herve80

ok merci tout est fait !! maintenant je vais lire la page protection que tu ma filée

encore une question : desactiver la restauration puis reactivé je le fait avant ccleaner ou apres ??

ok merci je supprime en mode sans echec ???? ( je pense que oui ) mon systeme est windows xp sp2 avec pare feu windows , mon anti-virus avast , comme modem livebox que me conseille tu pour proteger mon pc au mieux , je laisse le parefeu windows ou j'en mais un autre . merci de tes conseils car je ne voudrais pas que orange me coupe la ligne

bon enfin voila les rapports dans l'ordre que tu ma indiqué : KASPERSKY ON-LINE SCANNER REPORT Saturday, September 02, 2006 10:33:24 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 2/09/2006 Enregistrements dans la base antivirus Kaspersky : 207288 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ G:\ Statistiques de l'analyse Total d'objets analysés 63555 Nombre de virus trouvés 7 Nombre d'objets infectés 60 / 0 Nombre d'objets suspects 2 Durée de l'analyse 02:20:25 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DivagoSurfairy1.zip/uninstall.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DivagoSurfairy1.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\All Users\Documents\setup.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\Documents and Settings\hervé\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt L'objet est verrouillé ignoré C:\Documents and Settings\hervé\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Identities\{881046FC-194D-468E-9C79-8014D5B82F36}\Microsoft\Outlook Express\Boîte de réception.dbx/[From [email protected]][Date Thu, 27 Oct 2005 07:29:04 +0200]/UNNAMED/Data.zip/Data.txt .exe Infecté : Email-Worm.Win32.NetSky.aa ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Identities\{881046FC-194D-468E-9C79-8014D5B82F36}\Microsoft\Outlook Express\Boîte de réception.dbx/[From [email protected]][Date Thu, 27 Oct 2005 07:29:04 +0200]/UNNAMED/Data.zip Infecté : Email-Worm.Win32.NetSky.aa ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Identities\{881046FC-194D-468E-9C79-8014D5B82F36}\Microsoft\Outlook Express\Boîte de réception.dbx/[From [email protected]][Date Thu, 27 Oct 2005 07:29:04 +0200]/UNNAMED Infecté : Email-Worm.Win32.NetSky.aa ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Identities\{881046FC-194D-468E-9C79-8014D5B82F36}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "Herve.lebon" ][Date Tue, 01 Nov 2005 23:21:52 +0100]/UNNAMED/text_sms.zip/text.exe Infecté : Email-Worm.Win32.Bagle.eg ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Identities\{881046FC-194D-468E-9C79-8014D5B82F36}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "Herve.lebon" ][Date Tue, 01 Nov 2005 23:21:52 +0100]/UNNAMED/text_sms.zip Infecté : Email-Worm.Win32.Bagle.eg ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Identities\{881046FC-194D-468E-9C79-8014D5B82F36}\Microsoft\Outlook Express\Boîte de réception.dbx/[From "Herve.lebon" ][Date Tue, 01 Nov 2005 23:21:52 +0100]/UNNAMED Infecté : Email-Worm.Win32.Bagle.eg ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Identities\{881046FC-194D-468E-9C79-8014D5B82F36}\Microsoft\Outlook Express\Boîte de réception.dbx Mail MS Outlook 5: infecté - 6 ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\hervé\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\hervé\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\hervé\Local Settings\Historique\History.IE5\MSHist012006090220060903\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\hervé\Local Settings\Temp\32exmodul32s.3.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\37ex2.modul32s.exe Infecté : Trojan-Proxy.Win32.Horst.ev ignoré C:\Documents and Settings\hervé\Local Settings\Temp\38ex2.modul32s.exe Infecté : Trojan-Proxy.Win32.Horst.ev ignoré C:\Documents and Settings\hervé\Local Settings\Temp\45ex2.modul32s.exe Infecté : Trojan-Proxy.Win32.Horst.ev ignoré C:\Documents and Settings\hervé\Local Settings\Temp\48exmodul32s.3.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\59exssd32.2.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\67exmodul32s.3.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\73ex2.modul32s.exe Infecté : Trojan-Proxy.Win32.Horst.ev ignoré C:\Documents and Settings\hervé\Local Settings\Temp\76exmodul32s.3.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\82ex2.modul32s.exe Infecté : Trojan-Proxy.Win32.Horst.ev ignoré C:\Documents and Settings\hervé\Local Settings\Temp\88exmodul32s.3.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\93ex2.modul32s.exe Infecté : Trojan-Proxy.Win32.Horst.ev ignoré C:\Documents and Settings\hervé\Local Settings\Temp\93exmodul32s.3.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\99ex2.modul32s.exe Infecté : Trojan-Proxy.Win32.Horst.ev ignoré C:\Documents and Settings\hervé\Local Settings\Temp\netf.dll Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temp\setup.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\Documents and Settings\hervé\Local Settings\Temp\tmp1.tmp Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\Documents and Settings\hervé\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\hervé\Mes documents\WinZip 9.0 Crack and Serial.zip/WinZip 9.0 Crack and Serial.exe Infecté : Trojan-Downloader.Win32.Small.dme ignoré C:\Documents and Settings\hervé\Mes documents\WinZip 9.0 Crack and Serial.zip ZIP: infecté - 1 ignoré C:\Documents and Settings\hervé\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\hervé\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-09-02.07-59-50.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\eMule\Incoming\Passwork Winzip.exe Infecté : Trojan-Downloader.Win32.Small.dme ignoré C:\Program Files\eMule\Incoming\WinZip 9.0 Crack and Serial.exe Infecté : Trojan-Downloader.Win32.Small.dme ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP657\A0091965.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP658\A0092007.dll Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP658\A0092008.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP658\A0092028.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP659\A0092039.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP661\A0092083.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP662\A0092103.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP663\A0092127.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP664\A0092133.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP666\A0092262.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP667\A0093197.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP668\A0093223.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP668\A0093259.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP668\A0094247.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP669\A0094257.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP670\A0095247.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP671\A0095261.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP671\A0095276.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP672\A0095289.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP672\A0095316.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP673\A0095324.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP673\A0095326.exe Infecté : Trojan-Downloader.Win32.Small.dme ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP673\A0095387.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP674\A0095397.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP674\A0095490.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP674\A0095510.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP675\A0095548.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP677\A0095792.dll Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP677\A0095793.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP677\A0095796.exe Infecté : Trojan-Proxy.Win32.Horst.av ignoré C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP678\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edbtmp.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd1645.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\spool\drivers\setup.exe Infecté : Trojan-Proxy.Win32.Horst.hl ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_13c.dat L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. -------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 00:08:26 02/09/2006 + Scan result: C:\Documents and Settings\hervé\Local Settings\Temp\24ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\37ex5.mhdd.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\51exssd32.1.