lyvanis

donc donc, voici les résultats! Logfile of HijackThis v1.99.1 Scan saved at 19:16:10, on 27/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\java environement\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\acrobat reederv7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\java environement\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\java environement\bin\jusched.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\java environement\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\java environement\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab alors? c bon ou pas?

ok , je m'y met tout de suite!

ok je reste connecté en attendant merci pour l'aide

donc voici le rapport de panda il semblerait que je soit bouré de spyware !!!!! je ne comprend pas je lance réguliérement adaware et spybot ne me trouve rine de particulier si tu as la réponsse ça m'interresse. Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.xiti.com/] Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Smartadserver No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.smartadserver.com/] Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.errorsafe.com/] Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.errorsafe.com/] Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.weborama.fr/] Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[www.errorsafe.com/] Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.2o7.net/] Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.com.com/] Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.advertising.com/] Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.valueclick.com/] Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[fl01.ct2.comclick.com/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.zedo.com/] Spyware:Cookie/Hitslink No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.adtech.de/] Spyware:Cookie/DomainSponsor No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[landing.domainsponsor.com/] Spyware:Cookie/SpyLog No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.spylog.com/] Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.yadro.ru/] Spyware:Cookie/HotLog No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.ehg-ati.hitbox.com/] Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ruvyulns.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Sandboxer No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@307[2].txt Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Administrateur\Cookies\[email protected][1].txt Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\Administrateur\Cookies\[email protected][2].txt Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@adultfriendfinder[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@zedo[2].txt Adware:Adware/WinTools No Désinfecté C:\WINDOWS\system32\grwinsthlp.exe que dois je faire maintenant? Mr charles ingals

Une petite question en attendant que le scan se termine : a quoi correspondent toute les lignes iddentifiées : O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll et pourquoi y en a t'il autant?

ok je fait ça tout de suite et je te tiens au courrant, merci!

bonjour, bonjour, je vous contacte car j'ai eu ce matin la mauvaise surprise de découvrir un message de : error safe. sucpicieux j'ai recherché de la documentation sur le net et j'ai vite compris que j'était infecté par un truc pas catholique (j'ai rien contre eux , je précise ). je tombe sur votre page décrivant une procédure que je suis à la lettre. je lance la detection antivirus qui me donne ceci : AntiVir PersonalEdition Classic Report file date: samedi 27 mai 2006 11:36 Jobname: 'Manual Selection' Scanning for 393341 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Administrateur Computer name: CHEZMOI Version informations: AVSCAN.EXE : 7.0.0.35 540712 21/04/2006 12:47:04 AVSCAN.DLL : 7.0.0.34 41000 05/04/2006 11:03:57 LUKE.DLL : 7.0.0.34 114728 05/04/2006 11:03:58 LUKERES.DLL : 7.0.0.34 25640 05/04/2006 11:03:58 ANTIVIR0.VDF : 6.32.0.60 4323840 02/05/2006 08:29:08 ANTIVIR1.VDF : 6.34.1.87 2215424 27/05/2006 09:15:18 ANTIVIR2.VDF : 6.34.1.148 146432 27/05/2006 09:15:18 ANTIVIR3.VDF : 6.34.1.151 7680 27/05/2006 09:15:18 AVEWIN32.DLL : 7.0.0.11 1229312 27/05/2006 09:15:19 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:00 AVREP.DLL : 6.34.1.130 622632 27/05/2006 09:15:19 AVPACK32.DLL : 7.0.0.4 335912 29/03/2006 09:44:25 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:49 Start of the scan: samedi 27 mai 2006 11:36 Start scanning boot sectors: Boot sector 'A:' [NOTE] In the drive 'A:' no data medium is inserted! Boot sector 'C:' [NOTE] No virus was found! Boot sector 'D:' [NOTE] No virus was found! Boot sector 'F:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 36 files ). Starting the file scan: The path A:\ could not be found! Le périphérique n'est pas prêt. C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur.SYLVAIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [WARNING] An exception has been catched! [WARNING] In the module 'AVEWIN32.DLL' an exception occured. Calling the function AVEPROC_TestFile in file: C:\Documents and Settings\Administrateur.SYLVAIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Error description:ACCESS_VIOLATION EAX = 00360008 EBX = 00E40000 ECX = 00000020 EDX = 6CE60002 ESI = 00360031 EDI = 00360029 EIP = 7C9206C3 EBP = 027EE4D0 ESP = 027EE2B0 Flg = 00010202 CS = 00000023 SS = 0000001B C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! D:\Program Files\edwatch\zipfix.exe [DETECTION] Contains suspicious code HEURISTIC/Crypted [iNFO] The file was moved to '44e822d1.qua'! The path E:\ could not be found! Le périphérique n'est pas prêt. The path G:\ could not be found! Le périphérique n'est pas prêt. End of the scan: samedi 27 mai 2006 12:11 Used time: 35:08 min The scan has been done completely. 5965 Scanning directories 306834 Files were scanned 1 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 4938 Archives were scanned 21 Warnings 0 Notes En regardant moi même je comprend que le virus detecté et lié au programme edwathch je décude de le désinstaller par la procédure ajout/supression de programme. Rescan antivirus qui cette fois me donne ceci : AntiVir PersonalEdition Classic Report file date: samedi 27 mai 2006 12:22 Jobname: 'Manual Selection' Scanning for 393341 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Administrateur Computer name: CHEZMOI Version informations: AVSCAN.EXE : 7.0.0.35 540712 21/04/2006 12:47:04 AVSCAN.DLL : 7.0.0.34 41000 05/04/2006 11:03:57 LUKE.DLL : 7.0.0.34 114728 05/04/2006 11:03:58 LUKERES.DLL : 7.0.0.34 25640 05/04/2006 11:03:58 ANTIVIR0.VDF : 6.32.0.60 4323840 02/05/2006 08:29:08 ANTIVIR1.VDF : 6.34.1.87 2215424 27/05/2006 09:15:18 ANTIVIR2.VDF : 6.34.1.148 146432 27/05/2006 09:15:18 ANTIVIR3.VDF : 6.34.1.151 7680 27/05/2006 09:15:18 AVEWIN32.DLL : 7.0.0.11 1229312 27/05/2006 09:15:19 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:00 AVREP.DLL : 6.34.1.130 622632 27/05/2006 09:15:19 AVPACK32.DLL : 7.0.0.4 335912 29/03/2006 09:44:25 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:49 Start of the scan: samedi 27 mai 2006 12:22 Start scanning boot sectors: Boot sector 'A:' [NOTE] In the drive 'A:' no data medium is inserted! Boot sector 'C:' [NOTE] No virus was found! Boot sector 'D:' [NOTE] No virus was found! Boot sector 'F:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 36 files ). Starting the file scan: The path A:\ could not be found! Le périphérique n'est pas prêt. C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! The path E:\ could not be found! Le périphérique n'est pas prêt. The path G:\ could not be found! Le périphérique n'est pas prêt. End of the scan: samedi 27 mai 2006 12:56 Used time: 33:34 min The scan has been done completely. 5903 Scanning directories 299919 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 4826 Archives were scanned 19 Warnings 0 Notes redémarage en mode normal et lancement de hijackthis qui me donne : Logfile of HijackThis v1.99.1 Scan saved at 13:37:40, on 27/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe D:\Program Files\java environement\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\acrobat reederv7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\java environement\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\java environement\bin\jusched.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\java environement\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\java environement\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O14 - IERESET.INF: START_PAGE_URL=about:blank O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130592167614 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe reste t'il, d'après vous, quelque chose de malveillant sur mon pc? merci par avance de votre réponse