elef

Bonjour Pear, Et bien on en apprends tous les jours, merci pour les infos sur avast.Je lui laisse antivir et j'vais lui dire qu'il n'aille pas trop trainer sur les sites chauds. Antivir a donc trouvé de nouveaux objets suspects qu'il a supprimé,voici le rapport : AntiVir PersonalEdition Classic Report file date: dimanche 8 juin 2008 12:08 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Laurent Computer name: UNICORNI-388923 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 8 juin 2008 12:08 Starting search for hidden objects. '29096' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lxdccoms.exe' - '1' Module(s) have been scanned Scan process 'BTNtService.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wbload.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 27 processes with 27 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '25' files ). Starting the file scan: Begin scan in 'C:\' <Disk> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Laurent\Mes documents\EmoticonesAnimaux.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '48bab06a.qua'! Begin scan in 'D:\' Search path D:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: dimanche 8 juin 2008 12:55 Used time: 47:33 min The scan has been done completely. 2524 Scanning directories 83141 Files were scanned 0 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 83141 Files not concerned 575 Archives were scanned 1 Warnings 0 Notes 29096 Objects were scanned with rootkit scan 0 Hidden objects were found Et voici resultat Kaperski: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT dimanche 8 juin 2008 13:16:24 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/06/2008 Kaspersky Anti-Virus database records: 839091 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Scan Statistics: Total number of scanned objects: 31366 Number of viruses found: 6 Number of infected objects: 28 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:38:12 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20080608-120814-27D8F7D6.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20080608-120814-27D6EC22\AVSCAN-000074F6 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Laurent\.housecall6.6\Quarantine\yjohijoz.exe.bac_a03840 Infected: Trojan.Win32.Obfuscated.gx skipped C:\Documents and Settings\Laurent\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Historique\History.IE5\MSHist012008060820080609\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurent\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Laurent\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP10\change.log Object is locked skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008357.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008358.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008359.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008360.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008361.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008362.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008363.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008364.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008365.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008366.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008367.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008368.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008369.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008370.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008371.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008372.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0010383.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012449.dll Infected: Trojan.Win32.Vapsup.gcc skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012454.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012456.dll Infected: Trojan.Win32.Vapsup.gbp skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012458.exe Infected: Trojan.Win32.Vapsup.gcc skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012465.dll Infected: Trojan.Win32.Vapsup.gcc skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012478.dll Infected: Trojan.Win32.Vapsup.gbp skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012479.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012481.exe Infected: Trojan.Win32.Vapsup.gcc skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A62E321A-42EE-44E7-BE66-3DBBE50F0C1B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\Winfl63.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\WINDOWS\system32\drivers\Winqy64.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Ca ressemble a ceux qu'il avait deja trouvé nan..? Pourquoi il saute au lieu de supprimer..?

Bonsoir Pear, Wow comment se fait-ce qu'il reste autant de trucs infectés dans le pc..? j'te renvoie les deux resultats de scan,dis moi s'il reste des manips a faire . Malwarebytes' Anti-Malware 1.15 Version de la base de données: 838 22:41:49 07/06/2008 mbam-log-6-7-2008 (22-41-49).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 60717 Temps écoulé: 14 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 22 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 49 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PCAntispyware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{09797a7f-36ba-468b-bc71-b65e061783de} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5e5c9077-0e64-4a3c-bd42-f9d8fc2b6dd7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{5b886f01-527a-4f05-90e2-14eacd2f8870} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10b5e5c2-8901-4e3c-bf61-ac6e11039292} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP3\A0000004.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\ekaf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jhauambmz_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jhauambmz_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:43:57, on 07/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\lxdccoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Documents and Settings\Laurent\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189440919828 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing) -- End of file - 4581 bytes Voila j'espere que j'ai rien oublié . @ bientot..

