dombilepetitlutin

Salut, j'ai lancé Counter Spy, il a trouvé le trojan bankerSpy je crois bien, mais il se bloque au moment de scanner le registre donc il m'est impossible de terminer le scan. Pour le scan avec eScan je ne l'ai pas encore lancé mais je le ferais demain (faut il le faire en mode sans échec ?).

Voila, désolé pour le retard : C:\Documents and Settings\Alain\Bureau\Panneau de configuration.lnk : KAVICHS (36 bytes) C:\Documents and Settings\Alain\Favoris\Desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Alain\Menu Démarrer\Programmes\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_4a687e04-99a6-4912-a5f5-3eee34b23f8d : KAVICHS (36 bytes) C:\Documents and Settings\All Users\Menu Démarrer\Catalogue Windows.lnk : KAVICHS (36 bytes) C:\Documents and Settings\All Users\Menu Démarrer\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\All Users\Menu Démarrer\Programmes\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Benjamin\Application Data\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Benjamin\Application Data\Microsoft\Protect\S-1-5-21-842925246-1343024091-725345543-1007\Preferred : KAVICHS (36 bytes) C:\Documents and Settings\Benjamin\Favoris\Desktop.ini : KAVICHS (68 bytes) C:\Documents and Settings\Benjamin\Menu Démarrer\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\desktop.ini : KAVICHS (68 bytes) C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Démarrage\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Benjamin\SendTo\desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Reno\Mes documents\Ma musique\Desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Reno\Mes documents\Ma musique\desktop_34150350.ico : KAVICHS (36 bytes) C:\Documents and Settings\Reno\Mes documents\Mes images\Desktop.ini : KAVICHS (36 bytes) C:\Documents and Settings\Reno\Recent\desktop_44876494.ico : KAVICHS (36 bytes) C:\Program Files\Microsoft IntelliPoint\point32.exe : KAVICHS (68 bytes) C:\Program Files\Microsoft IntelliType Pro\Type32.50 : KAVICHS (36 bytes) C:\Program Files\Microsoft IntelliType Pro\type32.exe : KAVICHS (68 bytes) C:\Program Files\Trend Micro\Internet Security 12\Log\pcc.log : KAVICHS (36 bytes) C:\Program Files\Trend Micro\Internet Security 12\Log\TmPfw.log : KAVICHS (36 bytes) C:\Program Files\Windows Media Player\wmplayer.exe : KAVICHS (36 bytes) C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll : KAVICHS (36 bytes) C:\WINDOWS\$NtUninstallKB828741$\ole32.dll : KAVICHS (36 bytes) C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll : KAVICHS (36 bytes) C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll : KAVICHS (36 bytes) C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\urlmon.dll : KAVICHS (36 bytes) C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll : KAVICHS (68 bytes) C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll : KAVICHS (68 bytes) C:\WINDOWS\$NtUninstallQ815021$\ntdll.dll : KAVICHS (68 bytes) C:\WINDOWS\AppPatch\sysmain.sdb : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\Longhorn Inspirat\PackFiles\Ux_uxtheme.dll : KAVICHS (68 bytes) C:\WINDOWS\BricoPacks\SysFiles\10_explorer.exe : KAVICHS (100 bytes) C:\WINDOWS\BricoPacks\SysFiles\25_mydocs.dll : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\36_printui.dll : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\39_shell32.dll : KAVICHS (68 bytes) C:\WINDOWS\BricoPacks\SysFiles\44_stobject.dll : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\48_taskmgr.exe : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\54_webcheck.dll : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\58_winsrv.dll : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\64_wmplayer.exe : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\6_cmd.exe : KAVICHS (36 bytes) C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll : KAVICHS (68 bytes) C:\WINDOWS\Icons\XP iCandy\XP iCandy - 84.ico : KAVICHS (36 bytes) C:\WINDOWS\Media\Windows XP Arrêt critique.wav : KAVICHS (36 bytes) C:\WINDOWS\Media\Windows XP Ding.wav : KAVICHS (36 bytes) C:\WINDOWS\Media\Windows XP Exclamation.wav : KAVICHS (36 bytes) C:\WINDOWS\Media\Windows XP Infobulle.wav : KAVICHS (36 bytes) C:\WINDOWS\Registration\R00000000000d.clb : KAVICHS (36 bytes) C:\WINDOWS\Resources\Themes\StrangeWorld\Icons\My Computer.ico : KAVICHS (36 bytes) C:\WINDOWS\Resources\Themes\StrangeWorld\Icons\My Documents.ico : KAVICHS (36 bytes) C:\WINDOWS\system.ini : KAVICHS (36 bytes) C:\WINDOWS\system32\advapi32.dll : KAVICHS (100 bytes) C:\WINDOWS\system32\alg.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\avicap32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\basesrv.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\browselc.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\cfgmgr32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\comres.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\csrsrv.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\csrss.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\ctype.nls : KAVICHS (36 bytes) C:\WINDOWS\system32\dllcache\uxtheme.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\drivers\acpi.sys : KAVICHS (36 bytes) C:\WINDOWS\system32\drivers\ipnat.sys : KAVICHS (36 bytes) C:\WINDOWS\system32\drivers\kmixer.sys : KAVICHS (36 bytes) C:\WINDOWS\system32\drivers\modem.sys : KAVICHS (36 bytes) C:\WINDOWS\system32\drivers\processr.sys : KAVICHS (36 bytes) C:\WINDOWS\system32\HPZipm12.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\kerberos.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\kernel32.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\loadperf.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\locale.nls : KAVICHS (36 bytes) C:\WINDOWS\system32\lsass.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred : KAVICHS (36 bytes) C:\WINDOWS\system32\midimap.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\mmc.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\msacm32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\msacm32.drv : KAVICHS (36 bytes) C:\WINDOWS\system32\mshta.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\msv1_0.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\msvcrt.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\msvfw32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\MSWINSCK.OCX : KAVICHS (36 bytes) C:\WINDOWS\system32\msxml3.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\msxml3r.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\netman.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\oleaut32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\oledlg.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\olepro32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\reg.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\rundll32.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\sc.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\secur32.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\sens.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\services.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\serwvdrv.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\smss.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\sortkey.nls : KAVICHS (36 bytes) C:\WINDOWS\system32\spoolsv.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\stdole2.tlb : KAVICHS (36 bytes) C:\WINDOWS\system32\sxs.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\unicode.nls : KAVICHS (36 bytes) C:\WINDOWS\system32\user32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\userenv.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\uxtheme.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR : KAVICHS (36 bytes) C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA : KAVICHS (36 bytes) C:\WINDOWS\system32\wbem\wmiapsrv.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\wdfmgr.exe : KAVICHS (36 bytes) C:\WINDOWS\system32\wdmaud(2).drv : KAVICHS (36 bytes) C:\WINDOWS\system32\wdmaud.drv : KAVICHS (36 bytes) C:\WINDOWS\system32\winlogon.exe : KAVICHS (68 bytes) C:\WINDOWS\system32\winmm.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\winspool.drv : KAVICHS (36 bytes) C:\WINDOWS\system32\winsta.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\wldap32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\ws2_32.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\wshtcpip.dll : KAVICHS (36 bytes) C:\WINDOWS\system32\wsock32.dll : KAVICHS (68 bytes) C:\WINDOWS\system32\wtsapi32.dll : KAVICHS (36 bytes) C:\WINDOWS\win.ini : KAVICHS (36 bytes) C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest : KAVICHS (68 bytes)

Non je n'ais pas lancé Limewire depuis 1 semaine au moins.

