moicefilipevou

eh bien merci beaucoup de t'etre penché sur mon cas, j'aurais souhaité te remercier par une bonne bouteille de vin est-ce possible ? y'as il une adresse ou je peux envoyer quelque chose?

desolé j'etait en déplacement. l'ordi a lair de bien fonctionner... au fait c'est qui jack ? private joke ? en tous cas merci voila les derniers raports Logfile of HijackThis v1.99.1 Scan saved at 06:07:11, on 20/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Tablet.exe C:\WINNT\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe C:\WINNT\system32\VTTimer.exe C:\WINNT\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\WINNT\System32\svchost.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINNT\system32\WTablet\TabUserW.exe C:\Program Files\Starfish\TrueSync\TSTool.exe C:\Program Files\MediaKey\Versato.exe C:\Program Files\MediaKey\MePlayer.exe C:\Program Files\MediaKey\OSD.EXE C:\Program Files\eMule\emule.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtrdr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1 O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe O4 - Global Startup: TrueSync Launcher.lnk = C:\Program Files\Starfish\TrueSync\TSTool.exe O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@xiti[1].txt

ca marche pour system volume info voila le raport de escan File C:\WINNT\system32\auditchk.exe infected by "Backdoor.Win32.Rbot.apl" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{AF96BB91-5830-408E-9B81-E661F3129109}\RP18\A0006627.exe infected by "Backdoor.Win32.Rbot.apl" Virus. Action Taken: File Renamed.

voila le rapport de fsbl de la derniere fois 02/18/06 08:57:31 [info]: BlackLight Engine 1.0.32 initialized 02/18/06 08:57:31 [info]: OS: 5.1 build 2600 (Service Pack 2) 02/18/06 08:57:35 [Note]: 7019 4 02/18/06 08:57:35 [Note]: 7005 0 02/18/06 08:57:52 [Note]: 7006 0 02/18/06 08:57:52 [Note]: 7011 688 02/18/06 08:57:54 [Note]: FSRAW library version 1.7.1015 02/18/06 09:07:26 [Note]: 7007 0 et le nouveau regsearch REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 19/02/2006 13:33:56 for strings: ; 'wsbsvc' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Search Assistant\ACMru\5603] "004"="wsbsvc.exe" [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "d"="sc delete WSBSVC\\1" ; End Of The Log... bizarement je n'arive toujours pas a acceder a system volume information ?

bonjour charles j'ai instalé blacklight il n'y as pas toutes les options dont tu parle et apres le scan il ne detecte rien désolé

j'avais bien utilisé la killbox voila les nouveaux raports Logfile of HijackThis v1.99.1 Scan saved at 19:01:41, on 17/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Tablet.exe C:\WINNT\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe C:\WINNT\system32\VTTimer.exe C:\WINNT\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINNT\system32\WTablet\TabUserW.exe C:\Program Files\Starfish\TrueSync\TSTool.exe C:\Program Files\MediaKey\Versato.exe C:\Program Files\MediaKey\MePlayer.exe C:\Program Files\MediaKey\OSD.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtrdr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1 O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe O4 - Global Startup: TrueSync Launcher.lnk = C:\Program Files\Starfish\TrueSync\TSTool.exe O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 17/02/2006 19:02:36 for strings: ; 'upsa' ; 'wsbsvc' ; 'emm386.exe' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Intergraph\Applications\SmartSketch.Application\CLSID\{034AC932-2A96-11cf-9E1B-08003601E012}] @="HLayerGroupsApp Object" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] "Service"="WSBSVC" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] "Service"="WSBSVC" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] "Service"="WSBSVC" [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Search Assistant\ACMru\5603] "001"="wsbsvc.exe" [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "d"="sc delete WSBSVC\\1" ; End Of The Log...

je n'ai pas trouvé UPSA -TDQ mais UPSA tout court, je l'ai suprimé ci joint les raports Logfile of HijackThis v1.99.1 Scan saved at 05:39:04, on 17/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Tablet.exe C:\WINNT\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe C:\WINNT\system32\VTTimer.exe C:\WINNT\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINNT\system32\WTablet\TabUserW.exe C:\Program Files\Starfish\TrueSync\TSTool.exe C:\Program Files\MediaKey\Versato.exe C:\Program Files\MediaKey\MePlayer.exe C:\Program Files\MediaKey\OSD.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [svchost] C:\WINNT\system32\CONTRO~1.{21\emm386.exe install O4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtrdr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1 O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe O4 - Global Startup: TrueSync Launcher.lnk = C:\Program Files\Starfish\TrueSync\TSTool.exe O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 17/02/2006 05:35:50 for strings: ; 'upsa' ; 'upsa-tdq' ; 'wsbsvc' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Intergraph\Applications\SmartSketch.Application\CLSID\{034AC932-2A96-11cf-9E1B-08003601E012}] @="HLayerGroupsApp Object" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] "Service"="WSBSVC" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_UPSA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_UPSA\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_UPSA\0000] "Service"="UPSA" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_UPSA\0000] "DeviceDesc"="UPSA" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] "Service"="WSBSVC" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UPSA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UPSA] "DisplayName"="UPSA" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UPSA\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] "Service"="WSBSVC" [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Search Assistant\ACMru\5603] "001"="wsbsvc.exe" [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "d"="sc delete WSBSVC\\1" ; End Of The Log...

Logfile of HijackThis v1.99.1 Scan saved at 12:08:26, on 16/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Tablet.exe C:\WINNT\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\SymTray.exe C:\WINNT\system32\VTTimer.exe C:\WINNT\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINNT\system32\WTablet\TabUserW.exe C:\Program Files\Starfish\TrueSync\TSTool.exe C:\Program Files\MediaKey\Versato.exe C:\Program Files\MediaKey\MePlayer.exe C:\Program Files\MediaKey\OSD.EXE C:\WINNT\explorer.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtray.exe SetReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [svchost] C:\WINNT\system32\CONTRO~1.{21\emm386.exe install O4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\Symtrdr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1 O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe O4 - Global Startup: TrueSync Launcher.lnk = C:\Program Files\Starfish\TrueSync\TSTool.exe O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe O23 - Service: UPSA - TDQ - C:\WINNT\system32\CONTRO~1.{21\emm386.exe est ce que tu as fait ceci?=> sc delete WSBSVC oui je l'ai fait et il me repond le service spécifié n'existe pas en tant que service instalé pour le trojan il l'a mis en quarantaine

pour le fichier decouvet par panda=> effacé par contre pas de win subservice dans services.msc autre chose qui as peut etre de l'importance j'ai sur c: un dossier qui s'apelle "System Volume Information" quand je veut regarde dedant il me refuse l'acces alors que je suis administrateur de plus ce matin AVG (mon anti virus) a trouvé un trojan horse generic 00B dedans. et mon dique c reduit a vue d'oeuil en capacité j'ai perdu presque 1G depuis deux ou trois jour. C'est grave Docteur ?

ca a l'air de s'ameliorer seul hic je n'ai pas pu suprimer spootlv.exe il n'en veux pas tous les autres sont partis ainsi que -C:\WINNT\eeedo.exe => le fichier -C:\WINNT\surv3.exe => le fichier ci joint les raports REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 14/02/2006 19:35:02 for strings: ; 'microsoft media tools ' ; 'network monitor ' ; 'win subservice' ; '{21ec2020-3aea-1069-a2dd-08002b30309d} ' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" ; End Of The Log... Incident Statut Analyse Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Ph B\Cookies\[email protected][1].txt Spyware:Cookie/Versiontracker No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@versiontracker[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@xiti[1].txt Adware:Adware/IST.YourSiteBar No Désinfecté C:\Documents and Settings\Ph B\Local Settings\Temporary Internet Files\Content.IE5\YLWNYT25\CADF3DNH.HTM

je ne comprend pas vraiement ce qui se passe je fait comme tu me dit (j'obtient bien le logo de la base de registre pour le fichier reg) et j'obtiens cela pour la recherche apres avoir fait un remove EGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 13/02/2006 21:00:19 for strings: ; 'microsoft media tools' ; 'network monitor' ; 'win subservice' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSBSVC] "DisplayName"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WSBSVC] "DisplayName"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSBSVC] "DisplayName"="Win SubService" ; End Of The Log... peut etre que cela n'a pas d'importance mais je n'ai pas desactivé la restoration du systeme pour ce qui est de wsbsvc impossible a trouver c'est comme ipreg32 le dossier a une icone diferente que les autres et il n'y a que des programes a l'interieur le seul wsbsvc que je trouve est c:\winnt\prefetch\WSBSVC.EXE-22FA4FAD.pf le resultat du regsearch est le suivant REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 13/02/2006 20:54:03 for strings: ; '{21ec2020-3aea-1069-a2dd-08002b30309d}' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\DefaultIcon] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\shellex] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\shellex\ExtShellFolderViews] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\shellex\ExtShellFolderViews\{5984FFE0-28D4-11CF-AE66-08002B2E1262}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\ShellFolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer] "ValueName"="{21EC2020-3AEA-1069-A2DD-08002B30309D}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSSHAudioDevHandler] "InitCmdLine"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\\::{640167b4-59b0-47a6-b335-a6b3c0695aea}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons] "{21EC2020-3AEA-1069-A2DD-08002B30309D}"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\Controls] @="{21EC2020-3AEA-1069-A2DD-08002B30309D}" [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons] "{21EC2020-3AEA-1069-A2DD-08002B30309D}"=dword:00000001 [HKEY_USERS\S-1-5-21-220523388-1123561945-839522115-1000\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{21EC2020-3AEA-1069-A2DD-08002B30309D}] ; End Of The Log... le resultat d'ewido est le suivant ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 20:38:25, 13/02/2006 + Somme de contrôle: 3ABA36A5 + Résultats du scan: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winds_24 -> Adware.CoolWebSearch : Nettoyer et sauvegarder HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\philippebloesch@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\philippebloesch@2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\philippebloesch@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\philippebloesch@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\[email protected][1].txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\philippebloesch@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\philippebloesch@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\philippebloesch@weborama[2].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Ph B\Cookies\[email protected][1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\WINNT\system32\70tovmto.ini -> Adware.Sahat : Nettoyer et sauvegarder C:\WINNT\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\TDbot.dll -> Backdoor.Subot.a : Nettoyer et sauvegarder D:\hihan\definitif\photomodeler bizarre\PhotoModeler Pro v5.0(1)\SVCHOST.EXE -> Not-A-Virus.HackTool.Win32.SFind.0921 : Nettoyer et sauvegarder D:\INSTALL PC 8mai2003\_ INTERNET\Gozilla\GOZILLA.EXE -> Adware.Aureate : Nettoyer et sauvegarder D:\INSTALL PC 8mai2003\_ INTERNET\get right\RGL15.EXE/TSUninst.exe -> Adware.TimeSink : Erreur durant le nettoyage D:\INSTALL PC 8mai2003\_ INTERNET\get right\RGL15.EXE/TSUninst.exe -> Adware.TimeSink : Erreur durant le nettoyage D:\INSTALL PC 8mai2003\_ INTERNET\eudora pro 3 fr\EUDPASS.COM -> Not-A-Virus.HackTool.DOS.Eudpass : Nettoyer et sauvegarder D:\INSTALL PC 8mai2003\_ INTERNET\eudora pro 3 fr\EUDPASS.ZIP/EUDPASS.COM -> Not-A-Virus.HackTool.DOS.Eudpass : Erreur durant le nettoyage D:\INSTALL PC 8mai2003\_ INTERNET\eudora mot de passe\EUDPASS.COM -> Not-A-Virus.HackTool.DOS.Eudpass : Nettoyer et sauvegarder ::Fin du rapport et le nouveau raport de panda Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@xiti[1].txt Spyware:Spyware/Iehelp No Désinfecté C:\WINNT\Downloaded Program Files\ipreg32.inf Virus Eventuel. No Désinfecté C:\WINNT\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\wsbsvc.exe j'en perd mon latin comme on dit....

pour -C:\windows\winsys.exe => le fichier -C:\WINNT\Downloaded Program Files\ipreg32.inf => le fichier j'ai fait tout ce qui suit mais ils ne sont pas apparu. Mystere... Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage : Activer la case : Afficher les fichiers et dossiers cachés Désactiver la case : Masquer les extensions des fichiers dont le type est connu Désactiver la case : Masquer les fichiers protégés du système d'exploitation Puis Appliquer voicy le nouveau raport de reg REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 06/02/2006 18:08:45 for strings: ; 'microsoft media tools' ; 'network monitor' ; 'win subservice' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" ; End Of The Log... et celui de panda activescan Incident Statut Analyse Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@serving-sys[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@xiti[1].txt Spyware:Spyware/Iehelp No Désinfecté C:\WINNT\Downloaded Program Files\ipreg32.inf Spyware:Spyware/Media-motor No Désinfecté C:\WINNT\eeedo.exe Spyware:Spyware/Media-motor No Désinfecté C:\WINNT\eeedo.exe[eee2.exe] Spyware:Spyware/Media-motor No Désinfecté C:\WINNT\surv3.exe Virus Eventuel. No Désinfecté C:\WINNT\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\wsbsvc.exe

bon alors j'ai fait un scan panda sur le deuxieme disque pas de soucis par contre je n'ai pas trouvé winsys.exe (il y a un repertoire winsys mais pas un fichier ipreg32.inf (pas vu malgré le raport) j'ai vidé le repertoire content IE5 mais je n'ai pas trouvé de fichier index.dat a conserver mais un fichier desktop.ini UCmore - the search Accelerator n'etait pas un fichier mùais un repertoire (je l'ai suprimé) jai fait un regsearch dont voici le resultat REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 05/02/2006 09:42:54 for strings: ; 'microsoft media tools' ; 'network monitor' ; 'win subservice' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" ; End Of The Log... par contre j'ai fait de nouveau un scan pada et voici le resultat avec des "bebetes"[/color Incident Statut Analyse Spyware:Cookie/Adtech No Désinfecté C:\RECYCLER\S-1-5-21-220523388-1123561945-839522115-1000\Dc1323.txt Spyware:Cookie/Xiti No Désinfecté C:\RECYCLER\S-1-5-21-220523388-1123561945-839522115-1000\Dc1359.txt Spyware:Spyware/Iehelp No Désinfecté C:\WINNT\Downloaded Program Files\ipreg32.inf Spyware:spyware/media-motor No Désinfecté C:\WINNT\ubber60.ini Adware:Adware/SearchAid No Désinfecté C:\WINNT\uninstall_nmon.vbs Adware:Adware/SBSoft No Désinfecté C:\WINNT\webdlg32.dll Adware:Adware/SBSoft No Désinfecté C:\WINNT\webdlg32.inf Adware:Adware/Puper No Désinfecté C:\WINNT\winsx.dll Adware:Adware/Popup.pop No Désinfecté C:\WINNT\winsx.inf bizare pour ipreg32.inf Downloaded Program Files est un repertoire avec le sigle e d'explorer et ipreg32.inf n'est pas dedans et puis encore merci de m'aider a soigner ma machine

voila le rapport de panda cette nuit j'en lancerait un autre sur mon disque de donnée Incident Statut Analyse Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@adtech[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Ph B\Cookies\philippebloesch@xiti[1].txt Adware:Adware/Maxifiles No Désinfecté C:\mc-110-12-0000141.exe Virus:Trj/Lowzones.OL Désinfecté C:\windows\winsys.exe Spyware:Spyware/Iehelp No Désinfecté C:\WINNT\Downloaded Program Files\ipreg32.inf Adware:Adware/CommAd No Désinfecté C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WHY30DEB\installer[1].exe Adware:Adware/Ucmore No Désinfecté C:\WINNT\system32\config\systemprofile\Menu Démarrer\Programmes\UCmore - The Search Accelerator\How To Uninstall.lnk Adware:Adware/Ucmore No Désinfecté C:\WINNT\system32\config\systemprofile\Menu Démarrer\Programmes\UCmore - The Search Accelerator\UCmore Tour.lnk Adware:Adware/CWS.Searchmeup No Désinfecté C:\WINNT\system32\dsmanager.dll Virus:W32/Sdbot.ftp Désinfecté C:\WINNT\system32\i

voici le raport de regsearch REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 04/02/2006 11:03:30 for strings: ; 'microsoft media tools' ; 'network monitor' ; 'win subservice' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}] "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MicroSoft Media Tools] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MicroSoft Media Tools] "DisplayName"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MicroSoft Media Tools] "Description"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MicroSoft Media Tools\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MicroSoft Media Tools\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor] "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSBSVC] "DisplayName"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MicroSoft Media Tools] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MicroSoft Media Tools] "DisplayName"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MicroSoft Media Tools] "Description"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MicroSoft Media Tools\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor] "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WSBSVC] "DisplayName"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "Service"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_MEDIA_TOOLS\0000] "DeviceDesc"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSBSVC\0000] "DeviceDesc"="Win SubService" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicroSoft Media Tools] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicroSoft Media Tools] "DisplayName"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicroSoft Media Tools] "Description"="MicroSoft Media Tools" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicroSoft Media Tools\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicroSoft Media Tools\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSBSVC] "DisplayName"="Win SubService" ; End Of The Log... pour spootlv.exe j'ai fait ce que tu as dit (je l'avais deja fait avant) et toujours pas de nouvelles pour le scan je recomence je viens de planter