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\57ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\58ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\66exssd32.1.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\67ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\68exhdd.2.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\76ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\82ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\85exhdd.1.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\86ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\89ex3.modul32s.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\94exhdd.1.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\96exhdd.1.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\98exssd32.1.exe -> Downloader.Horst.a : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\36exmodul32s.5.exe -> Downloader.Zlob.ahf : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\38exmodul32s.5.exe -> Downloader.Zlob.ahf : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\60exmodul32s.5.exe -> Downloader.Zlob.ahf : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\78exmodul32s.5.exe -> Downloader.Zlob.ahf : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\83exmodul32s.5.exe -> Downloader.Zlob.ahf : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\1exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\24exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\26exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\27exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\28exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\29exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\30exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\30exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\30exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\31exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\31exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\32exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\33exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\33exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\34exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\36exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\37exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\38exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\38exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\40exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\42exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\43exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\45exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\46exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\46exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\47exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\47exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\48exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\48exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\51exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\51exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\52exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\55exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\56exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\56exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\57exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\58exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\5exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\61exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\62exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\62exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\63exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\64exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\65exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\67exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\68exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\68exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\69exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\69exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\70exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\73exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\73exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\74exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\74exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\76exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\77exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\78exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\81exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\82exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\82exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\83exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\83exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\83exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\84exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\84exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\88exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\88exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\8exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\92exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\93exmodul32s.4.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\93exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\95exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\96exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\97exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\99exhdd.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\99exssd32.3.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4B575F19-7A73-4B3B-9D5E-C13BD8537621}\RP667\A0092271.exe -> Proxy.Horst.av : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\91exmodul32s.1.exe -> Proxy.Horst.ep : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\95exmodul32s.1.exe -> Proxy.Horst.ep : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\25ex4.mhdd.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\36ex4.mhdd.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\37ex4.mhdd.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\49exssd32g.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\50exssd32g.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\67exssd32g.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\71exssd32g.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\76ex4.mhdd.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\83ex4.mhdd.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Local Settings\Temp\87ex4.mhdd.exe -> Proxy.Horst.ev : Cleaned with backup (quarantined). C:\Documents and Settings\hervé\Cookies\hervé@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\hervé\Cookies\hervé@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\hervé\Cookies\hervé@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\hervé\Cookies\hervé@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\hervé\Cookies\hervé@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\hervé\Cookies\hervé@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\hervé\Cookies\hervé@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\hervé\Cookies\hervé@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\hervé\Local Settings\Temp\Cookies\hervé@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. ::Report end Script clean par Malekal_morte - http://www.malekal.com Microsoft Windows XP [version 5.1.2600] Script execute en mode sans echec *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ C:\WINDOWS\IsUninst.exe FOUND C:\WINDOWS\unvise32qt.exe FOUND *** Suppression des fichiers dans C:\WINDOWS\system32 C:\WINDOWS\system32\netf.dll FOUND C:\WINDOWS\system32\nvsvcd.exe FOUND C:\WINDOWS\system32\TFTP* FOUND C:\WINDOWS\system\smss.exe FOUND *** Suppression des clefs du registre effectuee. Logfile of HijackThis v1.99.1 Scan saved at 10:36:27, on 02/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Documents and Settings\hervé\Mes documents\clone dvd + any\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\Apps\ActivBoard\nhksrv.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\hervé\Local Settings\Temp\wzd8b5\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [AnyDVD] C:\Documents and Settings\hervé\Mes documents\clone dvd + any\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Divisi voila j'espere que cela pourras t'aider (enfin j'en suis sur)