Voila : FPort v2.0 - TCP/IP Process to Port Mapper Copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 1884 Opera -> 1692 TCP C:\Program Files\Opera\Opera.exe 1884 Opera -> 1700 TCP C:\Program Files\Opera\Opera.exe 0 System -> 10080 TCP 4 System -> 1031 TCP 4 System -> 139 TCP 0 System -> 1672 TCP 0 System -> 1673 TCP 0 System -> 1674 TCP 0 System -> 1675 TCP 4 System -> 445 TCP 832 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe 1152 svchost -> 5000 TCP C:\WINDOWS\System32\svchost.exe 3540 vsserv -> 10025 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 3540 vsserv -> 10080 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 3540 vsserv -> 10110 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 3540 vsserv -> 1693 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 3540 vsserv -> 1701 TCP C:\Program Files\Softwin\BitDefender10\vsserv.exe 1884 Opera -> 1043 UDP C:\Program Files\Opera\Opera.exe 1884 Opera -> 1055 UDP C:\Program Files\Opera\Opera.exe 1884 Opera -> 1900 UDP C:\Program Files\Opera\Opera.exe 4 System -> 1042 UDP 0 System -> 137 UDP 0 System -> 138 UDP 4 System -> 500 UDP 1152 svchost -> 1900 UDP C:\WINDOWS\System32\svchost.exe 832 svchost -> 445 UDP C:\WINDOWS\system32\svchost.exe 3540 vsserv -> 1030 UDP C:\Program Files\Softwin\BitDefender10\vsserv.exe 3540 vsserv -> 1046 UDP C:\Program Files\Softwin\BitDefender10\vsserv.exe PsList 1.26 - Process Information Lister Copyright © 1999-2004 Mark Russinovich Sysinternals - www.sysinternals.com Process information for MAISON-0A1EWVF6: Name Pid Pri Thd Hnd VM WS Priv Idle 0 0 1 0 0 20 0 System 4 8 63 245 844 36 0 smss 500 11 3 24 3788 48 180 csrss 556 13 12 463 26304 2128 1752 winlogon 584 13 20 449 68456 1600 10344 services 632 9 16 323 22824 1828 1732 ati2evxx 796 8 4 65 20448 176 812 svchost 832 8 9 267 52980 1792 4608 ALERTM~1 992 8 4 118 56232 1576 3680 WinStylerThemeSvc 844 8 4 53 50892 128 4052 svchost 1124 8 6 98 50512 1164 4256 svchost 1152 8 15 189 54112 1852 4728 spoolsv 1260 8 12 165 60784 1180 6236 HPZipm12 1416 8 2 51 16476 176 784 svchost 1452 8 6 114 18636 1840 1108 wdfmgr 1468 8 4 64 15692 88 748 SpySweeper 1544 8 22 395 102516 1940 10456 xcommsvr 1784 8 2 135 17072 240 652 svchost 1996 8 49 992 114688 8796 10132 livesrv 3124 8 3 152 27300 656 1716 bdss 3244 8 6 174 61820 11056 27016 vsserv 3540 8 18 349 99352 3700 20868 lsass 644 9 19 314 59628 1120 6400 ati2evxx 704 8 4 71 21928 808 936 TaskBarIcon 452 8 1 37 53384 640 4556 explorer 932 8 12 432 123096 28076 28396 bdagent 332 8 2 151 52856 236 3664 type32 1304 8 3 47 53800 948 3980 bdmcon 1528 8 12 293 101352 2484 14712 ObjectDock 1620 8 3 78 77960 13144 22256 Opera 1884 8 6 101 78796 4020 22464 point32 1976 8 4 70 57448 832 3828 cmd 2796 8 1 35 16888 2336 1772 pslist 3960 13 2 90 20736 2472 1048 GestionnaireInternet 1052 8 4 225 68360 8464 7536 PollingModule 1044 8 5 169 64452 4764 4780 ComComp 1532 8 10 225 71584 4524 6336 Watch 2204 8 1 27 17860 324 728 Toaster 1648 8 2 181 59264 2812 4632 Inactivity 1964 8 4 187 56928 1728 3712 ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 932 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0x200000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE 0x77f40000 0xad000 5.01.2600.0114 C:\WINDOWS\System32\ntdll.dll 0x77e40000 0xf5000 5.01.2600.0000 C:\WINDOWS\system32\kernel32.dll 0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll 0x77da0000 0x9c000 5.01.2600.0000 C:\WINDOWS\system32\ADVAPI32.dll 0x78000000 0x6f000 5.01.2600.0135 C:\WINDOWS\system32\RPCRT4.dll 0x77c40000 0x3e000 5.01.2600.0132 C:\WINDOWS\system32\GDI32.dll 0x77d10000 0x8d000 5.01.2600.0000 C:\WINDOWS\system32\USER32.dll 0x77290000 0x85000 6.00.2750.0167 C:\WINDOWS\system32\SHLWAPI.dll 0x01200000 0x1b2a000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll 0x77170000 0x113000 5.01.2600.0136 C:\WINDOWS\system32\ole32.dll 0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll 0x71500000 0xfb000 6.00.2737.1600 C:\WINDOWS\System32\BROWSEUI.dll 0x71700000 0x36a000 6.00.2750.0167 C:\WINDOWS\System32\SHDOCVW.dll 0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll 0x10000000 0x36000 C:\WINDOWS\System32\sockspy.dll 0x007f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 0x00900000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll 0x59800000 0x17000 C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll 0x75ed0000 0x1d000 5.01.2600.0000 C:\WINDOWS\system32\appHelp.dll 0x7c620000 0x81000 2001.12.4414.0053 C:\WINDOWS\System32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll 0x77bd0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\VERSION.dll 0x765b0000 0x51000 5.01.2600.0000 C:\WINDOWS\System32\cscui.dll 0x76590000 0x1b000 5.01.2600.0000 C:\WINDOWS\System32\CSCDLL.dll 0x5b950000 0x93000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll 0x76f40000 0x10000 5.01.2600.0000 C:\WINDOWS\System32\Secur32.dll 0x76310000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\MSIMG32.dll 0x75a00000 0xa5000 5.01.2600.0000 C:\WINDOWS\system32\USERENV.dll 0x074a0000 0x13000 10.00.0000.3646 C:\PROGRA~1\WINDOW~3\wmpband.dll 0x03010000 0x11000 5.01.2600.0000 C:\WINDOWS\system32\MPR.dll 0x03030000 0x1c000 6.00.0005.0020 C:\Program Files\iTunes\iTunesMiniPlayer.dll 0x03050000 0xe000 6.00.0005.0017 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll 0x03060000 0x23000 6.00.0005.0020 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll 0x76920000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\LINKINFO.dll 0x76930000 0x6a000 5.01.2600.0000 C:\WINDOWS\System32\ntshrui.dll 0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL 0x71b80000 0x4d000 5.01.2600.0122 C:\WINDOWS\System32\NETAPI32.dll 0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll 0x76610000 0xe9000 5.01.2600.0000 C:\WINDOWS\System32\SETUPAPI.dll 0x03670000 0x333000 5.01.2600.0000 C:\WINDOWS\system32\NETSHELL.dll 0x76bb0000 0x52000 5.01.2600.0000 C:\WINDOWS\system32\credui.dll 0x039b0000 0x15000 5.01.2600.0000 C:\WINDOWS\system32\WS2_32.dll 0x039d0000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\WS2HELP.dll 0x76d10000 0x15000 5.01.2600.0002 C:\WINDOWS\system32\iphlpapi.dll 0x76d90000 0x26000 5.01.2600.0000 C:\WINDOWS\system32\netman.dll 0x76cf0000 0x16000 5.01.2600.0000 C:\WINDOWS\system32\MPRAPI.dll 0x76df0000 0x2f000 5.01.2600.0000 C:\WINDOWS\system32\ACTIVEDS.dll 0x76dc0000 0x24000 5.01.2600.0000 C:\WINDOWS\system32\adsldpc.dll 0x76f10000 0x2d000 5.01.2600.0000 C:\WINDOWS\system32\WLDAP32.dll 0x76e30000 0xd000 5.01.2600.0000 C:\WINDOWS\system32\rtutils.dll 0x71b50000 0x11000 5.01.2600.0000 C:\WINDOWS\system32\SAMLIB.dll 0x76e90000 0x37000 5.01.2600.0000 C:\WINDOWS\system32\RASAPI32.dll 0x76e40000 0x11000 5.01.2600.0000 C:\WINDOWS\system32\rasman.dll 0x76e60000 0x2a000 5.01.2600.0000 C:\WINDOWS\system32\TAPI32.dll 0x76ae0000 0x2e000 5.01.2600.0000 C:\WINDOWS\system32\WINMM.dll 0x76d50000 0x30000 5.01.2600.0000 C:\WINDOWS\system32\WZCSvc.DLL 0x76ce0000 0x4000 5.01.2600.0000 C:\WINDOWS\system32\WMI.dll 0x76d30000 0x1a000 5.01.2600.0000 C:\WINDOWS\system32\DHCPCSVC.DLL 0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\system32\DNSAPI.dll 0x76250000 0x8a000 5.131.2600.1123 C:\WINDOWS\system32\CRYPT32.dll 0x76230000 0x10000 5.01.2600.0137 C:\WINDOWS\system32\MSASN1.dll 0x76f00000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\WTSAPI32.dll 0x762f0000 0xf000 5.01.2600.0000 C:\WINDOWS\system32\WINSTA.dll 0x74aa0000 0xdf000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll 0x03c60000 0xa7000 5.01.2600.0000 C:\WINDOWS\System32\stobject.dll 0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll 0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll 0x034e0000 0x21000 10.00.0000.0000 C:\Program Files\Softwin\BitDefender10\bdoe.dll 0x03b10000 0x15000 1.08.0011.0000 C:\WINDOWS\System32\XCOMM.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\System32\MSVCR71.dll 0x03be0000 0x5000 C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\DockShellHook.dll 0x00d60000 0xf7000 5.01.2600.0000 C:\WINDOWS\System32\printui.dll 0x72f50000 0x23000 5.01.2600.0000 C:\WINDOWS\System32\WINSPOOL.DRV 0x74a50000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\CFGMGR32.dll 0x00b90000 0x7000 1.00.0000.0001 C:\PROGRA~1\Wanadoo\Inactivity.dll 0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll 0x63000000 0xba000 6.00.2737.0800 C:\WINDOWS\system32\WININET.dll 0x1a400000 0xde000 6.00.2745.2300 C:\WINDOWS\system32\urlmon.dll 0x75ef0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\drprov.dll 0x71b70000 0xd000 5.01.2600.0000 C:\WINDOWS\System32\ntlanman.dll 0x71c30000 0x16000 5.01.2600.0000 C:\WINDOWS\System32\NETUI0.dll 0x71bf0000 0x3c000 5.01.2600.0000 C:\WINDOWS\System32\NETUI1.dll 0x71be0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\NETRAP.dll 0x75f00000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\davclnt.dll 0x6c650000 0x43000 5.01.2600.0000 C:\WINDOWS\System32\DUSER.dll 0x04880000 0x142000 5.01.2600.0128 C:\WINDOWS\System32\MSGINA.dll 0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll 0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll 0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll 0x73af0000 0x13000 5.01.2600.0000 C:\WINDOWS\System32\sti.dll 0x76c90000 0x1f000 5.01.2600.0000 C:\WINDOWS\System32\NTMARTA.DLL 0x75e20000 0xa2000 5.01.2600.0000 C:\WINDOWS\System32\SXS.DLL 0x00e60000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x00c20000 0x11000 1.00.0000.0257 C:\Program Files\TuneUp Utilities 2006\sdshelex.dll 0x40000000 0xaa000 6.00.0006.0241 C:\Program Files\TuneUp Utilities 2006\rtl60.bpl 0x00c00000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\wsock32.dll 0x400b0000 0x149000 6.00.0006.0240 C:\Program Files\TuneUp Utilities 2006\vcl60.bpl 0x74ca0000 0x20000 5.01.2600.0000 C:\WINDOWS\System32\oledlg.dll 0x5f140000 0x1a000 5.00.5014.0000 C:\WINDOWS\System32\olepro32.dll 0x00ef0000 0x14000 2.00.0006.0001 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll 0x04090000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\System32\MFC71FRA.DLL 0x00f10000 0x12000 1.00.0000.0002 C:\Program Files\Softwin\BitDefender10\bdshelxt.dll 0x00f30000 0x6000 C:\Program Files\Unlocker\UnlockerCOM.dll 0x00fb0000 0x3f000 5.00.0005.1286 C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll 0x03d10000 0x84000 2.00.0000.0048 C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL 0x04510000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x05e00000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x5c2e0000 0x51000 8.00.0000.9026 C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll 0x60b30000 0x18000 8.00.0000.9025 C:\Program Files\OpenOffice.org 2.0\program\uwinapi.dll 0x70d00000 0x1a0000 5.01.3097.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll 0x62410000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.0\program\stlport_vc7145.dll 0x03630000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll 0x76c40000 0x22000 5.01.2600.0000 C:\WINDOWS\system32\IMAGEHLP.dll 0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll 0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll 0x60990000 0xd000 2.00.2600.0000 C:\WINDOWS\System32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com No matching processes were found. ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 584 Command line: winlogon.exe Base Size Version Path 0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe 0x77f40000 0xad000 5.01.2600.0114 C:\WINDOWS\System32\ntdll.dll 0x77e40000 0xf5000 5.01.2600.0000 C:\WINDOWS\system32\kernel32.dll 0x77da0000 0x9c000 5.01.2600.0000 C:\WINDOWS\system32\ADVAPI32.dll 0x78000000 0x6f000 5.01.2600.0135 C:\WINDOWS\system32\RPCRT4.dll 0x76c70000 0x10000 5.01.2600.0000 C:\WINDOWS\system32\AUTHZ.dll 0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll 0x76250000 0x8a000 5.131.2600.1123 C:\WINDOWS\system32\CRYPT32.dll 0x77d10000 0x8d000 5.01.2600.0000 C:\WINDOWS\system32\USER32.dll 0x77c40000 0x3e000 5.01.2600.0132 C:\WINDOWS\system32\GDI32.dll 0x76230000 0x10000 5.01.2600.0137 C:\WINDOWS\system32\MSASN1.dll 0x758d0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\NDdeApi.dll 0x758c0000 0xa000 5.01.2600.0000 C:\WINDOWS\system32\PROFMAP.dll 0x71b80000 0x4d000 5.01.2600.0122 C:\WINDOWS\system32\NETAPI32.dll 0x75a00000 0xa5000 5.01.2600.0000 C:\WINDOWS\system32\USERENV.dll 0x76ba0000 0xb000 5.01.2600.0000 C:\WINDOWS\system32\PSAPI.DLL 0x76b60000 0xe000 5.01.2600.0000 C:\WINDOWS\system32\REGAPI.dll 0x76f40000 0x10000 5.01.2600.0000 C:\WINDOWS\system32\Secur32.dll 0x76610000 0xe9000 5.01.2600.0000 C:\WINDOWS\system32\SETUPAPI.dll 0x76c10000 0x29000 5.01.2600.0000 C:\WINDOWS\system32\sfc_os.dll 0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll 0x77170000 0x113000 5.01.2600.0136 C:\WINDOWS\system32\ole32.dll 0x76c40000 0x22000 5.01.2600.0000 C:\WINDOWS\system32\IMAGEHLP.dll 0x77bd0000 0x7000 5.01.2600.0000 C:\WINDOWS\system32\VERSION.dll 0x762f0000 0xf000 5.01.2600.0000 C:\WINDOWS\system32\WINSTA.dll 0x719f0000 0x15000 5.01.2600.0000 C:\WINDOWS\system32\WS2_32.dll 0x719e0000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\WS2HELP.dll 0x10000000 0x36000 C:\WINDOWS\system32\sockspy.dll 0x00990000 0x142000 5.01.2600.0128 C:\WINDOWS\system32\MSGINA.dll 0x01070000 0x1b2a000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll 0x77290000 0x85000 6.00.2750.0167 C:\WINDOWS\system32\SHLWAPI.dll 0x00ae0000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll 0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll 0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll 0x00b80000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll 0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll 0x76b50000 0x4000 5.01.2600.0000 C:\WINDOWS\system32\sfc.dll 0x72340000 0x1a000 5.01.2600.0000 C:\WINDOWS\system32\WINSCARD.DLL 0x76f00000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\WTSAPI32.dll 0x59800000 0x17000 C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll 0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\oleaut32.dll 0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll 0x76ae0000 0x2e000 5.01.2600.0000 C:\WINDOWS\system32\WINMM.dll 0x02f50000 0x11000 6.14.0010.4132 C:\WINDOWS\system32\Ati2evxx.dll 0x76590000 0x1b000 5.01.2600.0000 C:\WINDOWS\system32\cscdll.dll 0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll 0x758e0000 0x1a000 5.01.2600.0000 C:\WINDOWS\system32\WlNotify.dll 0x72f50000 0x23000 5.01.2600.0000 C:\WINDOWS\system32\WINSPOOL.DRV 0x71a60000 0x11000 5.01.2600.0000 C:\WINDOWS\system32\MPR.dll 0x03120000 0x3b000 3.00.0005.1286 C:\WINDOWS\system32\WRLogonNTF.dll 0x71b50000 0x11000 5.01.2600.0000 C:\WINDOWS\system32\SAMLIB.dll 0x75e20000 0xa2000 5.01.2600.0000 C:\WINDOWS\system32\sxs.dll 0x76cc0000 0x1d000 5.01.2600.0000 C:\WINDOWS\system32\msv1_0.dll 0x76f10000 0x2d000 5.01.2600.0000 C:\WINDOWS\system32\wldap32.dll 0x76310000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\MSIMG32.dll 0x765b0000 0x51000 5.01.2600.0000 C:\WINDOWS\system32\cscui.dll 0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll 0x7c620000 0x81000 2001.12.4414.0053 C:\WINDOWS\system32\CLBCATQ.DLL 0x76c90000 0x1f000 5.01.2600.0000 C:\WINDOWS\system32\NTMARTA.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ services.exe pid: 632 Command line: C:\WINDOWS\system32\services.exe Base Size Version Path 0x01000000 0x1b000 5.01.2600.0000 C:\WINDOWS\system32\services.exe 0x77f40000 0xad000 5.01.2600.0114 C:\WINDOWS\System32\ntdll.dll 0x77e40000 0xf5000 5.01.2600.0000 C:\WINDOWS\system32\kernel32.dll 0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll 0x77da0000 0x9c000 5.01.2600.0000 C:\WINDOWS\system32\ADVAPI32.dll 0x78000000 0x6f000 5.01.2600.0135 C:\WINDOWS\system32\RPCRT4.dll 0x77d10000 0x8d000 5.01.2600.0000 C:\WINDOWS\system32\USER32.dll 0x77c40000 0x3e000 5.01.2600.0132 C:\WINDOWS\system32\GDI32.dll 0x75a00000 0xa5000 5.01.2600.0000 C:\WINDOWS\system32\USERENV.dll 0x75860000 0x50000 5.01.2600.0000 C:\WINDOWS\system32\SCESRV.dll 0x76c70000 0x10000 5.01.2600.0000 C:\WINDOWS\system32\AUTHZ.dll 0x75840000 0x1c000 5.01.2600.0000 C:\WINDOWS\system32\umpnpmgr.dll 0x762f0000 0xf000 5.01.2600.0000 C:\WINDOWS\system32\WINSTA.dll 0x5fb00000 0xe000 5.01.2600.0000 C:\WINDOWS\system32\NCObjAPI.DLL 0x10000000 0x36000 C:\WINDOWS\system32\sockspy.dll 0x76f40000 0x10000 5.01.2600.0000 C:\WINDOWS\system32\secur32.dll 0x75820000 0xf000 5.01.2600.0000 C:\WINDOWS\system32\eventlog.dll 0x719f0000 0x15000 5.01.2600.0000 C:\WINDOWS\system32\WS2_32.dll 0x719e0000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\WS2HELP.dll 0x76ba0000 0xb000 5.01.2600.0000 C:\WINDOWS\system32\PSAPI.DLL 0x59800000 0x17000 C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll 0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\oleaut32.dll 0x77170000 0x113000 5.01.2600.0136 C:\WINDOWS\system32\OLE32.DLL 0x76f00000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\wtsapi32.dll 0x71b80000 0x4d000 5.01.2600.0122 C:\WINDOWS\system32\netapi32.dll Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 30EF-A7EC R‚pertoire de C:\Program Files 03/09/2006 18:32 <REP> . 03/09/2006 18:32 <REP> .. 27/08/2006 20:01 <REP> a-squared Free 25/01/2006 11:34 <REP> Activision 16/10/2005 20:26 <REP> Adobe 25/06/2006 21:56 <REP> ATI Technologies 06/07/2006 18:24 <REP> CCleaner 01/09/2006 17:30 <REP> Common Files 29/12/2005 13:09 <REP> CyberLink 25/06/2006 21:09 <REP> Driver Cleaner Pro 23/06/2006 14:17 <REP> EA GAMES 03/09/2006 18:36 <REP> ewido anti-spyware 4.0 01/09/2006 17:30 <REP> Fichiers communs 08/01/2006 15:04 <REP> FinePixViewer 02/05/2006 20:01 <REP> FireTune 28/08/2006 18:06 <REP> Google 19/07/2006 21:44 <REP> Hercules 15/01/2006 19:15 <REP> Hewlett-Packard 15/01/2006 19:21 <REP> HP 03/08/2006 15:52 461 INSTALL.LOG 01/09/2006 17:30 <REP> Internet Explorer 23/04/2006 18:22 <REP> iPod 28/08/2006 18:06 <REP> iTunes 19/03/2006 00:10 <REP> Java 02/07/2006 20:50 <REP> Lavalys 19/04/2006 17:48 <REP> Lavasoft 09/08/2006 10:12 <REP> LimeWire 28/08/2006 23:05 <REP> Media Player Classic 24/07/2005 17:18 <REP> Messenger 24/07/2005 12:05 <REP> microsoft frontpage 28/08/2006 18:06 <REP> Microsoft IntelliPoint 28/08/2006 18:06 <REP> Microsoft IntelliType Pro 29/05/2006 17:12 <REP> Microsoft Office 03/08/2005 17:29 <REP> MoodLogic 24/07/2005 12:03 <REP> Movie Maker 04/09/2006 21:49 <REP> Mozilla Firefox 24/07/2005 12:02 <REP> MSN 24/07/2005 12:01 <REP> MSN Gaming Zone 20/06/2006 12:17 <REP> MSN Messenger 27/05/2006 19:40 <REP> MSXML 4.0 20/04/2006 22:14 <REP> Nero 27/05/2006 19:55 <REP> NetMeeting 26/07/2005 01:25 <REP> Nikon 04/07/2006 15:00 <REP> OpenOffice.org 2.0 03/09/2006 19:00 <REP> Opera 01/09/2006 17:30 <REP> Outlook Express 19/12/2005 21:25 <REP> PIXELA 30/06/2006 20:51 <REP> QuickTime 26/04/2006 19:51 <REP> Rainbow Technologies 24/06/2006 12:28 <REP> SAGEM 21/06/2006 23:42 <REP> Securitoo 24/07/2005 12:03 <REP> Services en ligne 28/06/2006 15:06 <REP> Shareaza 28/08/2006 23:05 <REP> SLD Codec Pack 28/08/2006 23:11 <REP> Softwin 28/08/2006 18:06 <REP> Spybot - Search & Destroy 03/08/2005 17:31 <REP> Thomson 30/06/2006 17:56 <REP> THQ 24/07/2005 14:56 <REP> Trend Micro 28/08/2006 18:07 <REP> TuneUp Utilities 2006 10/08/2006 13:05 <REP> Ubisoft 02/09/2006 13:42 <REP> Unlocker 12/08/2006 20:01 <REP> uTorrent 01/02/2006 22:55 <REP> Valve 13/07/2006 22:47 <REP> VideoLAN 04/09/2006 21:50 <REP> Wanadoo 24/07/2005 15:08 <REP> Wanadoo Messager 03/09/2006 18:32 <REP> Webroot 28/08/2006 18:06 <REP> Windows Media Player 29/05/2006 17:12 <REP> Windows Messaging 24/07/2005 12:01 <REP> Windows NT 03/09/2006 18:57 <REP> WinRAR 24/07/2005 12:05 <REP> xerox 1 fichier(s) 461 octets 72 R‚p(s) 17ÿ380ÿ696ÿ064 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 30EF-A7EC R‚pertoire de C:\ 24/05/2001 13:59 162ÿ304 UNWISE.EXE R‚pertoire de C:\ 24/05/2001 13:59 162ÿ304 UNWISE.EXE 2 fichier(s) 324ÿ608 octets 0 R‚p(s) 17ÿ380ÿ696ÿ064 octets libres C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\77.30_winxp_international.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\77.72_win2kxp_international.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\AdAware_6_Standard_Plus_Pro_FR.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\dsltest.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\everestultimate250.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\gestionnaire_internetlb.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\googleearthwin.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\maxblast4.exe C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\PKUNZIP.EXE C:\Documents and Settings\Alain\Mes documents\alain.cheyrou\spybotsd14.exe C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe C:\Documents and Settings\Benjamin\.limewire\.NetworkShare\LimeWireWin4.12.6-fixed.exe C:\Documents and Settings\Benjamin\.limewire\.NetworkShare\Incomplete\T-4379440-LimeWireWin4.12.6-nopack.exe C:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{0049F6AE-4FE2-4C43-A039-60FCE98A1986}\ARPPRODUCTICON.exe C:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe C:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe C:\Documents and Settings\Benjamin\Bureau\bitdefender_avplus_v10.exe C:\Documents and Settings\Benjamin\Bureau\diaghelp\FilesInfoCmd.exe C:\Documents and Settings\Benjamin\Bureau\diaghelp\Fport.exe C:\Documents and Settings\Benjamin\Bureau\diaghelp\grep.exe C:\Documents and Settings\Benjamin\Bureau\diaghelp\LFiles.exe C:\Documents and Settings\Benjamin\Bureau\diaghelp\LISTDLLS.exe C:\Documents and Settings\Benjamin\Bureau\diaghelp\pslist.exe C:\Documents and Settings\Benjamin\Bureau\diaghelp\streams.exe C:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\a2FreeSetup.exe C:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\setup.exe C:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\Hercules downloads\cscv609.exe C:\Documents and Settings\Benjamin\Mes documents\Downloads\Shareaza_2.2.1.0.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\media-player-classic_media_player_classic_6.4.9.0b_xp_.exe_francais_11019.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\sld.codec.pack.2.2.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\half life 2\mod\c14_chap1_setup.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\half life 2\mod\GmodPlus15.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Gestionnaire_internetLB.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\iPodSetup.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\itunes_itunes_6.0.5_francais_11140.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\DC3Setup_33\setup.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ad-aware-se-personal_ad-aware_se_personal_1.6_anglais_12797.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ATF-Cleaner.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ccleaner-crap-cleaner_ccleaner_crap_cleaner_1.31.325_francais_14492.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ccsetup129.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\daemon403-x86.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\everest_everest_2.20_francais_12281.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ewido-setup.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\klmcodec145.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\LimeWireWin.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\OOo_2.0.3_Win32Intel_install_fr.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\Shareaza_2.2.1.0.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\sld.codec.pack.2.2.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\uTorrent-1.6-install.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\windows-live-messenger_windows_live_messenger_8.0.0787.00_francais_19367.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\wrar350fr.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Drivers carte graphique\6-5_xp-2k_dd_ccc_wdm_enu_32464.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\BF2_Incremental_122_13.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\bf2_patch_1.21.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\bf2incrementalpatch1.21-1.22.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Firefox Setup 1.5.0.1.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\firetune_firetune_1.1.1_francais_14750.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.3_francais_11003.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.4_francais_11003.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.5_francais_11003.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Opera 9 International Setup.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Opera_9.01_International_Setup.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\ow32frfr853.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\ow32frfr854.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Nero\Nero-7.0.8.2_fra_no_yt.exe C:\Documents and Settings\Benjamin\Mes documents\My Games\Titan Quest\TitanQuest1_08.exe C:\Documents and Settings\Benjamin\Mes documents\My Games\Titan Quest\TitanQuest1_11.exe

