utilities qui s'est lamentablement endormi sur disque externe... on a même branché le DD externe sur un portable "formatable en cas de besoin". Les fichiers sont toujours illisibles.. et re ewido et re antivir (pour le coup ça prend des heures car le portable n'est pas de toute première jeunesse)... et alors là on ne sait plus.... fichiers toujours illisibles... le C a l'air de bien se comporter... On en est à se demander si on ne va pas formater le K (pour faire plaisir à spy sweeper qui nous a annoncé il y a 2 jours 390 traces de rootkit) et le rebrancher sur le C (tout en priant pour que rootkt revealer se soit trompé sur les 2 problèmes sur restore du c) quelqu'un a une idée de génie avant le carnage ??? Bonne journée

hello charles ingals et Rafiot et surtout merci pour votre aide Je suis tout à fait d'accord avec vous pour le fait qu'un rootkit n'a pas sa place dans un disqu externe mais bon.... après moult lancements de vérifs divers (inutile de dire que ça prend des heures sur mon disque externe..) voici le résultat des courses : disque c: - rien d'après antivir (mcafee non plus) - rien d'après activescan - rien d'après spy sweeper - le rapport hijackthis vous l'avez vu et il semble correct - rootkit revealer renvoie le rapport que j'ai posté hier soir : C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP244\A0027483.ini 04/12/2005 10:23 879 bytes Hidden from Windows API. C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP244\A0027484.mst 05/12/2005 23:18 disque externe (a se gâte) : - rien d'après antivir - rien d'après activescan - le rapport rootkit revealer affiche des kilomètres de fichiers (à vrai dire tous je pense) - spy sweeper affiche ceci = potentially rootkit-masked files" 390 traces au total (ça va croissant à chaque lancement....) - je n'ai pas lancé hijackthis car j'ai lu qu'il fallait le lancer sur le c les symptomes du k = presque la totalité des fichiers en fait sont masqués par l'explorer en mode normal. En affichage intégral ils sont planqués dans des repertoires found000 (001, 002...)\dir001 (002,003....). Les checkdisk et scandisk se plantent lamentablement et n'arrivent pas à tout récuperer (on peut se demander d'ailleurs s'ils n'agravent pas le problème) vous savez tout... je tente un norton utilities en espérant que ça ne va pas rajouter une couche au problème... mercurefi

bonjour a tous ma config est win XP pro avec un gros disque dur LaCie 500Go externe sur lequel est stocke de la musique. Apres plantage du disque externe passage des antivirus classiques puis des anti spyware Rootkit revealer donne un rapport sur le C: comme suit : C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP244\A0027483.ini 04/12/2005 10:23 879 bytes Hidden from Windows API. C:\System Volume Information\_restore{70A3E616-66D7-4803-AA41-29F0EE01E7E7}\RP244\A0027484.mst 05/12/2005 23:18 Je ne suis pas vraiment sur que ce rapport soit significatif de la presence d'un rootkit sur le disque C: merci de votre aide la dessus par ailleurs j'ai ensuite passe Hijackthis sur ce meme disque C qui renvoie le rapport suivant ..... attention les yeux !!!! Logfile of HijackThis v1.99.1 Scan saved at 21:46:59, on 09/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweepertrial\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: McAfee Privacy Service Helper Object - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [start Natso Backup Pro 4.2] C:\Program Files\Natso Backup\natsobackup_pro.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweepertrial\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sB Audigy 2 Startup Menu] /L:FRN O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barre Privacy - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweepertrial\WRSSSDK.exe et la c 'est du chinois pour moi !!!! si quelqu'un pouvait me dire si tout cela veut dire que je suis infecte par un rootkit ou pas... et si malheureusement c'etait le cas une traduction de ces rapports pour me dire cmment me debarasser du rootkit m'interesse aussi.. )) ensuite pour les plus courageux d'entre vous je veux bien une solution pour aller virer le rootkit qui est sur le disque externe !!! hijackthis ne fonctionnant pas sur le disque dur externe je ne peux pas vous en donner le rapport ici ! merci de vote aide a tous mercurefi