Bonsoir Pear, Tout d'abord merci de t'etre occupé de mon cas J'ai donc fait les manips et a priori ca tient le coup j'suis pas resté longtps sur le net avec le portable mais avast s'est mis a jour et il n'y a pas eu d'alertes ; Je te poste les rapports pour avoir confirmation, Sdfix: SDFix: Version 1.188 Run by Laurent on 05/06/2008 at 19:02 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\.protected - Deleted C:\WINDOWS\.protected - Deleted C:\WINDOWS\system32\drivers\etc\.protected - Deleted C:\WINDOWS\mslagent\2_mslagent.dll - Deleted C:\WINDOWS\mslagent\mslagent.exe - Deleted C:\WINDOWS\mslagent\uninstall.exe - Deleted C:\Program Files\Inet Delivery\inetdl.exe - Deleted C:\Program Files\Inet Delivery\intdel.exe - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\atfxqogp.dll - Deleted C:\WINDOWS\base64.tmp - Deleted C:\WINDOWS\bdn.com - Deleted C:\WINDOWS\FVProtect.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mssecu.exe - Deleted C:\WINDOWS\system32\WinCtrl32.dll - Deleted C:\WINDOWS\userconfig9x.dll - Deleted C:\WINDOWS\vregfwlx.dll - Deleted C:\WINDOWS\winsystem.exe - Deleted C:\WINDOWS\xmpstean.exe - Deleted C:\WINDOWS\zip1.tmp - Deleted C:\WINDOWS\zip2.tmp - Deleted C:\WINDOWS\zip3.tmp - Deleted C:\WINDOWS\zipped.tmp - Deleted Could Not Remove C:\WINDOWS\system32smp Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Folder C:\Program Files\Inet Delivery - Removed Folder C:\WINDOWS\mslagent - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 19:24:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Disabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Disabled:IncrediMail" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard" "C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System" "C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor" "C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer" "C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe"="C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe:*:Enabled:Panzer Elite Action" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:BorgListener" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : C:\WINDOWS\system32smp Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 21 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 20 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2A.tmp" Sat 23 Sep 2006 1,055,594 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\download\BIT83.tmp" Finished! Mbam: SDFix: Version 1.188 Run by Laurent on 05/06/2008 at 19:02 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\.protected - Deleted C:\WINDOWS\.protected - Deleted C:\WINDOWS\system32\drivers\etc\.protected - Deleted C:\WINDOWS\mslagent\2_mslagent.dll - Deleted C:\WINDOWS\mslagent\mslagent.exe - Deleted C:\WINDOWS\mslagent\uninstall.exe - Deleted C:\Program Files\Inet Delivery\inetdl.exe - Deleted C:\Program Files\Inet Delivery\intdel.exe - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\atfxqogp.dll - Deleted C:\WINDOWS\base64.tmp - Deleted C:\WINDOWS\bdn.com - Deleted C:\WINDOWS\FVProtect.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mssecu.exe - Deleted C:\WINDOWS\system32\WinCtrl32.dll - Deleted C:\WINDOWS\userconfig9x.dll - Deleted C:\WINDOWS\vregfwlx.dll - Deleted C:\WINDOWS\winsystem.exe - Deleted C:\WINDOWS\xmpstean.exe - Deleted C:\WINDOWS\zip1.tmp - Deleted C:\WINDOWS\zip2.tmp - Deleted C:\WINDOWS\zip3.tmp - Deleted C:\WINDOWS\zipped.tmp - Deleted Could Not Remove C:\WINDOWS\system32smp Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Folder C:\Program Files\Inet Delivery - Removed Folder C:\WINDOWS\mslagent - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 19:24:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Disabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Disabled:IncrediMail" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard" "C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System" "C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor" "C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer" "C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe"="C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe:*:Enabled:Panzer Elite Action" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:BorgListener" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : C:\WINDOWS\system32smp Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 21 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 20 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2A.tmp" Sat 23 Sep 2006 1,055,594 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\download\BIT83.tmp" Finished! Voila j'espere que tout va bien.. Merci a toi Pear @ bientot

Bonjour a vous la zebulon family's me revoila avec nouveau soucis. J'ai un pote qui m'a demandé de regarder son pc portable parcequ'a chaque fois qu'il se connecte a internet dans les 20 secondes qui suivent Avast ne cesse d'indiquer des alertes concernant l'envoi repetitif de mails et bloque par la suite tout acces a son pc,alors j'en ai trouvé quelques uns et les ai supprimés mais il en reste et j'arrive pas a les trouver,j'ai fait plusieurs scans (Avast,Avg,nettoyé avec Ccleaner ) mais rien n'y fait ca persiste. Pour gagner un peu de tps voici le scan de Hijack Alors comme toujours c'est là que je me mets a pleurer et a vous demander de l'aide.. Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:18, on 05/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\lxdccoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Laurent\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {10B5E5C2-8901-4E3C-BF61-AC6E11039292} - C:\WINDOWS\system32\rqRkJAPf.dll O2 - BHO: (no name) - {10F0C2A9-8E38-43e3-204D-45524C494E20} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189440919828 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O20 - Winlogon Notify: rqRkJAPf - C:\WINDOWS\SYSTEM32\rqRkJAPf.dll O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: vltdfabw - {B81B6C37-BA75-4F89-9AB9-473638B8E2CE} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing) -- End of file - 4999 bytes

Probleme resolu, j'ai arreté les services de norton au demarrage et j'ai pu me connecter au net.