Bon et bien mauvaise nouvelle, le fichier est revenu Si tu as d'autres solutions, je suis preneur.

Alors voila, j'ai fait ce que tu m'a dit de faire, et le virus ne semble, pour l'instant, ne pas revenir. Un grand merci à toi et d'avoir eu la patience de m'aider. Je te redirais si jamais le virus reviendrait.

Oui il vient juste de revenir.

19:58: Removal process completed. Elapsed time 00:00:17 19:58: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTFB.tmp". Reason: Le fichier spécifié est introuvable 19:58: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 19:58: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTFC.tmp". Reason: Le fichier spécifié est introuvable 19:58: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 19:58: Quarantining All Traces: weborama cookie 19:58: Quarantining All Traces: tripod cookie 19:58: Quarantining All Traces: servlet cookie 19:58: Quarantining All Traces: realmedia cookie 19:58: Quarantining All Traces: offeroptimizer cookie 19:58: Quarantining All Traces: fortunecity cookie 19:58: Quarantining All Traces: touchclarity cookie 19:58: Quarantining All Traces: fe.lea.lycos.com cookie 19:58: Quarantining All Traces: directtrack cookie 19:58: Quarantining All Traces: bizrate cookie 19:58: Quarantining All Traces: belnk cookie 19:58: Quarantining All Traces: hbmediapro cookie 19:58: Quarantining All Traces: 66.220.17 cookie 19:58: Quarantining All Traces: xiti cookie 19:58: Quarantining All Traces: bluestreak cookie 19:58: Quarantining All Traces: adtech cookie 19:58: Quarantining All Traces: mediapipe 19:58: Quarantining All Traces: apropos 19:58: Quarantining All Traces: trojan agent winlogonhook 19:58: Removal process initiated 19:47: Traces Found: 28 19:47: Full Sweep has completed. Elapsed time 00:28:37 19:47: File Sweep Complete, Elapsed Time: 00:26:54 19:47: Warning: Failed to access drive E: 19:47: Warning: Failed to access drive D: 19:20: Starting File Sweep 19:20: Warning: Failed to access drive A: 19:20: Cookie Sweep Complete, Elapsed Time: 00:00:00 19:20: c:\documents and settings\alain\cookies\alain@xiti[2].txt (ID = 3717) 19:20: c:\documents and settings\alain\cookies\alain@weborama[1].txt (ID = 3658) 19:20: Found Spy Cookie: weborama cookie 19:20: c:\documents and settings\alain\cookies\alain@tripod[1].txt (ID = 3591) 19:20: Found Spy Cookie: tripod cookie 19:20: c:\documents and settings\alain\cookies\alain@servlet[1].txt (ID = 3345) 19:20: Found Spy Cookie: servlet cookie 19:20: c:\documents and settings\alain\cookies\alain@renault.touchclarity[1].txt (ID = 3566) 19:20: c:\documents and settings\alain\cookies\alain@realmedia[2].txt (ID = 3235) 19:20: Found Spy Cookie: realmedia cookie 19:20: c:\documents and settings\alain\cookies\alain@offeroptimizer[1].txt (ID = 3087) 19:20: Found Spy Cookie: offeroptimizer cookie 19:20: c:\documents and settings\alain\cookies\alain@mediastay.directtrack[2].txt (ID = 2528) 19:20: c:\documents and settings\alain\cookies\alain@fortunecity[1].txt (ID = 2686) 19:20: Found Spy Cookie: fortunecity cookie 19:20: c:\documents and settings\alain\cookies\alain@ford.touchclarity[1].txt (ID = 3566) 19:20: Found Spy Cookie: touchclarity cookie 19:20: c:\documents and settings\alain\cookies\alain@fe.lea.lycos[2].txt (ID = 2660) 19:20: c:\documents and settings\alain\cookies\alain@fe.lea.lycos[1].txt (ID = 2660) 19:20: Found Spy Cookie: fe.lea.lycos.com cookie 19:20: c:\documents and settings\alain\cookies\alain@dist.belnk[2].txt (ID = 2293) 19:20: c:\documents and settings\alain\cookies\alain@directtrack[1].txt (ID = 2527) 19:20: Found Spy Cookie: directtrack cookie 19:20: c:\documents and settings\alain\cookies\alain@bluestreak[1].txt (ID = 2314) 19:20: c:\documents and settings\alain\cookies\alain@bizrate[1].txt (ID = 2308) 19:20: Found Spy Cookie: bizrate cookie 19:20: c:\documents and settings\alain\cookies\alain@belnk[1].txt (ID = 2292) 19:20: Found Spy Cookie: belnk cookie 19:20: c:\documents and settings\alain\cookies\alain@adtech[2].txt (ID = 2155) 19:20: c:\documents and settings\alain\cookies\alain@adopt.hbmediapro[2].txt (ID = 2768) 19:20: Found Spy Cookie: hbmediapro cookie 19:20: c:\documents and settings\alain\cookies\alain@66.220.17[1].txt (ID = 1991) 19:20: Found Spy Cookie: 66.220.17 cookie 19:20: c:\documents and settings\benjamin\cookies\benjamin@xiti[1].txt (ID = 3717) 19:20: Found Spy Cookie: xiti cookie 19:20: c:\documents and settings\benjamin\cookies\benjamin@bluestreak[1].txt (ID = 2314) 19:20: Found Spy Cookie: bluestreak cookie 19:20: c:\documents and settings\benjamin\cookies\benjamin@adtech[2].txt (ID = 2155) 19:20: Found Spy Cookie: adtech cookie 19:20: Starting Cookie Sweep 19:20: Registry Sweep Complete, Elapsed Time:00:00:19 19:20: HKU\WRSS_Profile_S-1-5-21-842925246-1343024091-725345543-1003\software\aprps\ (ID = 103740) 19:20: HKU\WRSS_Profile_S-1-5-21-842925246-1343024091-725345543-1006\software\aprps\ (ID = 103740) 19:20: Found Adware: apropos 19:20: HKLM\software\microsoft\mssmgr\ (ID = 937101) 19:20: Found Trojan Horse: trojan agent winlogonhook 19:20: HKLM\software\classes\appid\downloadmanager.exe\ (ID = 866963) 19:20: HKCR\appid\downloadmanager.exe\ (ID = 866684) 19:20: Found Adware: mediapipe 19:20: Starting Registry Sweep 19:20: Memory Sweep Complete, Elapsed Time: 00:01:00 19:19: Starting Memory Sweep 19:19: Sweep initiated using definitions version 753 19:19: Spy Sweeper 5.0.5.1286 started 19:19: | Start of Session, dimanche 3 septembre 2006 | ******** 19:19: | End of Session, dimanche 3 septembre 2006 | Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 19:18: Shield States 19:18: Spyware Definitions: 753 19:17: Spy Sweeper 5.0.5.1286 started 19:17: Program Version 5.0.5.1286 Using Spyware Definitions 753 18:40: Your spyware definitions have been updated. Operation: File Access Target: Source: C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE 18:40: Tamper Detection Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On 18:37: Messenger service has been disabled. ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 18:37: Shield States 18:37: Spyware Definitions: 691 18:37: Spy Sweeper 5.0.5.1286 started 18:37: Spy Sweeper 5.0.5.1286 started 18:37: | Start of Session, dimanche 3 septembre 2006 | ******** Logfile of HijackThis v1.99.1 Scan saved at 20:07:04, on 03/09/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148737195947 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