bonjour j'ai des gros probleme a cause de trojan ; j'ai deja recu 2 mails de orange.fr et des menaces de suspension de ma ligne adsl. j'ai avast comme antivirus (il me detecte les trojan que je mets en quarantaine) et le pare feu windows j'ai analysé mon pc avec un antivirus en ligne il ma trouvé 27 fichiers infectés sur 61052. j'ai eliminé ces fichiers manuellement en mode sans echec. mais le probleme est qu'avast a chaque connection me trouve toujours des trojans. voici le log hijacthis :Logfile of HijackThis v1.99.1 Scan saved at 18:30:59, on 01/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Documents and Settings\hervé\Mes documents\clone dvd + any\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\hervé\Local Settings\Temp\wz7f9c\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [AnyDVD] C:\Documents and Settings\hervé\Mes documents\clone dvd + any\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/ O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/S [...] vSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe en esperant que cela pourras aidé

non ca va merci de votre aide pour le reste c'est windows qui fait des siennes ..... et tres certainement une de mes barettes memoires

voici un nouveau rapport: Logfile of HijackThis v1.99.1 Scan saved at 18:05:59, on 22/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\hiajckthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/ O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFE8366-DF15-4D52-8220-6A33BA45A8DA}: NameServer = 80.10.246.1 80.10.246.132 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

merci je l'ai deja fait avec regcleaner pour ameliorer mon pc je suis d'accord a+

voila c'est fait voici le log : Logfile of HijackThis v1.99.1 Scan saved at 07:08:51, on 22/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\hiajckthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/ O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe il y a quelque chose a remettre en l'etat apres cette manip ????

voici le log hijackthis apres la procedu Logfile of HijackThis v1.99.1 Scan saved at 10:09:21, on 21/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\hiajckthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/ O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFE8366-DF15-4D52-8220-6A33BA45A8DA}: NameServer = 80.10.246.130 80.10.246.3 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

up

j'avais commencé le process de pre-nettoyage , mais je voudrais savoir combien de temps mets antivir pour tout scanné car au bout de 20 minutes il n'avais fait que 9,8% du dd ??? merci

oui je suis deja allé faire un tour sur des probleme avec horst-c , j'ai vu qu'il faut virer manuellement certain fichier mais je ne sais pas lesquels ???

merci mais deja essayer avec un antivirus en ligne !!! impossible d'enfaire un ??? il doit y avoir de grosse merde sur mon pc !!!