obelix 26

bravo, il semblerai que tu en es venu à bout: je n'ai plus d'alarmes ni d'alertes depuis la semaine derniére et tous les scans que je fais sont sans détection de virus ou autres malware. un grand merci pour tout le temps que tu m'as consacré. je pense que j'essayerai de finir la mise au propre du Pc après les vacances. bonnes vacances à toute l'équipe

pour l'instant non. A valider sur 1 ou 2 jours. apres, je pense que je vais vider la quarantaine de antivir, nettoyer le pc et faire une sauvegarde du disque sur un DD externe. Merci pour tout.

re bonsoir, je viends de refaire un scan antivir et "miracle", il n'a plus rien detecté alors qu'hier soir, il a mis 2 trojan en quarantaine. peut etre le bout du tunnel!!

bonsoir, voici le rapport demandé Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:49:24, on 08/07/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\Dit.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\christian\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://www.pandasoftware.fr O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B41F00E-5A0D-431C-9A32-01936CA06AA3}: NameServer = 86.64.145.142 84.103.237.142 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9490 bytes

bonsoir, voici le log de MBAM, il a trouvé 4 infections.lors de la mise en quarantaine, j'ai eu un message d'erreur qui m'a demandé de supprimer les fichiers au redemarrage du pc. Ce que j'ai fait.Maintenant, Zone alarmes me signale que MBAM tente d'empecher Windows update de s'executer à chaque démarrage de l'ordi. Que dois je lui répondre?? Malwarebytes' Anti-Malware 1.19 Version de la base de données: 930 Windows 5.1.2600 Service Pack 1 18:51:46 07/07/2008 mbam-log-7-7-2008 (18-51-46).txt Type de recherche: Examen complet (C:\|D:\|E:\|N:\|) Eléments examinés: 112736 Temps écoulé: 40 minute(s), 25 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Update (Backdoor.Bot) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.Bot) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Windows Update (Backdoor.Bot) -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\ssms.exe (Backdoor.Bot) -> Delete on reboot.

bonjour, voici le rapport de mon scan antivir. Il n'a rien détecté de nouveau. C'est marrant que dans le rapport il n'apparaisse pas les fichiers en quarantaine. "Ce choix n'est proposé qu'à la première détection lorsqu'on choisit un scan complet ": si c'est le tout premier scan, c'est rapé car j'en ai déjà fait plusieur avec cette méthode de démarrage. bon week end Avira AntiVir Personal Report file date: samedi 5 juillet 2008 09:34 Scanning for 1378724 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NOM_ORDINATEUR Version information: BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 09:44:03 ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 14:52:32 ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 14:52:33 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 12:42:02 AESCN.DLL : 8.1.0.22 119157 Bytes 28/06/2008 09:44:41 AERDL.DLL : 8.1.0.20 418165 Bytes 28/06/2008 09:44:39 AEPACK.DLL : 8.1.1.6 364918 Bytes 28/06/2008 09:44:33 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 28/06/2008 09:44:29 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 12:41:59 AEHELP.DLL : 8.1.0.15 115063 Bytes 28/06/2008 09:44:16 AEGEN.DLL : 8.1.0.29 307573 Bytes 28/06/2008 09:44:14 AEEMU.DLL : 8.1.0.6 430451 Bytes 28/06/2008 09:44:11 AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 12:41:46 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 5 juillet 2008 09:34 Starting search for hidden objects. '45400' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'msmoney.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'SmartUI.exe' - '1' Module(s) have been scanned Scan process 'DitExp.exe' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'Dit.exe' - '1' Module(s) have been scanned Scan process 'point32.exe' - '1' Module(s) have been scanned Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'brss01a.exe' - '1' Module(s) have been scanned Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 36 processes with 36 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '34' files ). Starting the file scan: Begin scan in 'C:\' <BOOT> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <BACKUP> Begin scan in 'E:\' <RECOVER> End of the scan: samedi 5 juillet 2008 10:24 Used time: 49:28 min The scan has been done completely. 6086 Scanning directories 344804 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 344804 Files not concerned 7551 Archives were scanned 6 Warnings 0 Notes 45400 Objects were scanned with rootkit scan 0 Hidden objects were found

non, je ne pensais pas partir, je voulais juste valider avec un peut de temps. pendant que je bossais, j'ai eu 4 alertes antivir. - Worm/Vanbot.AX.215 dans C:/..../sytem32/iexplorer.exe et dans C:/.../system32/TFTP2488 - TR/crypt.NSPM.Gen dans C:/..../system32/crdyq.exe - Windows virus W32/Virut.AX dans c:/..../system32/oumj.exe ils sont tous en quarantaine. Je n'ai pas encore fait de scan complet avec antivir car il se fait tard. Par contre, je fais les MAJ tous les jours et sur ma version, je n'ai pas l'option de valider le choix pour toutes les autres détections comme c'est indiqué dans le tuto.!! nota: apres avoir eu ces alertes, j'ai refait un scan avec Drweb-cureit qui n'a rien trouvé

bonjour, je n'ai pas répondu hier car apres avoir fait un scan de presque 2 heures, la seule chose qui n'a pas fonctionné c'est la sauvegarde du rapport. (il avait trouvé 2 fichiers infectés qui ont été mis en quarantaine) j'ai refait un scan aujourd'hui qui n'a plus rien détecté. depuis le scan d'hier, je n'ai plus d'alerte antivir. Il semblerait donc que les choses rentrent dans l'ordre de ce coté. Il ne me reste plus qu'a vérifier que mes progs tournent sans problèmes maintenant. reste a valider 2 à 3 jours sans alarmes pour etre sur. en tout cas un grand merci pour ton aide et ton efficacité