19:58: Removal process completed. Elapsed time 00:00:17 19:58: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTFB.tmp". Reason: Le fichier spécifié est introuvable 19:58: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 19:58: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SSTFC.tmp". Reason: Le fichier spécifié est introuvable 19:58: Warning: Failed to delete profile shadow file ".log". Reason: Le fichier spécifié est introuvable 19:58: Quarantining All Traces: weborama cookie 19:58: Quarantining All Traces: tripod cookie 19:58: Quarantining All Traces: servlet cookie 19:58: Quarantining All Traces: realmedia cookie 19:58: Quarantining All Traces: offeroptimizer cookie 19:58: Quarantining All Traces: fortunecity cookie 19:58: Quarantining All Traces: touchclarity cookie 19:58: Quarantining All Traces: fe.lea.lycos.com cookie 19:58: Quarantining All Traces: directtrack cookie 19:58: Quarantining All Traces: bizrate cookie 19:58: Quarantining All Traces: belnk cookie 19:58: Quarantining All Traces: hbmediapro cookie 19:58: Quarantining All Traces: 66.220.17 cookie 19:58: Quarantining All Traces: xiti cookie 19:58: Quarantining All Traces: bluestreak cookie 19:58: Quarantining All Traces: adtech cookie 19:58: Quarantining All Traces: mediapipe 19:58: Quarantining All Traces: apropos 19:58: Quarantining All Traces: trojan agent winlogonhook 19:58: Removal process initiated 19:47: Traces Found: 28 19:47: Full Sweep has completed. Elapsed time 00:28:37 19:47: File Sweep Complete, Elapsed Time: 00:26:54 19:47: Warning: Failed to access drive E: 19:47: Warning: Failed to access drive D: 19:20: Starting File Sweep 19:20: Warning: Failed to access drive A: 19:20: Cookie Sweep Complete, Elapsed Time: 00:00:00 19:20: c:\documents and settings\alain\cookies\alain@xiti[2].txt (ID = 3717) 19:20: c:\documents and settings\alain\cookies\alain@weborama[1].txt (ID = 3658) 19:20: Found Spy Cookie: weborama cookie 19:20: c:\documents and settings\alain\cookies\alain@tripod[1].txt (ID = 3591) 19:20: Found Spy Cookie: tripod cookie 19:20: c:\documents and settings\alain\cookies\alain@servlet[1].txt (ID = 3345) 19:20: Found Spy Cookie: servlet cookie 19:20: c:\documents and settings\alain\cookies\alain@renault.touchclarity[1].txt (ID = 3566) 19:20: c:\documents and settings\alain\cookies\alain@realmedia[2].txt (ID = 3235) 19:20: Found Spy Cookie: realmedia cookie 19:20: c:\documents and settings\alain\cookies\alain@offeroptimizer[1].txt (ID = 3087) 19:20: Found Spy Cookie: offeroptimizer cookie 19:20: c:\documents and settings\alain\cookies\alain@mediastay.directtrack[2].txt (ID = 2528) 19:20: c:\documents and settings\alain\cookies\alain@fortunecity[1].txt (ID = 2686) 19:20: Found Spy Cookie: fortunecity cookie 19:20: c:\documents and settings\alain\cookies\alain@ford.touchclarity[1].txt (ID = 3566) 19:20: Found Spy Cookie: touchclarity cookie 19:20: c:\documents and settings\alain\cookies\alain@fe.lea.lycos[2].txt (ID = 2660) 19:20: c:\documents and settings\alain\cookies\alain@fe.lea.lycos[1].txt (ID = 2660) 19:20: Found Spy Cookie: fe.lea.lycos.com cookie 19:20: c:\documents and settings\alain\cookies\alain@dist.belnk[2].txt (ID = 2293) 19:20: c:\documents and settings\alain\cookies\alain@directtrack[1].txt (ID = 2527) 19:20: Found Spy Cookie: directtrack cookie 19:20: c:\documents and settings\alain\cookies\alain@bluestreak[1].txt (ID = 2314) 19:20: c:\documents and settings\alain\cookies\alain@bizrate[1].txt (ID = 2308) 19:20: Found Spy Cookie: bizrate cookie 19:20: c:\documents and settings\alain\cookies\alain@belnk[1].txt (ID = 2292) 19:20: Found Spy Cookie: belnk cookie 19:20: c:\documents and settings\alain\cookies\alain@adtech[2].txt (ID = 2155) 19:20: c:\documents and settings\alain\cookies\alain@adopt.hbmediapro[2].txt (ID = 2768) 19:20: Found Spy Cookie: hbmediapro cookie 19:20: c:\documents and settings\alain\cookies\alain@66.220.17[1].txt (ID = 1991) 19:20: Found Spy Cookie: 66.220.17 cookie 19:20: c:\documents and settings\benjamin\cookies\benjamin@xiti[1].txt (ID = 3717) 19:20: Found Spy Cookie: xiti cookie 19:20: c:\documents and settings\benjamin\cookies\benjamin@bluestreak[1].txt (ID = 2314) 19:20: Found Spy Cookie: bluestreak cookie 19:20: c:\documents and settings\benjamin\cookies\benjamin@adtech[2].txt (ID = 2155) 19:20: Found Spy Cookie: adtech cookie 19:20: Starting Cookie Sweep 19:20: Registry Sweep Complete, Elapsed Time:00:00:19 19:20: HKU\WRSS_Profile_S-1-5-21-842925246-1343024091-725345543-1003\software\aprps\ (ID = 103740) 19:20: HKU\WRSS_Profile_S-1-5-21-842925246-1343024091-725345543-1006\software\aprps\ (ID = 103740) 19:20: Found Adware: apropos 19:20: HKLM\software\microsoft\mssmgr\ (ID = 937101) 19:20: Found Trojan Horse: trojan agent winlogonhook 19:20: HKLM\software\classes\appid\downloadmanager.exe\ (ID = 866963) 19:20: HKCR\appid\downloadmanager.exe\ (ID = 866684) 19:20: Found Adware: mediapipe 19:20: Starting Registry Sweep 19:20: Memory Sweep Complete, Elapsed Time: 00:01:00 19:19: Starting Memory Sweep 19:19: Sweep initiated using definitions version 753 19:19: Spy Sweeper 5.0.5.1286 started 19:19: | Start of Session, dimanche 3 septembre 2006 | ******** 19:19: | End of Session, dimanche 3 septembre 2006 | Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 19:18: Shield States 19:18: Spyware Definitions: 753 19:17: Spy Sweeper 5.0.5.1286 started 19:17: Program Version 5.0.5.1286 Using Spyware Definitions 753 18:40: Your spyware definitions have been updated. Operation: File Access Target: Source: C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE 18:40: Tamper Detection Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On 18:37: Messenger service has been disabled. ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 18:37: Shield States 18:37: Spyware Definitions: 691 18:37: Spy Sweeper 5.0.5.1286 started 18:37: Spy Sweeper 5.0.5.1286 started 18:37: | Start of Session, dimanche 3 septembre 2006 | ******** Logfile of HijackThis v1.99.1 Scan saved at 20:07:04, on 03/09/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148737195947 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

J'ai un probleme. Impossible de télécharger Killbox sa me dit que l'archive est de format inconnue ou endommagé alors que je l'ouvre avec WinRAR. EDIT : Non c'est bon j'ai réussi a le trouver sans qu'il soit dans une archive .zip.

Voila, vois-tu ou est/sont le(s) problème(s) ?