Zebulon's family bonsoir, J'ai de nouveau besoin de vos lumieres,moi je seche.. une amie a moi m'a demandé de jeter un oeil sur son pc parceque depuis trois jours elle n'arrive pas a seconnecter a internet,par contre Msn lui se connecte et elle peut dialer avec ses contacts.. J'ai fais un peu de nettoyage en supprimant norton(me manque juste la connexion pour finir la desinstallation) et en mettant avast,j'ai fais un coup de Ccleaner et Avg et le prob. est tjrs là...Chaque fois que j'ouvre une page internet ca essaie d'ouvrir tjrs la mm page"Go microsoft blabla...."( je crois que c'est la page de mise a jour microsoft) j'ai eu beau changer l'adresse pour la page d'accueil mais il n'en tiens pas compte... Je seche je sais plus quoi faire.. D'avance merci pour votre aide..

Salut Micgre, Alors c'est toujours pareil meme sans la batterie,crois tu vraiment que ce soit la fin..juste a cause du changement de barettes memoire j'ai bouzillé le pc..?!! c'est un truc de ouf quand meme le pc a à peine plus d'un an... Si j'l'emmene chez les chinois(ou si tu connais quelqu'un sur paris..) penses tu qu'ils vont trouver mon probleme..? Merci

Bonsoir Micgre, J'ai essayé de le brancher sur mon vieil ecran et ca n'a rien donné non plus,si ca peut aider (j'en doute ..) meme le lecteur de cd ne tourne pas je ne peux meme pas l'ouvrir en appuyant sur le bouton... Aie aie j'sui mal parti hein..? Tu m'as pas repondu pour l'echange de barettes est ce que tu crois que j'aie pu flinguer ..?

Bonsoir Micgre, C'est un ecran noir comme si il etait pas allumé je vois les leds(sauf celle du lecteur de cd) com quoi il est allumé mais ne bouge pas,je n'ai pas acces au bios non plus, tout a l'heure quand j'ai essayé de booter avec le CD XP j'ai été obligé pour inserer le disque, d'ouvrir le lecteur avec la petite tige en metal qui est vendue avec tous les graveurs au cas ou y aurait un cd qui se coince dedans. Donc c'est plutot mal parti,le fait juste d'avoir mis d'autre barettes aurait pu tuer le pc comme ca..!? tu crois..? Help,help..

Bonsoir a tous,bonsoir Micgre, Alors je vous tiens au courant de mes manipulations. J'ai emmené le pc au travail (j'avais un peu de tps) et j'ai fais un test avec d'autres barettes memoire en relancant l'installation mais l'ecran est resté tout noir(sans curseur),j'ai eteints et remis les anciennes barettes et Grrrr de nouveau l'ecran noir,je viens de rentrer chez moi j'ai ouvert et interverti les barettes des fois que et toujours rien,ecran noir encore...(tjrs sans curseur..) Je viens d'essayer de le lancer avec le CD XP mais rien.. Je crois que là j'ai flingué le pc,j'suis degouté j'vais etre bon pour lui en repayer un neuf.. Dites moi c'que vous en pensez,j'attends vos suggestions.. Merci

Bonsoir Micgre, Alors j'ai pensé a la meme chose que toi et ai essayer d'utiliser memtest,j'ai fait l'image iso,j'ai demarré avec le cd dans le lecteur et là ca me mets "CALDERA...che plus quoi...DOS" avec le curseur qui clignote en dessous, j'ai attendu un peu et j'ai vu que ca faisait rien alors j'ai arreté..je crosi que j'aurais pas dû, c'est ca..? J'ai lu la "notice" de memtest mais je crois que j'ai pas tout compris,j'ai pas de menus comme ils disent..doit y avoir un truc que j'fais pas bien sans doute..tu peux m'eclairer ? Merci Micgre..

Merci, C'est deja fait et il est accepté mais je crois qu'il s'est arreté pdt que j'avais le dos tourné et il a repris l'install. mais pas là ou elle s'etait arretée et recommencé la moitié des operations jusqu'a me redemander la clé...