bonjour, j'ai fait un scan avec rmvirut qui " à prioris" n'a rien trouvé mais il y a des fichiers qu'il n'a pas pu ouvrir. lorsque j'ai voulu revenir pour donner le résultat, je ne pouvait plus acceder en tant que connecté dès que je voulais venir sur ce post. Je suis aller voir sur clubic où j'ai trouvé Combofix que j'ai lancé en mode sans echec (car sinon reboot du Pc) qui m'a supprimé 11 fichiers dans system32. Voici son log ComboFix 08-06-30.2 - christian 2008-07-01 21:10:39.2 - NTFSx86 MINIMAL Endroit: C:\Documents and Settings\christian\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ass.exe C:\WINDOWS\system32\wbt.exe C:\WINDOWS\system32\wmsoft04822.exe C:\WINDOWS\system32\wmsoft14323.exe C:\WINDOWS\system32\wmsoft21705.exe C:\WINDOWS\system32\wmsoft27153.exe C:\WINDOWS\system32\wmsoft36806.exe C:\WINDOWS\system32\wmsoft52245.exe C:\WINDOWS\system32\wmsoft53374.exe C:\WINDOWS\system32\wmsoft71863.exe C:\WINDOWS\system32\wmsoft76554.exe C:\WINDOWS\system32\wmsoft78134.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))))))) . 2008-07-01 20:58 . 2008-07-01 20:58 63,488 --ah----- C:\WINDOWS\system32\ipftaa.exe 2008-07-01 20:58 . 2008-07-01 20:58 124 --a------ C:\WINDOWS\system32\ooimhqba.bat 2008-06-30 15:02 . 2008-06-30 15:02 123 --a------ C:\WINDOWS\system32\athljxa.bat 2008-06-30 14:54 . 2008-06-30 14:54 118 --a------ C:\WINDOWS\system32\bmpek.bat 2008-06-30 14:46 . 2008-06-30 14:46 125 --a------ C:\WINDOWS\system32\wxyjju.bat 2008-06-30 14:01 . 2008-06-30 14:01 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-29 17:31 . 2008-06-29 17:31 126 --a------ C:\WINDOWS\system32\gina.bat 2008-06-29 17:23 . 2008-06-29 17:23 128 --a------ C:\WINDOWS\system32\xhzihf.bat 2008-06-28 14:40 . 2008-06-28 14:40 66 --a------ C:\WINDOWS\system32\wbt.inf 2008-06-28 14:27 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2008-06-28 14:27 . 2002-08-29 02:01 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys 2008-06-28 14:27 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2008-06-28 14:27 . 2002-08-29 01:32 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys 2008-06-28 14:13 . 2008-06-28 14:13 0 -ra------ C:\WINDOWS\system32\TFTP3912 2008-06-28 11:40 . 2008-06-28 11:40 129 --a------ C:\WINDOWS\system32\yimrxzy.bat 2008-06-28 11:29 . 2008-06-28 11:29 <REP> d-------- C:\Program Files\Avira 2008-06-28 11:29 . 2008-06-28 11:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-27 21:44 . 2008-06-27 21:44 123 --a------ C:\WINDOWS\system32\nhfx.bat 2008-06-27 21:35 . 2008-06-27 21:35 125 --a------ C:\WINDOWS\system32\vpftrn.bat 2008-06-27 21:25 . 2008-06-27 21:25 127 --a------ C:\WINDOWS\system32\hkeawdui.bat 2008-06-27 21:15 . 2008-06-27 21:15 120 --a------ C:\WINDOWS\system32\apug.bat 2008-06-27 20:27 . 2004-08-03 14:02 169,240 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2008-06-27 20:25 . 2008-06-27 21:04 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-06-27 20:19 . 2008-07-01 21:00 80 --a------ C:\WINDOWS\system32\i 2008-06-27 20:13 . 2008-06-30 14:01 <REP> d-------- C:\WINDOWS\LastGood 2008-06-27 20:00 . 2008-06-27 20:00 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2008-06-27 18:36 . 2002-08-30 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-06-27 18:35 . 2001-08-23 17:47 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll 2008-06-27 18:33 . 2008-06-27 18:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-06-27 18:33 . 2008-06-27 18:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-06-27 18:33 . 2008-06-27 18:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-06-27 18:33 . 2008-06-27 18:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-06-27 18:33 . 2008-06-27 18:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-06-27 18:31 . 2002-08-30 14:00 1,172,992 --a--c--- C:\WINDOWS\system32\dllcache\comsvcs.dll 2008-06-27 18:22 . 2002-08-30 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-06-27 18:22 . 2002-08-30 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-06-27 18:22 . 2002-08-30 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-06-27 18:22 . 2002-08-30 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2008-06-25 11:11 . 2008-06-27 15:34 2,395 --a------ C:\WINDOWS\setupapi.old 2008-06-25 00:11 . 2008-06-25 00:11 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-24 23:30 . 2008-06-24 23:51 <REP> d-------- C:\Program Files\Trojan Remover 2008-06-23 19:03 . 2008-06-24 23:52 <REP> d-------- C:\Program Files\Fichiers communs\Seagate 2008-06-07 17:17 . 2008-06-07 17:17 <REP> d--h----- C:\WINDOWS\PIF 2008-06-07 17:13 . 2008-06-07 17:13 1,680 --a------ C:\WINDOWS\system32\esnecil.nlp 2008-06-07 17:13 . 2008-06-08 10:12 1,680 --a------ C:\WINDOWS\system32\esnecil.ind 2008-06-07 17:13 . 2008-06-07 17:13 4 --a------ C:\WINDOWS\vx86036.dat 2008-06-07 17:12 . 2008-06-17 23:46 <REP> d-------- C:\Program Files\Stellar Phoenix Windows Data Recovery 2008-06-07 17:12 . 1999-06-18 23:49 165,888 --a------ C:\WINDOWS\Ckconfig.exe 2008-06-07 17:12 . 2006-03-01 03:10 69,632 --a------ C:\WINDOWS\system32\Crypserv.exe 2008-06-07 17:12 . 2006-01-10 04:47 31,846 --a------ C:\WINDOWS\system32\Ckldrv.sys 2008-06-07 17:12 . 1996-05-03 19:21 27,648 -ra------ C:\WINDOWS\Setup_ck.exe 2008-06-07 17:12 . 1996-05-03 17:36 18,432 --a------ C:\WINDOWS\Setup_ck.dll 2008-06-07 17:12 . 1995-07-04 20:33 11,776 --a------ C:\WINDOWS\Ckrfresh.exe 2008-06-07 17:12 . 2008-06-07 17:12 71 --a------ C:\WINDOWS\Crypkey.ini 2008-06-07 15:22 . 2003-07-06 13:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-06-07 15:22 . 2003-07-06 13:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-06-07 15:22 . 2003-07-06 15:25 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData 2008-06-07 15:22 . 2006-03-05 11:42 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-06-07 15:22 . 2005-01-30 19:14 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-06-07 15:22 . 2003-07-06 13:43 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-06-07 15:22 . 2003-07-14 12:06 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-06-07 15:22 . 2008-06-10 19:44 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-06-07 15:22 . 2003-07-06 13:51 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust 2008-06-07 15:22 . 2003-07-06 15:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink 2008-06-07 15:22 . 2008-06-07 15:22 <REP> d-------- C:\Documents and Settings\Administrateur . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 09:29 3,917,312 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp 2008-06-28 09:29 133,120 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp 2008-06-27 17:07 424,960 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp 2008-06-24 21:51 --------- d-----w C:\Program Files\Lavasoft 2008-06-20 15:09 481,792 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp 2008-06-20 15:09 3,874,304 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp 2008-06-17 21:23 2,980,352 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp 2008-06-17 21:12 20,885,785 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-04 16:03 --------- d-----w C:\Program Files\MP3 Player Utilities 3.75 2008-05-29 15:54 3,836,416 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp 2008-05-28 20:00 --------- d-----w C:\Program Files\C-Media 2008-05-28 19:23 3,820,032 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp 2008-05-28 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-05-28 11:13 --------- d-----w C:\Documents and Settings\christian\Application Data\Zylom 2008-05-28 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2008-05-25 17:07 3,790,848 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp 2008-05-25 17:07 3,228,160 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp 2008-05-25 17:04 3,790,848 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-05-25 16:53 --------- d-----w C:\Program Files\UbiSoft 2008-05-19 13:29 --------- d-----w C:\Documents and Settings\christian\Application Data\gtk-2.0 2008-05-10 16:14 --------- d-----w C:\Program Files\TomTom HOME 2008-05-10 16:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-10 16:12 --------- d-----w C:\Documents and Settings\christian\Application Data\InstallShield 2008-05-10 15:43 --------- d-----w C:\Documents and Settings\christian\Application Data\TomTom 2008-05-08 13:56 3,708,416 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-05-02 19:55 --------- d-----w C:\Program Files\PDFCreator 2008-05-01 19:13 --------- d-----w C:\Program Files\GIMP-2.0 2008-04-25 19:36 3,493,888 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-04-19 06:16 3,398,144 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-03-09 15:51 64,120 ----a-w C:\Documents and Settings\christian\Application Data\GDIPFONTCACHEV1.DAT 2007-11-16 07:07 60,232 ----a-w C:\Documents and Settings\brigitte\Application Data\GDIPFONTCACHEV1.DAT 2007-11-13 16:30 60,232 ----a-w C:\Documents and Settings\marie\Application Data\GDIPFONTCACHEV1.DAT 2007-02-10 10:30 87,608 ----a-w C:\Documents and Settings\christian\Application Data\ezpinst.exe 2007-02-10 10:30 47,360 ----a-w C:\Documents and Settings\christian\Application Data\pcouffin.sys 2001-11-23 10:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2006-03-31 16:51 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2003-06-30 17:35 29952 eddca9c72f1e7f2e2e2ab6ad7106c4a5 C:\WINDOWS\system32\drivers\ip6fw.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "SetDefPrt"="C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 15:31 40960] "PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-07-08 11:10 45108] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-07-08 11:41 36864] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-27 20:42 98304] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 16:19 4640768] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-05-02 16:19 49152] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "nwiz"="nwiz.exe" [2003-05-02 16:19 323584 C:\WINDOWS\system32\nwiz.exe] "Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe] "AdslTaskBar"="stmctrl.dll" [2005-02-11 10:38 167936 C:\WINDOWS\system32\stmctrl.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-30 14:00 13312] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-07-29 16:14:16 499773] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-06 17:07:12 1572864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "vidc.xvid"= xvid.dll R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11] R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-30 14:00] S3 AntiAries;Anti Aries Helper Driver;C:\WINDOWS\System32\drivers\RKLB.tmp.sys [2007-02-16 14:42] S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 22:12] S3 BrSerWDM;Pilote série Brother;C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2001-08-17 22:12] S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 22:12] S3 BrUsbScn;Pilote de scanneur Brother MFC USB;C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 22:12] S3 Fadpu16E;Fadpu16E;C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Fadpu16E.sys [] S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe [2002-08-30 14:00] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 03:52] S3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys [2004-11-16 16:48] S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys [2005-04-19 15:54] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 02:48] *Newly Created Service* - NVCAP *Newly Created Service* - NVXBAR . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl,CMICtrlWnd ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 21:13:36 Windows 5.1.2600 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-01 21:15:08 ComboFix-quarantined-files.txt 2008-07-01 19:14:54 Pre-Run: 30,202,646,528 octets libres Post-Run: 30,240,288,768 octets libres 194 --- E O F --- 2008-06-17 21:36:59 je ne vai pas surcharger ce message avec le log de rmvirut. connais tu Vundofix? je l'ai aussi trouvé sur clubic mais lorsque je le lance depuis le bureau, j'ai un message d'erreur:"Vundofix.exe n'est pas une application Win32 valide" merci

Je pense avoir sauvegarder sur la 2° partition du DD (D) les dossiers "mes documents" de chaque utilisateur.

merci, je viens d'essayer. Lors du scan en ligne, j'ai eu plein d'allertes antivir mon pc a re booter suite à la mise en quarantaine du message suivant: 30/06/2008,16:04:33 [WARNING] Is the Trojan horse TR/Crypt.PCMM.Gen! C:\WINDOWS\system32\rghmal.exe J'ai aussi eu des messages de mon parfeu kksnzo.exe tente d'acceder à internet. Faut il l'authoriser?? S'agit il de Kasperski? j'ai toujours verrouillé l'accès à internet. j'attends de tes nouvelles avant de recommencer car c'est un peu énervant quand ça plante au bout de presque 2 heures en attendant, je te joins le log de Antivir merci 28/06/2008,11:34:27 --------------------------------------------------------- 28/06/2008,11:34:34 Keyfile contains a valid license. The Avira AntiVir Personal – Free Antivirus will run as a fully functional version! 28/06/2008,11:34:34 AntiVir Guard version: 8.00.01.15,engine version 8.1.0.28,VDF version: 7.0.3.68 28/06/2008,11:34:36 AntiVir Guard was enabled. 28/06/2008,11:34:36 Avira AntiVir Personal – Free Antivirus has been started successfully! 28/06/2008,11:34:36 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,11:36:03 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,11:36:29 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,11:40:15 [WARNING] Is the Trojan horse TR/Crypt.PCMM.Gen! C:\WINDOWS\system32\oxliehfp.exe [iNFO] No right to access the file. 28/06/2008,11:40:47 [WARNING] Is the Trojan horse TR/Crypt.PCMM.Gen! C:\WINDOWS\System32\spoolsvc.exe [iNFO] No right to access the file. 28/06/2008,11:39:48 [WARNING] Is the Trojan horse TR/Crypt.PCMM.Gen! C:\WINDOWS\system32\oxliehfp.exe [iNFO] No right to access the file. 28/06/2008,11:41:44 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\Documents and Settings\christian\Mes documents\jcywy.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 28/06/2008,11:45:21 Avira AntiVir Personal – Free Antivirus service has been stopped! 28/06/2008,11:45:34 --------------------------------------------------------- 28/06/2008,11:45:39 Keyfile contains a valid license. The Avira AntiVir Personal – Free Antivirus will run as a fully functional version! 28/06/2008,11:45:39 AntiVir Guard version: 8.00.01.15,engine version 8.1.0.59,VDF version: 7.0.5.17 28/06/2008,11:45:41 AntiVir Guard was enabled. 28/06/2008,11:45:41 Avira AntiVir Personal – Free Antivirus has been started successfully! 28/06/2008,11:45:41 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,11:45:47 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,14:02:53 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,14:41:02 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP3\A0001696.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 28/06/2008,14:41:09 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP3\A0001698.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 28/06/2008,14:46:05 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,14:59:05 Avira AntiVir Personal – Free Antivirus service has been stopped! 28/06/2008,18:49:09 --------------------------------------------------------- 28/06/2008,18:49:21 Keyfile contains a valid license. The Avira AntiVir Personal – Free Antivirus will run as a fully functional version! 28/06/2008,18:49:21 AntiVir Guard version: 8.00.01.15,engine version 8.1.0.59,VDF version: 7.0.5.17 28/06/2008,18:49:23 AntiVir Guard was enabled. 28/06/2008,18:49:23 Avira AntiVir Personal – Free Antivirus has been started successfully! 28/06/2008,18:49:23 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 28/06/2008,19:39:08 Avira AntiVir Personal – Free Antivirus service has been stopped! 29/06/2008,15:16:02 --------------------------------------------------------- 29/06/2008,15:16:09 Keyfile contains a valid license. The Avira AntiVir Personal – Free Antivirus will run as a fully functional version! 29/06/2008,15:16:09 AntiVir Guard version: 8.00.01.15,engine version 8.1.0.59,VDF version: 7.0.5.17 29/06/2008,15:16:10 AntiVir Guard was enabled. 29/06/2008,15:16:10 Avira AntiVir Personal – Free Antivirus has been started successfully! 29/06/2008,15:16:10 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 29/06/2008,15:21:39 Avira AntiVir Personal – Free Antivirus service has been stopped! 29/06/2008,15:21:42 --------------------------------------------------------- 29/06/2008,15:21:44 Keyfile contains a valid license. The Avira AntiVir Personal – Free Antivirus will run as a fully functional version! 29/06/2008,15:21:44 AntiVir Guard version: 8.00.01.18,engine version 8.1.0.59,VDF version: 7.0.5.18 29/06/2008,15:21:46 AntiVir Guard was enabled. 29/06/2008,15:21:46 Avira AntiVir Personal – Free Antivirus has been started successfully! 29/06/2008,15:21:46 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 29/06/2008,15:21:46 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 29/06/2008,16:49:54 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\WINDOWS\system32\bhtg.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 29/06/2008,17:01:34 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\WINDOWS\system32\cpmf.exe [ERROR] Unable to copied the file to the quarantine directory: [iNFO] No right to access the file. 29/06/2008,17:23:01 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\WINDOWS\system32\xoushgbg.exe [iNFO] No right to access the file. 29/06/2008,17:31:16 [WARNING] Contains detection pattern of the worm WORM/Bobax.AL! C:\WINDOWS\TEMP\~DF10.tmp [iNFO] No right to access the file. 29/06/2008,17:31:27 [WARNING] Contains detection pattern of the worm WORM/Bobax.AG.1! C:\WINDOWS\TEMP\~F.tmp.exe [iNFO] No right to access the file. 29/06/2008,17:30:46 [WARNING] Contains detection pattern of the worm WORM/Bobax.AG.1! C:\WINDOWS\system32\vmwgfuqh.exe [iNFO] No right to access the file. 29/06/2008,17:54:50 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\windows\system32\logon.exe [iNFO] No right to access the file. 29/06/2008,18:08:08 [WARNING] Contains detection pattern of the worm WORM/Bobax.AG.1! C:\WINDOWS\system32\vmwgfuqh.exe [iNFO] No right to access the file. 29/06/2008,18:26:49 [WARNING] Contains detection pattern of the worm WORM/Bobax.AG.1! C:\WINDOWS\TEMP\~F.tmp.exe [iNFO] No right to access the file. 29/06/2008,18:27:27 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\WINDOWS\system32\xoushgbg.exe [iNFO] No right to access the file. 29/06/2008,19:38:01 [WARNING] Contains detection pattern of the worm WORM/Bobax.AG.1! C:\WINDOWS\TEMP\~F.tmp.exe [iNFO] No right to access the file. 29/06/2008,20:06:31 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP4\A0001881.exe [iNFO] No right to access the file. 29/06/2008,20:20:07 Avira AntiVir Personal – Free Antivirus service has been stopped! 30/06/2008,13:54:50 --------------------------------------------------------- 30/06/2008,13:54:55 Keyfile contains a valid license. The Avira AntiVir Personal – Free Antivirus will run as a fully functional version! 30/06/2008,13:54:55 AntiVir Guard version: 8.00.01.18,engine version 8.1.0.59,VDF version: 7.0.5.18 30/06/2008,13:54:56 AntiVir Guard was enabled. 30/06/2008,13:54:57 Avira AntiVir Personal – Free Antivirus has been started successfully! 30/06/2008,13:54:57 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 30/06/2008,14:00:18 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\nhwbv.exe [iNFO] No right to access the file. 30/06/2008,14:04:28 Update process started! 30/06/2008,14:04:31 Current Engine Version: 8.1.0.59 30/06/2008,14:04:31 Current Pattern File: 7.0.5.23 30/06/2008,14:04:31 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 30/06/2008,14:18:05 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\gvpoxcs.exe [iNFO] No right to access the file. 30/06/2008,14:27:05 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\kksnzo.exe [iNFO] No right to access the file. 30/06/2008,14:28:32 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\SYSTEM32\KKSNZO.EXE [iNFO] No right to access the file. 30/06/2008,14:36:06 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\mjfsu.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,14:45:02 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\jddzviy.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:05:28 [ERROR] Unable to delete the file: C:\WINDOWS\system32\jddzviy.exe Error description: 0x00000005 - Accès refusé. 30/06/2008,15:02:18 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\blgpgc.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,14:53:50 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\sdhuw.exe [iNFO] No right to access the file. 30/06/2008,15:12:04 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP4\A0001881.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:12:11 [WARNING] Is the Trojan horse TR/Crypt.XPACK.Gen! C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP4\A0001882.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:21:02 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\vtpwhq.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:21:49 Update process started! 30/06/2008,15:21:57 Current Engine Version: 8.1.0.59 30/06/2008,15:21:57 Current Pattern File: 7.0.5.25 30/06/2008,15:21:58 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 30/06/2008,15:32:54 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\jddzviy.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:33:32 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\kksnzo.exe [iNFO] No right to access the file. 30/06/2008,15:34:50 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\sdhuw.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:35:33 [WARNING] Contains detection pattern of the worm WORM/Bobax.AG.1! C:\WINDOWS\system32\vmwgfuqh.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:36:06 [WARNING] Contains detection pattern of the worm WORM/Bobax.AG.1! C:\WINDOWS\TEMP\~F.tmp.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:38:31 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\qfvef.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:47:08 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\bddfwbwp.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:55:54 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\lvaqg.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,15:56:36 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 30/06/2008,16:04:33 [WARNING] Is the Trojan horse TR/Crypt.PCMM.Gen! C:\WINDOWS\system32\rghmal.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted. 30/06/2008,16:06:11 Avira AntiVir Personal – Free Antivirus service has been stopped! 30/06/2008,16:07:09 --------------------------------------------------------- 30/06/2008,16:07:14 Keyfile contains a valid license. The Avira AntiVir Personal – Free Antivirus will run as a fully functional version! 30/06/2008,16:07:14 AntiVir Guard version: 8.00.01.18,engine version 8.1.0.59,VDF version: 7.0.5.25 30/06/2008,16:07:16 AntiVir Guard was enabled. 30/06/2008,16:07:16 Avira AntiVir Personal – Free Antivirus has been started successfully! 30/06/2008,16:07:16 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 30/06/2008,16:13:29 [WARNING] Contains detection pattern of the Windows virus W32/Virut.AX! C:\WINDOWS\system32\sifuhni.exe [iNFO] The file will be copied to quarantine. [iNFO] The file will be deleted.

assez régulièrement, mais là, ça fait un moment que je n'en ai plus Cela peut il avoir un lien avec ad aware??? lorsque je l'ai fait tourner, j'ai eu une alerte antivir C:\windows\temp\~F.tmp exe Worm/Bobax.AG.1 j'ai valider le choix antivir à savoir Deny acces lors de ces alletres, faut il valider le choix d'antivir ou mettre en quarantaine?

je n'ai plus l'air d'avoir de pop up mais je continue à avoir plein de message de antivir!! j'ai restoré le dernier Ccleaner et WMp à l'air de refonctionner correctement: à suivre dois je m'inquieter pour toutes ces alertes antivir??

oui, c'est bien cela. en fait, depuis que je suis connecté, j'ai eu 5 alertes Antivir.En voici 2 que j'ai noté. Je les ai mis en quarantaine au lieu de leur refuser l'acces comme proposé par antivir. ais je raison? C:\windows\system32\cpmf.exe is the trojan horse: TR\crypt.xpack.gen C:\windows\system32\xoushgbg.exe is the trojan horse: TR\crypt.xpack.gen et les 3 autres sont survenus coup sur coup et j'ai validé le choix de antivir (Deny acces ) sinon, je continu d'avoir les alertes en pop up (mais je n'ai pas encore fait la manip que tu me proposes ci dessus) Je viens de la faire j'ai fait un nouveau scan d'antivir et il n'a rien trouvé. encore merci pour ton aide

bonjour, je redémarre juste mon Pc. Pour l'instant je n'ai plus d'allerte. 1 virus et 6 trojans en quarentaine dans Avira 2 malwares en quarantaine dans Ad Aware 2007 Je me pose quand même une question: J'avais régulièrement une fenêtre qui s'ouvrait: Service affichage des messages. Message de local system à User le 28/06/2008 14:03:46 Critical error message! Registry Damaged and corrupt. to fix this problem:open IE and type : www:registry cleanerxp.com once you load the web page,close this message windows after you install the cleaner program, you will no receive any more reminders or pop up like this Ne sachant pas l'origine de ce message, je n'ai bien sur pas fait cette manip. Par contre,j'ai passé un coup de crap cleaner et j'ai réparé la base de regitre. depuis, mais je ne sais pas ci ça lui est directement lié, j'ai des problèmes avec certains programmes. Par exemple, j'ai du réinstaller les drivers de ma carte son ainsi que celui du modem.lorsque j'insers un DVD, j'ai le son mais pas l'image.si je clique sur WMP, j'ai le film. Lorsque je l'arrete, l'ecran retourne au bureau mais WMP semble continuer à tourner!!!! Il faut savoir que j'ai du mettre un beau "merdier" dans mon Pc à cause d'une détection erronée de virus par avast. j'avais tenté de réparer mon windows (ça n'avait pas marché suite à une erreur de manip donc j'avais un double boot au démarrage WinXPfamiliale et installation win). sur votre forum, j'ai trouvé la solution, téléchargé le patch avast et suivi la procédure et tout semblait revenu dans l'ordre ormis ce double boot. J'ai résolu celui ci en faisant une réparation comme il faut (en suivant un didacticiel) Mais depuis, j'ai eu ces pbs de détection virus et on est reparti pour un tour. en somme, puis tenter de restorer les "réparations " de CCleaner? Quelle est l'origine de ces fenetres d'alerts? merci beaucou

le voici Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:52:49, on 28/06/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\DitExp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe D:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://www.pandasoftware.fr O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B41F00E-5A0D-431C-9A32-01936CA06AA3}: NameServer = 86.64.145.142 84.103.237.142 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9822 bytes

bonjour et merci pour cette rapide réponse. J'ai donc fais ce que tu m'as dit et voici donc le rapport de Antivir Avira AntiVir Personal Report file date: samedi 28 juin 2008 11:46 Scanning for 1365397 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NOM_ORDINATEUR Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 09:44:03 ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 24/06/2008 09:44:04 ANTIVIR3.VDF : 7.0.5.17 102912 Bytes 27/06/2008 09:44:06 Engineversion : 8.1.0.59 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.44 278907 Bytes 28/06/2008 09:44:43 AESCN.DLL : 8.1.0.22 119157 Bytes 28/06/2008 09:44:41 AERDL.DLL : 8.1.0.20 418165 Bytes 28/06/2008 09:44:39 AEPACK.DLL : 8.1.1.6 364918 Bytes 28/06/2008 09:44:33 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 28/06/2008 09:44:29 AEHEUR.DLL : 8.1.0.32 1274231 Bytes 28/06/2008 09:44:26 AEHELP.DLL : 8.1.0.15 115063 Bytes 28/06/2008 09:44:16 AEGEN.DLL : 8.1.0.29 307573 Bytes 28/06/2008 09:44:14 AEEMU.DLL : 8.1.0.6 430451 Bytes 28/06/2008 09:44:11 AECORE.DLL : 8.1.0.31 168310 Bytes 28/06/2008 09:44:08 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 28 juin 2008 11:46 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'ftp.exe' - '1' Module(s) have been scanned Scan process 'cmd.exe' - '1' Module(s) have been scanned Scan process 'Ad-Aware2007.exe' - '1' Module(s) have been scanned Scan process 'update.exe' - '1' Module(s) have been scanned Scan process 'SmartUI.exe' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'DitExp.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'Dit.exe' - '1' Module(s) have been scanned Scan process 'point32.exe' - '1' Module(s) have been scanned Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'ups.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'brss01a.exe' - '1' Module(s) have been scanned Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' <BOOT> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\bjtlfqf.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48da1732.qua'! C:\WINDOWS\system32\oxliehfp.exe [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen [NOTE] The file was moved to '48d21771.qua'! C:\WINDOWS\system32\spoolsvc.exe [DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen [NOTE] The file was moved to '48d51775.qua'! C:\WINDOWS\system32\winIogon.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48d41779.qua'! Begin scan in 'D:\' <BACKUP> Begin scan in 'E:\' <RECOVER> End of the scan: samedi 28 juin 2008 13:03 Used time: 1:17:09 min The scan has been done completely. 5923 Scanning directories 341205 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 341201 Files not concerned 7521 Archives were scanned 7 Warnings 4 Notes

bonsoir, j'ai beaucoup de détection de virus avec avast 4.8: rizo-E[Trj], Virtob. je les mets en quarantaine au fur et à mesure. j'ai passé un coup de ad aware et j'ai mis Trojan Downloader agent et Backdoor.IRC Bot en quarantaine également. Alors, je sais (au vu des post de ce site )que ce ne sont pas les meilleures des protections mais je pense qu'une fois que j'aurais des infecté mon PC, je passerai à antivir bien qu'il soit en anglais. Merci pour votre aide en tout cas. J'ai fais un scan en ligne avec bit defender: il n'a rien trouvé. je joins aussi le log de hijackthis http://cjoint.com/?gBwOHy7Rgb merci encore et bon week end

bonsoir, ad aware 2007 m'a trouvé ce trojan, comment faire pour l'eradiquer. trojan remover ne trouve rien: ci joint, le rapport de hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:18:32, on 25/06/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\BRMFRSMG.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe D:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://www.pandasoftware.fr O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B41F00E-5A0D-431C-9A32-01936CA06AA3}: NameServer = 86.64.145.140 84.103.237.140 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9487 byte merci

Bonjour, j'ai commencé à faire le ménage. Je pense que le probleme est résolu car je n'ai plus d'alerte ni de fermeture intempestives de programme. Merci encore

bonjour, j'ai desinstallé antivir et passé virus scanner. Il n'a rien détecté. Voici son rapport KASPERSKY ONLINE SCANNER REPORT Tuesday, February 20, 2007 11:56:19 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 20/02/2007 Kaspersky Anti-Virus database records: 256210 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ G:\ I:\ J:\ K:\ L:\ Scan Statistics Total number of scanned objects 49568 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 01:26:39 Infected Object Name Virus Name Last Action C:\Documents and Settings\christian\Cookies\index.dat Object is locked skipped C:\Documents and Settings\christian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\christian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\christian\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\christian\Local Settings\Temp\Perflib_Perfdata_b68.dat Object is locked skipped C:\Documents and Settings\christian\Local Settings\Temp\ZLT033d5.TMP Object is locked skipped C:\Documents and Settings\christian\Local Settings\Temp\ZLT03409.TMP Object is locked skipped C:\Documents and Settings\christian\Local Settings\Temp\~DFEE43.tmp Object is locked skipped C:\Documents and Settings\christian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\christian\ntuser.dat Object is locked skipped C:\Documents and Settings\christian\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0799C52E-1C36-4D34-8A69-37C833BC05CB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09FB5438-FB6D-4DD3-9F68-940B14BBDA18.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E48C32A-2932-4276-A08F-AA89E975B4ED.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS118BC310-977F-4790-82E9-8C92847512EB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS187B415B-4D79-4DEE-B5D0-7946AEF14DB8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A2424AF-02CE-4A9F-8321-BE0FCB231535.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1EDC6BF7-E8B3-4549-84EA-CDA7851043CD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20984986-85AA-48CE-9DC2-DF32024DFB2A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2178FC3B-D1CF-4BB3-97C6-8BA73EB8F87F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS251CA534-73A0-4095-B84C-55ECBC86040B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26989722-A2C7-499F-BEBD-93BC893F2188.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2730349A-FABA-4B9F-B841-F62A0BF8D3C3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D3AAF74-9567-423A-AC41-A5164BE1B72D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E607E1F-7310-4488-A6F6-D5A87A4DC6B9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E9B8828-0BB9-4067-927B-A0B108CC3A79.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS383F9820-ECE4-4799-9484-133DD692F647.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C091BD4-2766-4894-A62F-76260C543E82.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3ECF2D27-8DBD-46BB-9756-469FFC5237AB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3FD68C1A-4E44-4B68-A3C8-D6ECE54A0649.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS53F6F46F-79CB-4CC7-8825-6C116FC6EBEC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS543F7FA3-B69B-4596-B949-0C5020C8371C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS557DE6B1-85BB-4A2C-BF0F-E4FE9AC77C2B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS558D2574-5B75-44AE-AA35-503E3EDDF8A0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS636FFD84-ACEF-40CE-BB81-3C087D5B24A3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63B551D5-12A5-45A3-AEE9-8844E808EBD7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS64AF554A-07AD-4D21-821E-284EDF53A12D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS67E3A1CD-9EC0-498B-9733-367F71741498.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69B1EE91-5502-4B1B-8363-ECE1D7DA7A13.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F8AB203-D3D4-424C-8260-DF7C8A471D4B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D1F7DCD-3018-4EB3-83ED-D4416B3519A3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82B168CC-E1D8-4BC4-9391-9DC321DCCE0C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82EE7A49-F3CA-491E-95BE-962753A2481B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8375E803-396C-4A5F-9889-9CB03CA72C80.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AA8212F-4614-4276-9B41-C3EF07A50D70.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AAF9C5D-A982-4C56-BECE-119848C250FA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS931B6416-0DBC-4328-B6A8-690591783496.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9383476B-1E78-4E7A-8552-47E1DCA327A0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9701F990-B55C-497F-99F8-54E7EFF24BE9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0F3B41F-4AFD-49FE-B9C5-42B967723A1A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA428CC93-3C91-49E6-B329-E4419BBED6E7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4B5ADEC-3126-477D-8686-A90A26983236.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA61FE09F-4A1A-4455-9808-FA280795CE20.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA77F843F-7CF0-45AD-AEC6-50D7B44B8D6C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC4F024D-3132-4861-85B4-5DB95D684D41.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSACE6325F-B1F8-45F3-ACE6-2E0CF6E30F7B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAEDD1B1D-7560-4E19-BB5B-D2A0C5DE3445.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFF6A4C3-ECBF-49EC-B11F-F701EF6E4585.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1034DB6-070B-4C63-A776-E6E61C87CC72.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB91453F0-2C0B-4B89-A51D-56AB0C994006.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA93970F-35C7-44F9-8E4A-D724FD290901.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBADC7F2F-6DA5-49D2-BFD4-30E2F4E0CE2E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB64A38E-755A-4423-85A6-F92F2D21D616.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFE2F5AF-EF45-4EFE-9665-9F127281F6AF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1681A59-4473-43F6-987E-83564A2B52E0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC693D86B-5F6F-458C-89B8-BADE950FEE19.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEA3A4C7-895B-42AC-A519-CDDFE54A0CBC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF73D01D-B460-43B1-B35D-205EE577C4D4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD01FB106-DB2C-4E13-BAA6-6E79000D010E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0EB6A6D-8EF7-4CAB-83D0-CB4C731E1AA5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD19E975B-051A-4FAF-8EDD-6F1199BD3E4B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4410FAC-21A0-4DE3-93EF-8F07581F45C1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD52BFB67-1F8C-48A8-9452-3D273FCB41AC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE1747E8-FAA3-4E0B-A117-6E2BEDC7DA96.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE23762D1-E136-4136-B7AC-A7C344529238.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2ABE69D-6B59-4213-A0AC-405B3F12A133.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA702D82-D8BB-4043-9AE1-9CB36C028E66.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE8F8196-8CEE-4AB8-BF9D-80777DE473CC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0325BA9-BC41-406F-899E-03CC4EEABCF1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF309FA07-C603-4E85-84A5-E83DA4906AEA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-02-20.19-46-08.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP8\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\NOM_ORDINATEUR.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{25180C2C-9465-401C-9863-663BEF8EC3A6}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_574.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP8\change.log Object is locked skipped E:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP8\change.log Object is locked skipped Scan process completed.

bonsoir, si je comprends bien tu veux que je passe en windows SP2? moi je voulais éviter de le faire car j'ai tellement entendu du mal de cette version. Incompatiblité avec d'ancien prog... Quen est il exactement? par ex j'ai un nero 5, studio9.. Pour ce qui est des anti virus , je tourne avec avast depuis plus d'un an. J'ai installé anti vir pour virer ce trojan. Lequel me conseil tu de garder?? J'ai installer plein d'autres choses pour les mêmes raisons (AVg antispyware,Spy sweeper, killbot, a squared security center,Atf cleancenter,Hijacktis...) Que dois je garder?.. Normalement, j'ai desactivéle bouclier web d'avast et malgres cela, je n'arrive pas à télécharger le controle active x de panda. J'ai donc arrete activir et avg sans + de resultat. Merci, je vais aller faire manger la petite famille et je reviens

bonsoir ou pustôt bonne nuit!!! je viens de finir la manip. Je pense qu'elle s'est bien déroulé à part une ou 2 choses légèrement différentes par rapport à ta procédur: -pour arreter les services. Le seul bouton accessible était demarrer( ils étaient déjà sur arreté) -une erreur dans le nettoyage des fichiers inutiles "echec à la suppression de 3 des fichiers sélectionnes...." voici donc les nouveaux rapports. Log Spysweeper 23:41: Traces Found: 0 23:41: Custom Sweep has completed. Elapsed time 00:31:51 23:41: File Sweep Complete, Elapsed Time: 00:30:27 Espace insuffisant pour traiter cette commande 23:41: Warning: Unable to sweep compressed file: System Error. Code: 8. 23:28: Warning: SweepDirectories: Cannot find directory "l:". This directory was not added to the list of paths to be scanned. 23:28: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned. 23:28: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned. 23:28: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned. 23:28: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned. 23:28: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned. 23:10: Starting File Sweep 23:10: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned. 23:10: Cookie Sweep Complete, Elapsed Time: 00:00:00 23:10: Starting Cookie Sweep 23:10: Registry Sweep Complete, Elapsed Time:00:00:26 23:10: Starting Registry Sweep 23:10: Memory Sweep Complete, Elapsed Time: 00:00:33 23:09: Starting Memory Sweep 23:09: Sweep initiated using definitions version 845 23:09: Spy Sweeper 5.3.1.2346 started 23:09: | Start of Session, lundi 19 février 2007 | *************** 23:09: Program Version 5.3.1.2346 Using Spyware Definitions 845 23:09: Spy Sweeper 5.3.1.2346 started 23:09: | Start of Session, lundi 19 février 2007 | *************** 22:07: Error: Failed to set data for 'SpySweeper'. 22:05: Your definitions are up to date. Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On 22:04: Messenger service has been disabled. ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 22:04: Shield States 22:04: Spyware Definitions: 845 22:03: Spy Sweeper 5.3.1.2346 started 22:03: Spy Sweeper 5.3.1.2346 started 22:03: | Start of Session, lundi 19 février 2007 | *************** 22:08: Error: Failed to set data for 'SpySweeper'. 22:08: Spyware Definitions: 845 Operation: File Access Target: Source: C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE 22:07: Tamper Detection 22:07: Spy Sweeper 5.3.1.2346 started 22:07: Spy Sweeper 5.3.1.2346 started 22:07: | Start of Session, lundi 19 février 2007 | *************** 22:08: Error: Failed to set data for 'SpySweeper'. 22:08: Spyware Definitions: 845 22:08: Spy Sweeper 5.3.1.2346 started 22:08: Spy Sweeper 5.3.1.2346 started 22:08: | Start of Session, lundi 19 février 2007 | *************** 22:08: Error: Failed to set data for 'SpySweeper'. 22:08: Spyware Definitions: 845 22:08: Spy Sweeper 5.3.1.2346 started 22:08: Spy Sweeper 5.3.1.2346 started 22:08: | Start of Session, lundi 19 février 2007 | *************** 22:09: Error: Failed to set data for 'SpySweeper'. 22:08: Spyware Definitions: 845 22:08: Spy Sweeper 5.3.1.2346 started 22:08: Spy Sweeper 5.3.1.2346 started 22:08: | Start of Session, lundi 19 février 2007 | *************** 22:09: Error: Failed to set data for 'SpySweeper'. 22:09: Spyware Definitions: 845 22:09: Spy Sweeper 5.3.1.2346 started 22:09: Spy Sweeper 5.3.1.2346 started 22:09: | Start of Session, lundi 19 février 2007 | *************** 22:16: ApplicationMinimized - EXIT 22:16: ApplicationMinimized - ENTER 22:12: Deleted error log without sending: C:\Documents and Settings\christian\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 22:11: Shield States 22:11: Spyware Definitions: 845 22:11: Spy Sweeper 5.3.1.2346 started 22:11: Spy Sweeper 5.3.1.2346 started 22:11: | Start of Session, lundi 19 février 2007 | *************** 22:41: Removal process completed. Elapsed time 00:00:10 22:41: Quarantining All Traces: xiti cookie 22:41: Quarantining All Traces: weborama cookie 22:41: Quarantining All Traces: serving-sys cookie 22:41: Quarantining All Traces: bs.serving-sys cookie 22:41: Quarantining All Traces: adtech cookie 22:41: Quarantining All Traces: syswebtelecom 22:40: Removal process initiated 22:39: Traces Found: 7 22:39: Custom Sweep has completed. Elapsed time 00:19:18 22:39: File Sweep Complete, Elapsed Time: 00:15:22 22:35: Warning: SweepDirectories: Cannot find directory "l:". This directory was not added to the list of paths to be scanned. 22:35: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned. 22:35: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned. 22:35: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned. 22:35: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned. 22:35: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned. 22:35: Warning: Failed to read file "d:\system volume information\_restore{0a8ac375-c828-4f19-860b-09fbeb517d9a}\rp2\a0000217.exe". "d:\system volume information\_restore{0a8ac375-c828-4f19-860b-09fbeb517d9a}\rp2\a0000217.exe": File not found 22:25: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE 22:24: Starting File Sweep 22:24: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned. 22:24: Cookie Sweep Complete, Elapsed Time: 00:00:00 22:24: c:\documents and settings\christian\cookies\christian@xiti[1].txt (ID = 3717) 22:24: Found Spy Cookie: xiti cookie 22:24: c:\documents and settings\christian\cookies\christian@weborama[2].txt (ID = 3658) 22:24: Found Spy Cookie: weborama cookie 22:24: c:\documents and settings\christian\cookies\christian@serving-sys[1].txt (ID = 3343) 22:24: Found Spy Cookie: serving-sys cookie 22:24: c:\documents and settings\christian\cookies\christian@bs.serving-sys[1].txt (ID = 2330) 22:24: Found Spy Cookie: bs.serving-sys cookie 22:24: c:\documents and settings\christian\cookies\christian@adtech[2].txt (ID = 2155) 22:24: Found Spy Cookie: adtech cookie 22:24: Starting Cookie Sweep 22:24: Registry Sweep Complete, Elapsed Time:00:00:17 22:24: HKU\WRSS_Profile_S-1-5-21-3761928268-3674855574-4174099322-1007\software\sponsoradulto2\ (ID = 143576) 22:24: HKU\WRSS_Profile_S-1-5-21-3761928268-3674855574-4174099322-1008\software\sponsoradulto2\ (ID = 143576) 22:24: Found Adware: syswebtelecom 22:24: Starting Registry Sweep 22:24: Memory Sweep Complete, Elapsed Time: 00:03:18 22:20: Starting Memory Sweep 22:20: Start Custom Sweep 22:20: Sweep initiated using definitions version 845 Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 22:20: Shield States 22:20: Spyware Definitions: 845 22:19: Spy Sweeper 5.3.1.2346 started 22:19: Spy Sweeper 5.3.1.2346 started 22:19: | Start of Session, lundi 19 février 2007 | *************** Logfile of HijackThis v1.99.1 Scan saved at 23:47:31, on 19/02/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\BRMFRSMG.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\DitExp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\christian\Mes documents\Hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Bon, il se fait tard et je me leve dans 5 heures aussi je ferai le scan en ligne demain

salut Regis, je ne te reponds que maintenant car je me suis accordé une journée sans Pc après cette rude bataille. Voici les éléments demandés Logfile of HijackThis v1.99.1 Scan saved at 17:08:50, on 19/02/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Documents and Settings\christian\Mes documents\Hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB O16 - DPF: {BA00165E-C903-11D3-BD27-0050048A82BF} (eShare Technologies NetAgent Customer ActiveX Control) - http://chat.caleris.com/netagent/objects/CustAppX.CAB O20 - Winlogon Notify: agunporcfgrc - C:\WINDOWS\system32\agunporcfgrc.dll (file missing) O20 - Winlogon Notify: ovptxlqjfzoo - C:\WINDOWS\system32\ovptxlqjfzoo.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: JEZEZF - Unknown owner - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\JEZEZF.exe (file missing) O23 - Service: JUEI - Unknown owner - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\JUEI.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PHVN - Unknown owner - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\PHVN.exe (file missing) O23 - Service: QEJLDCNWWRIQRW - Unknown owner - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\QEJLDCNWWRIQRW.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TOUMOEEQVU - Unknown owner - C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TOUMOEEQVU.exe (file missing) --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 18:33:51 19/02/2007 + Résultat de l'analyse: C:\System Volume Information\_restore{0A8AC375-C828-4F19-860B-09FBEB517D9A}\RP5\A0000479.dll -> Adware.GoodByeSpyware : Ignoré. Fin du rapport Rapport de Blacklight 02/19/07 18:42:38 [info]: BlackLight Engine 1.0.55 initialized 02/19/07 18:42:38 [info]: OS: 5.1 build 2600 (Service Pack 1) 02/19/07 18:42:38 [Note]: 7019 4 02/19/07 18:42:38 [Note]: 7005 0 02/19/07 18:42:44 [Note]: 7006 0 02/19/07 18:42:44 [Note]: 7011 2088 02/19/07 18:42:45 [Note]: 7026 0 02/19/07 18:42:45 [Note]: 7026 0 02/19/07 18:42:57 [Note]: FSRAW library version 1.7.1021 02/19/07 18:51:38 [Note]: 2000 1012 02/19/07 18:52:15 [Note]: 7007 0 Merci encore et à bientôt