Voila : c:\1.vbs c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\8260WR61\eliotManager[1].vbs c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\DJ3X7DJ4\FlashPlayerDetect[2].vbs c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\counter-strike source\cstrike\detail.vbsp c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\day of defeat source\dod\detail.vbsp c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\half-life 2\hl2\detail.vbsp c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\half-life 2 deathmatch\hl2mp\detail.vbsp c:\Program Files\Valve\Steam\SteamApps\SourceMods\Hypnose\detail.vbsp c:\Program Files\Valve\Steam\SteamApps\SourceMods\Source Racer\detail.vbsp c:\WINDOWS\system32\eventquery.vbs c:\WINDOWS\system32\pagefileconfig.vbs c:\WINDOWS\system32\prncnfg.vbs c:\WINDOWS\system32\prndrvr.vbs c:\WINDOWS\system32\prnjobs.vbs c:\WINDOWS\system32\prnmngr.vbs c:\WINDOWS\system32\prnport.vbs c:\WINDOWS\system32\prnqctl.vbs c:\WINDOWS\system32\pubprn.vbs c:\WINDOWS\system32\dllcache\evtquery.vbs c:\WINDOWS\system32\dllcache\pagefile.vbs c:\WINDOWS\system32\dllcache\prncnfg.vbs c:\WINDOWS\system32\dllcache\prndrvr.vbs c:\WINDOWS\system32\dllcache\prnjobs.vbs c:\WINDOWS\system32\dllcache\prnmngr.vbs c:\WINDOWS\system32\dllcache\prnport.vbs c:\WINDOWS\system32\dllcache\prnqctl.vbs c:\WINDOWS\system32\dllcache\pubprn.vbs "Silent Runners.vbs", revision 47, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WOOKIT" = "C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [empty string] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS] "IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS] "BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "HGTXPEI" = "C:\WINDOWS\System32\FirstReboot.exe" [null data] "SoundFusion" = "RunDll32 hercplgs.cpl,BootEntryPoint" [MS] "WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"] "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"] "BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS] "{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS] "{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS] "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page" -> {HKLM...CLSID} = "Page de propriétés sans fil" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS] "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés de la roulette" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS] "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés des activités" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS] "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page" -> {HKLM...CLSID} = "Page des propriétés des boutons" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS] "{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office" -> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS] "{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension" -> {HKLM...CLSID} = "NikonView Drop Extension" \InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0787.00.dll" [MS] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Benjamin" & "All Users" startup folders: ---------------------------------------------------------- C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Démarrage "Stardock ObjectDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe" ["Stardock"] Enabled Scheduled Tasks: ------------------------ "HPpromotions journeysoftware" -> launches: "C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"] "Maintenance en 1 clic" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] BitDefender Communicator, XCOMM, "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service" ["Softwin"] BitDefender Desktop Update Service, LIVESRV, "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe /service" ["SOFTWIN S.R.L."] BitDefender Scan Server, bdss, "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service" [null data] BitDefender Virus Shield, VSSERV, "C:\Program Files\Softwin\BitDefender10\vsserv.exe /service" ["SOFTWIN S.R.L."] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"] Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]} TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe" ["TuneUp Software GmbH"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt12\Driver = "hpzlnt12.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 669 seconds, including 4 seconds for message boxes)

Kaspersky n'a rien trouvé et voici le log d'hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 14:45:48, on 03/09/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\uTorrent\utorrent.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe c:\program files\softwin\bitdefender10\bdmcon.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148737195947 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe PS : Le fichier 1.vbs est revenu.

Salut, je met ici les rapports d'Ewido et de Clean, pour ce qui est de celui de Kaspersky je le posterai demain matin car la, je vais aller me coucher. Merci d'avance de ton aide. Pour ce qui est du blog, je n'en ai pas. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 23:53:27 02/09/2006 + Scan result: C:\Program Files\FinePixViewer\System\slideshow_setting.dll -> Adware.Dm : Cleaned with backup (quarantined). C:\Documents and Settings\Alain\Cookies\alain@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\Alain\Cookies\alain@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\Benjamin\Cookies\benjamin@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined). ::Report end Script clean par Malekal_morte - http://www.malekal.com Microsoft Windows XP [version 5.1.2600] Script execute en mode sans echec *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ C:\WINDOWS\IsUninst.exe FOUND *** Suppression des fichiers dans C:\WINDOWS\system32 C:\WINDOWS\system32\bdod.bin FOUND C:\WINDOWS\system32\TFTP* FOUND *** Suppression des clefs du registre effectuee..