Zebulon's family bonsoir, 10 jours sans soucis c'est deja bien..! Je reviens a la charge avec cette fois ci un truc dans lequel j'aurais peut etre pas dû m'embarquer,j'expose : Un pote a moi m'a demandé de jeter un oeil sur son pc portable (Acer Aspire 5100,sans anti virus ni de pare feu activé) parcequ'il le trouvait super lent,comme il ecoutait de la musque c'etait hachuré et il avait sans cesse des pop up qui surgissaient comme il surfait sur le net. Je l'ai donc pris et commencé par un scan avec Avg,il m'a trouvé 101 "chevaux de troie"... j'ai halluciné comme j'ai vu le chiffre,j'ai fait les nettoyages appropriés et ai redemarré le pc là je l'ai trouvé avec les memes symptomes qu'au depart.J'ai essayé de l'alleger le plus possible en retirant les programmes superflus mais rien a faire toujours pareil,ca m'a pris la tete...j'decide alors de repartir a zero et de formater (avec l'accord de mon pote) avec un CD d'install. XP juste pour avoir le systeme d'exploitation mais c là que vient le probleme je crois que j'ai fait une boulette en supprimant toutes les partitions du disque pour n'en faire qu'une seule,maintenant comme j'essaye d'installer XP (que ce soit avec mon CD ou le CD Acer) il me mettait des messages d'erreur sur fond bleu..jamais les memes !! Pendant que j'etais entrain d'ecrire j'ai commencé une nouvelle installation pour voir et là il a commencé a installer sauf que ca fait deux fois qu'il me demande le nom a mettre pour l'ordi et sa clé de licence..il tourne en rond je sais plus quoi faire .. Merci pour votre aide

Bonsoir Rag, Merci tout d'abord de m'aider J'ai fait le scan et voici le rapport -------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse -------------------------------------------------------- + Créé à: 20:54:58 18/09/2007 + Résultat de l'analyse: C:\Documents and Settings\esther\Cookies\esther@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\esther\Cookies\esther@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\esther\Cookies\esther@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\esther\Cookies\esther@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. Fin du rapport Crois tu que ce soit bon..?

Re, Je suppose qu'il sert a proteger des virus... Comme je l'ai dit plus haut c'est le pc de ma tante,elle m'a dit qu'elle avait telechargé des jeux pour son fils et que depuis il y a ces fenetres qui apparaisent. Si ca peut aider j'ai le nom du fichier que je n'arrive pas a supprimer : "wcescomm.log" dans le dossier user/localsettings/temp.

Bonsoir la Zeb' family, J'ai un petit probleme enfin ma tante pour etre plus precis,elle a telechargé je ne sais quel programme et depuis il y a des fenetres qui s'ouvrent intempestivement lui disant que son pc est infecté et qu'il faut faire un scan rapidement. J'ai pu localiser les fichiers en question mais impossible de les supprimer,ils reviennent des que je vide la corbeille. Alors pour gagner un peu de temps je poste le reslultat du scan hijack si quelqu'un veut me dire ce que je dois "fixer" ou pas parceque là ca depasse mes competences. Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14:09, on 18/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\esther\Mes documents\Programmes\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6427 bytes

Bon,j'ai craké j'ai créé une partition dans la partie non alloué,j'ai recuperé mon DD mais je crois que j'ai perdu mes 20 Go de données,je crois savoir que celles ci ne sont jamais réellement perdues surtout que là il n'y a pas eu de formatage.Maintenant j'me pose la question de comment recuperer ses données disparues..? si quelqu'un a une idée je suis preneur.. Dans tous les cas je remercie la fine equipe qui s'est occupée de mon cas.. @ bientot

Comme j'ai dit plus haut le diagnostic donne"no HBA has been detected" et je n'ai pas vu d'options de reparations quant a l'option de la remise a niveau avec sauvegarde je suis un peu surpris parceque sur le DD il y avait plus de 20 Go de données, ou sont elles passées..?

RE Mirware? Je confirme ya deux disque celui de 14 Go (seagate Barracuda ATA II 15320) c'est un vieux disque sur lequel il y a mon systeme d'exploitation..(pourquoi t'y crois pas..?) et donc il y a celui de 76 Go (Maxtor 6V080E0 sata) qui est non alloué maintenat mais il ne l'etait pas ,comme je l'ai dit c'etait un disque de stockage et ca fonctionnait correctement..

Merci voila donc.. http://www.casimages.com/img.php?i=070701124529786376.jpg

arf j'arrive pas metre ma capture d'ecran avec mon message..help..

Ah tu vois que c'est pas simple,je seche aussi... Je vais aller chercher un autre cable lundi et essayer comme ca,je peux pas intervertir parceque l'autre disque est cable IDE..ah là là..ca m'stresse alors que fonctionnait correctement..comment c'est possible un truc pareil.. Est il possible que j'envoie une capture d'ecran..?

Euh comment on fait pour jondre une capture d'ecran ,juste histoire que tu te rendes compte..?