Le virus se trouve juste dans C:\ et c'est un fichier, un script, il se nomme "1.vbs" C:\WINDOWS\System32\bdod.bin -->02/09/2006 20:54:29 C:\WINDOWS\System32\V -->02/09/2006 13:43:47 C:\WINDOWS\System32\wpa.dbl -->28/08/2006 22:59:18 C:\WINDOWS\System32\getfile.dat -->28/08/2006 22:03:30 C:\WINDOWS\System32\Uninstall.ico -->28/08/2006 18:02:14 C:\WINDOWS\System32\pavas.ico -->28/08/2006 18:02:14 C:\WINDOWS\System32\Help.ico -->28/08/2006 18:02:14 C:\WINDOWS\System32\cserv.dll -->26/08/2006 16:56:02 C:\WINDOWS\System32\SVKP.sys -->22/08/2006 09:27:22 C:\WINDOWS\System32\apache.dll -->21/07/2006 23:11:43 C:\WINDOWS\System32\FNTCACHE.DAT -->11/07/2006 21:58:55 C:\WINDOWS\System32\OODBS.lor -->11/07/2006 17:10:28 C:\WINDOWS\System32\uxtheme.dll -->09/07/2006 23:13:14 C:\WINDOWS\System32\sirenacm.dll -->06/06/2006 12:37:54 C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12 C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08 C:\WINDOWS\System32\MRT.exe -->03/05/2006 21:26:24 C:\WINDOWS\System32\atiiiexx.dll -->03/05/2006 18:54:10 C:\WINDOWS\System32\ati2dvag.dll -->03/05/2006 18:51:00 C:\WINDOWS\System32\atipdlxx.dll -->03/05/2006 18:45:35 C:\WINDOWS\System32\Oemdspif.dll -->03/05/2006 18:45:22 C:\WINDOWS\System32\Ati2mdxx.exe -->03/05/2006 18:45:14 C:\WINDOWS\System32\ati2edxx.dll -->03/05/2006 18:45:07 C:\WINDOWS\System32\ati2evxx.dll -->03/05/2006 18:44:55 C:\WINDOWS\System32\ati2evxx.exe -->03/05/2006 18:43:46 C:\WINDOWS\win.ini -->02/09/2006 21:54:28 C:\WINDOWS\QTFont.qfn -->02/09/2006 21:21:59 C:\WINDOWS\QTFont.for -->02/09/2006 21:21:59 C:\WINDOWS\NeroDigital.ini -->02/09/2006 20:51:16 C:\WINDOWS\0.log -->02/09/2006 20:25:55 C:\WINDOWS\wiaservc.log -->02/09/2006 20:25:39 C:\WINDOWS\wiadebug.log -->02/09/2006 20:25:39 C:\WINDOWS\bootstat.dat -->02/09/2006 20:25:23 C:\WINDOWS\ntbtlog.txt -->02/09/2006 20:24:19 C:\WINDOWS\SchedLgU.Txt -->02/09/2006 20:18:40 C:\WINDOWS\Sti_Trace.log -->02/09/2006 19:15:49 C:\WINDOWS\ModemLog_U.S. Robotics 56K Fax Host Int.txt -->30/08/2006 07:35:41 C:\WINDOWS\BlendSettings.ini -->15/08/2006 20:22:49 C:\WINDOWS\mozver.dat -->26/07/2006 19:58:53 C:\WINDOWS\Benjamin.pcb -->13/07/2006 20:12:24 C:\WINDOWS\ml-cleanup.exe |02/04/2002 17:08:34 C:\WINDOWS\ml-uninstall-v10.exe |02/04/2002 17:08:36 C:\WINDOWS\ml-winamp-shutdown.exe |02/04/2002 17:08:32 C:\WINDOWS\uneng.exe |29/07/2005 19:52:56 C:\WINDOWS\UninstallFirefox.exe |17/03/2006 22:58:29 C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20 C:\WINDOWS\hcextoutput.dll |28/04/2006 21:58:19 C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46 C:\WINDOWS\system32\append.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\ati2sgag.exe |25/06/2006 21:54:15 C:\WINDOWS\system32\debug.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\DeleteCPL.exe |26/07/2005 22:56:05 C:\WINDOWS\system32\dosx.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34 C:\WINDOWS\system32\edlin.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\EndInstall.exe |24/07/2005 15:01:36 C:\WINDOWS\system32\exe2bin.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\fastopen.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\FirstReboot.exe |22/07/2006 16:29:07 C:\WINDOWS\system32\mem.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\nw16.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\redir.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\setver.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\share.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\swreg.exe |22/05/2006 21:28:03 C:\WINDOWS\system32\swsc.exe |22/05/2006 21:28:03 C:\WINDOWS\system32\UninstallXP.exe |22/07/2006 16:29:07 C:\WINDOWS\system32\vwipxspx.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\WRKGADM.EXE |17/12/1996 00:00:00 C:\WINDOWS\system32\amstream.dll |22/01/2006 13:15:27 C:\WINDOWS\system32\apache.dll |21/07/2006 23:11:43 C:\WINDOWS\system32\compatUI.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\cpuinf32.dll |17/12/2005 15:20:17 C:\WINDOWS\system32\cserv.dll |27/08/2006 18:43:25 C:\WINDOWS\system32\DOCOBJ.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\HLINKPRX.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\Ir32_32.dll |07/11/1995 14:46:00 C:\WINDOWS\system32\Iyvu9_32.dll |17/12/2005 15:20:20 C:\WINDOWS\system32\mciqtz32.dll |22/01/2006 13:15:27 C:\WINDOWS\system32\MMSwitch.dll |15/11/2002 14:11:26 C:\WINDOWS\system32\msdmo(3).dll |24/07/2005 19:05:08 C:\WINDOWS\system32\msdmo.dll |22/01/2006 13:15:30 C:\WINDOWS\system32\msencode.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ODBCSTF.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\ogg.dll |14/12/2002 23:46:02 C:\WINDOWS\system32\oggDS.dll |14/12/2002 23:46:02 C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16 C:\WINDOWS\system32\psfind.dll |30/06/2006 18:00:38 C:\WINDOWS\system32\psisdecd.dll |22/01/2006 13:15:47 C:\WINDOWS\system32\qedwipes.dll |22/01/2006 13:15:31 C:\WINDOWS\system32\scriptpw.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\SIntf16.dll |25/09/2005 14:32:26 C:\WINDOWS\system32\SIntf32.dll |25/09/2005 14:32:27 C:\WINDOWS\system32\SIntfNT.dll |25/09/2005 14:32:27 C:\WINDOWS\system32\sockspy.dll |26/01/2006 20:19:52 C:\WINDOWS\system32\tsd32.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\unrar.dll |17/12/2005 15:20:22 C:\WINDOWS\system32\VAFR232.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\vidx16.dll |29/12/2005 13:09:57 C:\WINDOWS\system32\vorbis.dll |14/12/2002 23:46:02 C:\WINDOWS\system32\vorbisenc.dll |14/12/2002 22:46:04 C:\WINDOWS\system32\win87em.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\xmlparse.dll |26/10/2005 16:51:39 C:\WINDOWS\system32\xmltok.dll |26/10/2005 16:51:39 C:\WINDOWS\system32\xreglib.dll |06/12/2002 17:37:06 C:\WINDOWS\system32\xvidcore.dll |20/12/2004 12:03:26 C:\WINDOWS\system32\xvidvfw.dll |20/12/2004 12:08:28 C:\WINDOWS\system32\ZPORT4AS.dll |28/08/2006 18:03:10 C:\WINDOWS\ml-cleanup.exe |02/04/2002 17:08:34 C:\WINDOWS\ml-uninstall-v10.exe |02/04/2002 17:08:36 C:\WINDOWS\ml-winamp-shutdown.exe |02/04/2002 17:08:32 C:\WINDOWS\uneng.exe |29/07/2005 19:52:56 C:\WINDOWS\UninstallFirefox.exe |17/03/2006 22:58:29 C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20 C:\WINDOWS\hcextoutput.dll |28/04/2006 21:58:19 C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46 C:\WINDOWS\system32\append.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\debug.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\DeleteCPL.exe |26/07/2005 22:56:05 C:\WINDOWS\system32\dosx.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\edlin.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\EndInstall.exe |24/07/2005 15:01:36 C:\WINDOWS\system32\exe2bin.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\fastopen.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\FirstReboot.exe |22/07/2006 16:29:07 C:\WINDOWS\system32\mem.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\nw16.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\redir.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\setver.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\share.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\SrchSTS.exe |22/05/2006 21:28:03 C:\WINDOWS\system32\swreg.exe |22/05/2006 21:28:03 C:\WINDOWS\system32\swsc.exe |22/05/2006 21:28:03 C:\WINDOWS\system32\UninstallXP.exe |22/07/2006 16:29:07 C:\WINDOWS\system32\vwipxspx.exe |28/09/2001 14:00:00 C:\WINDOWS\system32\WRKGADM.EXE |17/12/1996 00:00:00 C:\WINDOWS\system32\amstream.dll |22/01/2006 13:15:27 C:\WINDOWS\system32\apache.dll |21/07/2006 23:11:43 C:\WINDOWS\system32\cpuinf32.dll |17/12/2005 15:20:17 C:\WINDOWS\system32\cserv.dll |27/08/2006 18:43:25 C:\WINDOWS\system32\DOCOBJ.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\HLINKPRX.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\Ir32_32.dll |07/11/1995 14:46:00 C:\WINDOWS\system32\Iyvu9_32.dll |17/12/2005 15:20:20 C:\WINDOWS\system32\mciqtz32.dll |22/01/2006 13:15:27 C:\WINDOWS\system32\MMSwitch.dll |15/11/2002 14:11:26 C:\WINDOWS\system32\msdmo(3).dll |24/07/2005 19:05:08 C:\WINDOWS\system32\msdmo.dll |22/01/2006 13:15:30 C:\WINDOWS\system32\msencode.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\ODBCSTF.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\ogg.dll |14/12/2002 23:46:02 C:\WINDOWS\system32\psfind.dll |30/06/2006 18:00:38 C:\WINDOWS\system32\psisdecd.dll |22/01/2006 13:15:47 C:\WINDOWS\system32\qedwipes.dll |22/01/2006 13:15:31 C:\WINDOWS\system32\SIntf16.dll |25/09/2005 14:32:26 C:\WINDOWS\system32\SIntf32.dll |25/09/2005 14:32:27 C:\WINDOWS\system32\SIntfNT.dll |25/09/2005 14:32:27 C:\WINDOWS\system32\sockspy.dll |26/01/2006 20:19:52 C:\WINDOWS\system32\tsd32.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\unrar.dll |17/12/2005 15:20:22 C:\WINDOWS\system32\VAFR232.DLL |17/12/1996 00:00:00 C:\WINDOWS\system32\vidx16.dll |29/12/2005 13:09:57 C:\WINDOWS\system32\vorbis.dll |14/12/2002 23:46:02 C:\WINDOWS\system32\vorbisenc.dll |14/12/2002 22:46:04 C:\WINDOWS\system32\win87em.dll |28/09/2001 14:00:00 C:\WINDOWS\system32\xmlparse.dll |26/10/2005 16:51:39 C:\WINDOWS\system32\xmltok.dll |26/10/2005 16:51:39 C:\WINDOWS\system32\xreglib.dll |06/12/2002 17:37:06 C:\WINDOWS\system32\xvidcore.dll |20/12/2004 12:03:26 C:\WINDOWS\system32\xvidvfw.dll |20/12/2004 12:08:28 C:\WINDOWS\system32\ZPORT4AS.dll |28/08/2006 18:03:10 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 30EF-A7EC Répertoire de C:\WINDOWS\system32 28/09/2001 14:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 17 116 581 888 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 30EF-A7EC Répertoire de C:\WINDOWS\Downloaded Program Files 28/08/2006 18:06 <REP> . 28/08/2006 18:06 <REP> .. 18/04/2006 16:04 273 728 AdVerifierADP.dll 11/04/2006 17:10 135 168 asinst.dll 03/04/2006 11:00 537 asinst.inf 24/07/2005 12:04 65 desktop.ini 09/02/2005 16:54 1 271 erma.inf 06/04/2006 16:40 621 hcImpl.inf 26/04/2006 17:51 359 936 Housecall_ActiveX.dll 29/05/2003 15:00 160 864 messengerstatsclient.dll 29/05/2003 15:00 84 064 minesweeper.dll 18/11/1999 14:48 995 mpeg4ax.inf 27/08/2005 14:30 5 065 swflash.inf 26/05/2005 04:19 291 wuweb.inf 20/08/2002 20:48 172 664 xenroll.dll 20/08/2002 20:52 289 xenroll.inf 02/11/2005 18:01 1 777 xscan.inf 02/11/2005 18:07 435 712 xscan53.ocx 16 fichier(s) 1 633 047 octets Total des fichiers listés : 16 fichier(s) 1 633 047 octets 2 Rép(s) 17 116 581 888 octets libres Liste des programmes installes 2350 2350_Help 2350Trb a-squared Free 2.0 Ad-Aware SE Personal Adobe Acrobat 4.0 Adobe Photoshop Elements AiO_Scan AiOSoftware Analyseur et SDK XML Microsoft Archiveur WinRAR ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver ATI HydraVision µTorrent Battlefield 2 BitDefender Antivirus Plus v10 BufferChm Call of Duty® 2 Call of Duty® 2 CCleaner (remove only) Copy Correctif Windows XP - Article Base de Connaissances 834707 Correctif Windows XP - KB823559 Correctif Windows XP - KB828741 Correctif Windows XP - KB835732 Correctif Windows XP - KB842773 CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour Destinations DH Driver Cleaner Professional Edition Director DocProc DocumentViewer EVEREST Home Edition v2.20 ewido anti-spyware 4.0 Far Cry Far Cry Far Cry (Patch 1.3) Far Cry (Patch 1.31) Far Cry (Patch 1.33) Fax FinePixViewer Resource FinePixViewer Ver.5.1 FireTune FUJIFILM USB Driver Gestionnaire Internet Google Earth Google Toolbar for Internet Explorer Half-Life® 2 Hercules Crystal Sound Cards HijackThis 1.99.1 HP Extended Capabilities 4.7 HP Image Zone 4.7 HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update HPSystemDiagnostics ImageMixer VCD2 LE for FinePix InstantShare iPod for Windows 2005-09-23 iPod for Windows 2005-09-23 iPod for Windows 2006-03-23 iPod for Windows 2006-03-23 iTunes iTunes J2SE Runtime Environment 5.0 Update 6 JourneySoftware JourneySoftwarePromo Language pack for Ad-Aware SE Lecteur Windows Media 10 LimeWire PRO 4.12.0 Livebox Lyra System File Update Utility Macromedia Flash Player 8 Macromedia Shockwave Player MarketResearch Medi@Show Media Player Classic fr Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft Data Access Components KB870669 Microsoft IntelliPoint 5.0 Microsoft IntelliType Pro 5.0 Microsoft Office 97 Professional MoodLogic MoodLogic DeviceLink Mozilla Firefox (1.5.0.6) Navigateur Orange Nero 7 Demo Nikon View 6 OpenOffice.org 2.0 Opera 9.01 Pack Longhorn Inspirat 1.0 Package du correctif Windows XP [voir Q329115 pour plus de détails] Panda ActiveScan PanoStandAlone PhotoGallery PowerDVD ProductContext QFolder QuickTime QuickTime RAW FILE CONVERTER LE Readme Scan ScannerCopy Sentinel System Driver 5.42.1 (32-bit) Shareaza version 2.2.1.0 SkinsHP1 SLD Codec Pack Spybot - Search & Destroy 1.4 Steam Steam Titan Quest TopSolid 2006 By Missler Software TopSolid/Finder 2006 by Missler Software TopSolid/Viewer 2006 by Missler Software TrayApp TuneUp Utilities 2006 Unload Unlocker 1.8.4 VideoLAN VLC media player 0.8.5 Wanadoo Messager WebFldrs XP WebReg Windows Live Messenger Windows Media Format Runtime Windows XP Hotfix - KB823980 Windows XP Hotfix (SP1) [see Q317181 for more information] Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q815021 Windows XP Hotfix (SP1) Q817606 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 30EF-A7EC Répertoire de C:\Program Files 01/09/2006 19:53 <REP> . 01/09/2006 19:53 <REP> .. 27/08/2006 20:01 <REP> a-squared Free 25/01/2006 11:34 <REP> Activision 16/10/2005 20:26 <REP> Adobe 25/06/2006 21:56 <REP> ATI Technologies 06/07/2006 18:24 <REP> CCleaner 01/09/2006 17:30 <REP> Common Files 29/12/2005 13:09 <REP> CyberLink 25/06/2006 21:09 <REP> Driver Cleaner Pro 23/06/2006 14:17 <REP> EA GAMES 28/08/2006 18:56 <REP> ewido anti-spyware 4.0 01/09/2006 17:30 <REP> Fichiers communs 08/01/2006 15:04 <REP> FinePixViewer 02/05/2006 20:01 <REP> FireTune 28/08/2006 18:06 <REP> Google 19/07/2006 21:44 <REP> Hercules 15/01/2006 19:15 <REP> Hewlett-Packard 15/01/2006 19:21 <REP> HP 03/08/2006 15:52 461 INSTALL.LOG 01/09/2006 17:30 <REP> Internet Explorer 23/04/2006 18:22 <REP> iPod 28/08/2006 18:06 <REP> iTunes 19/03/2006 00:10 <REP> Java 02/07/2006 20:50 <REP> Lavalys 19/04/2006 17:48 <REP> Lavasoft 09/08/2006 10:12 <REP> LimeWire 28/08/2006 23:05 <REP> Media Player Classic 24/07/2005 17:18 <REP> Messenger 24/07/2005 12:05 <REP> microsoft frontpage 28/08/2006 18:06 <REP> Microsoft IntelliPoint 28/08/2006 18:06 <REP> Microsoft IntelliType Pro 29/05/2006 17:12 <REP> Microsoft Office 03/08/2005 17:29 <REP> MoodLogic 24/07/2005 12:03 <REP> Movie Maker 02/09/2006 20:43 <REP> Mozilla Firefox 24/07/2005 12:02 <REP> MSN 24/07/2005 12:01 <REP> MSN Gaming Zone 20/06/2006 12:17 <REP> MSN Messenger 27/05/2006 19:40 <REP> MSXML 4.0 20/04/2006 22:14 <REP> Nero 27/05/2006 19:55 <REP> NetMeeting 26/07/2005 01:25 <REP> Nikon 04/07/2006 15:00 <REP> OpenOffice.org 2.0 28/08/2006 18:06 <REP> Opera 01/09/2006 17:30 <REP> Outlook Express 19/12/2005 21:25 <REP> PIXELA 30/06/2006 20:51 <REP> QuickTime 26/04/2006 19:51 <REP> Rainbow Technologies 24/06/2006 12:28 <REP> SAGEM 21/06/2006 23:42 <REP> Securitoo 24/07/2005 12:03 <REP> Services en ligne 28/06/2006 15:06 <REP> Shareaza 28/08/2006 23:05 <REP> SLD Codec Pack 28/08/2006 23:11 <REP> Softwin 28/08/2006 18:06 <REP> Spybot - Search & Destroy 03/08/2005 17:31 <REP> Thomson 30/06/2006 17:56 <REP> THQ 24/07/2005 14:56 <REP> Trend Micro 28/08/2006 18:07 <REP> TuneUp Utilities 2006 10/08/2006 13:05 <REP> Ubisoft 02/09/2006 13:42 <REP> Unlocker 12/08/2006 20:01 <REP> uTorrent 01/02/2006 22:55 <REP> Valve 13/07/2006 22:47 <REP> VideoLAN 02/09/2006 21:05 <REP> Wanadoo 24/07/2005 15:08 <REP> Wanadoo Messager 28/08/2006 18:06 <REP> Windows Media Player 29/05/2006 17:12 <REP> Windows Messaging 24/07/2005 12:01 <REP> Windows NT 19/04/2006 17:15 <REP> WinRAR 24/07/2005 12:05 <REP> xerox 1 fichier(s) 461 octets 71 Rép(s) 17 116 811 264 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 30EF-A7EC Répertoire de C:\Program Files\fichiers communs 01/09/2006 17:30 <REP> . 01/09/2006 17:30 <REP> .. 29/07/2005 20:37 <REP> Adaptec Shared 16/10/2005 20:26 <REP> Adobe 21/04/2006 13:26 <REP> Ahead 18/04/2006 15:04 <REP> DirectX 15/01/2006 19:15 <REP> Hewlett-Packard 15/01/2006 19:18 <REP> HP 26/10/2005 16:42 <REP> InstallShield 18/03/2006 23:18 <REP> Java 01/09/2006 17:30 <REP> Microsoft Shared 24/07/2005 12:02 <REP> MSSoap 26/07/2005 01:25 <REP> Nikon 24/07/2005 12:55 <REP> ODBC 24/07/2005 12:03 <REP> Services 28/08/2006 23:57 <REP> Softwin 24/07/2005 12:55 <REP> SpeechEngines 24/07/2005 12:03 <REP> System 15/03/2006 21:11 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 19 Rép(s) 17 116 811 264 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 30EF-A7EC Répertoire de C:\Program Files\common files 01/09/2006 17:30 <REP> . 01/09/2006 17:30 <REP> .. 29/03/2006 18:47 <REP> EasyInfo 03/08/2005 17:29 <REP> Microsoft Shared 01/09/2006 17:30 <REP> System 0 fichier(s) 0 octets 5 Rép(s) 17 116 811 264 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 30EF-A7EC Répertoire de C:\ 24/05/2001 13:59 162 304 UNWISE.EXE 1 fichier(s) 162 304 octets 0 Rép(s) 17 116 811 264 octets libres c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\0U5Z3817\Gestionnaire_internetLB[1].exe c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\G9M745U3\DSLTest[1].exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\77.30_winxp_international.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\77.72_win2kxp_international.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\AdAware_6_Standard_Plus_Pro_FR.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\dsltest.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\everestultimate250.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\gestionnaire_internetlb.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\googleearthwin.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\maxblast4.exe c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\PKUNZIP.EXE c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\spybotsd14.exe c:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe c:\Documents and Settings\Benjamin\.limewire\.NetworkShare\LimeWireWin4.12.6-fixed.exe c:\Documents and Settings\Benjamin\.limewire\.NetworkShare\Incomplete\T-4379440-LimeWireWin4.12.6-nopack.exe c:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{0049F6AE-4FE2-4C43-A039-60FCE98A1986}\ARPPRODUCTICON.exe c:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe c:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe c:\Documents and Settings\Benjamin\Bureau\bitdefender_avplus_v10.exe c:\Documents and Settings\Benjamin\Bureau\diaghelp\FilesInfoCmd.exe c:\Documents and Settings\Benjamin\Bureau\diaghelp\Fport.exe c:\Documents and Settings\Benjamin\Bureau\diaghelp\grep.exe c:\Documents and Settings\Benjamin\Bureau\diaghelp\LFiles.exe c:\Documents and Settings\Benjamin\Bureau\diaghelp\LISTDLLS.exe c:\Documents and Settings\Benjamin\Bureau\diaghelp\pslist.exe c:\Documents and Settings\Benjamin\Bureau\diaghelp\streams.exe c:\Documents and Settings\Benjamin\Local Settings\Temp\a2temp\a2cmd.exe c:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\a2FreeSetup.exe c:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\setup.exe c:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\Hercules downloads\cscv609.exe c:\Documents and Settings\Benjamin\Mes documents\Downloads\Shareaza_2.2.1.0.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\media-player-classic_media_player_classic_6.4.9.0b_xp_.exe_francais_11019.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\sld.codec.pack.2.2.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\half life 2\mod\c14_chap1_setup.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\half life 2\mod\GmodPlus15.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Gestionnaire_internetLB.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\iPodSetup.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\itunes_itunes_6.0.5_francais_11140.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\DC3Setup_33\setup.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ad-aware-se-personal_ad-aware_se_personal_1.6_anglais_12797.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ATF-Cleaner.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ccleaner-crap-cleaner_ccleaner_crap_cleaner_1.31.325_francais_14492.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ccsetup129.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\daemon403-x86.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\everest_everest_2.20_francais_12281.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ewido-setup.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\free-download-manager_free_download_manager_2.0.417_anglais_12841.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\free-download-manager_free_download_manager_patch_vf_francais_12841.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\klmcodec145.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\LimeWireWin.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\OOo_2.0.3_Win32Intel_install_fr.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\Shareaza_2.2.1.0.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\sld.codec.pack.2.2.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\uTorrent-1.6-install.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\windows-live-messenger_windows_live_messenger_8.0.0787.00_francais_19367.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\wrar350fr.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Drivers carte graphique\6-5_xp-2k_dd_ccc_wdm_enu_32464.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\BF2_Incremental_122_13.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\bf2_patch_1.21.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\bf2incrementalpatch1.21-1.22.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Firefox Setup 1.5.0.1.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\firetune_firetune_1.1.1_francais_14750.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.3_francais_11003.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.4_francais_11003.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.5_francais_11003.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Opera 9 International Setup.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Opera_9.01_International_Setup.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\ow32frfr853.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\ow32frfr854.exe c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Nero\Nero-7.0.8.2_fra_no_yt.exe c:\Documents and Settings\Benjamin\Mes documents\My Games\Titan Quest\TitanQuest1_08.exe c:\Documents and Settings\Benjamin\Mes documents\My Games\Titan Quest\TitanQuest1_11.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll c:\Documents and Settings\Benjamin\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\uvucqgdo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll c:\Documents and Settings\Reno\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

Le fichier s'appel "1.vbs". Si tu veux que je l'envois par l'intermédiare de rapidshare ou d'un site de ce genre je ne peux pas car il me dise tous "impossible de trouver le fichier 1.vbs"

Salut, Voila BitDefender me detecte ce virus, enfin plutot il me dit qu'il est suspect. Mais depuis que ce fichier est là, ba mon PC bogue. Je le supprime en mode sans echec mais il revient même en enlevant la restauration du système. Voila si vous pouviez m'aider merci. Il se trouve ici "C:\1.vbs" Logfile of HijackThis v1.99.1 Scan saved at 21:30:33, on 02/09/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe c:\program files\softwin\bitdefender10\bdmcon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148737195947 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe