mateoteo

ca y est! voici le rapport de btfix : BTFix 1.040 (par bibi26) - 10/09/2007 11:48:44 - Nettoyage - Mode sans échec ---> Fichiers/dossiers supprimés - Fichiers temporaires effacés - C:\Program Files\Save - C:\Documents and Settings\MATHIEU\Menu Démarrer\Programmes\WhenU ---> Nettoyage terminé et celui de hijackthis : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:01:20, on 10/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\AvidSDMService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HiJackThis_v2.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 8190 bytes et maintenant? que dois je faire? est ce que ce pc est en train de redevenir "pur" ?? suis je sur la bonne voie? merci charles pour le temps consacré!!!! j'attend de tes nouvelles!

voici le rapport de btfix : BTFix 1.040 (par bibi26) - 09/09/2007 15:28:30 - Analyse ---> Fichiers/Dossiers trouvés - C:\Program Files\Save - C:\Documents and Settings\MATHIEU\Menu Démarrer\Programmes\WhenU ---> Analyse terminée

voici le rapport du scan effectué avec panda.... si quelqu'un peut m'aider a y voir plus clair et me dire quelles sont les demarches effectuées ce serait tres gentil!!! Incident Status Location Adware:adware/whenusearch Not disinfected C:\Documents and Settings\MATHIEU\Menu Démarrer\Programmes\WhenU Adware:adware/savenow Not disinfected c:\program files\Save Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\MATHIEU\Bureau\ComboFix.exe[nircmd.exe] Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\MATHIEU\Cookies\mathieu@smartadserver[2].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\MATHIEU\Cookies\mathieu@weborama[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\MATHIEU\Cookies\mathieu@xiti[1].txt Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\ACM.dll Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\ffext.mod Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\Save.exe Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\save.htm Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\SaveUninst.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006530.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006547.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012052.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013584.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006533.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006550.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012055.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013587.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006536.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006553.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012058.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013590.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006539.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006556.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012061.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013593.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{F2D15CAD-879E-44AA-AACE-2505A1E12FC2}\RP347\A0050002.exe

bonnjour a tous, voici le rapport d'un scan panda que je viens de faire.... quelqu'un peut il m'aiguiller sur la marche a suivre??? merci!!! Incident Status Location Adware:adware/whenusearch Not disinfected C:\Documents and Settings\MATHIEU\Menu Démarrer\Programmes\WhenU Adware:adware/savenow Not disinfected c:\program files\Save Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\MATHIEU\Bureau\ComboFix.exe[nircmd.exe] Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\MATHIEU\Cookies\mathieu@smartadserver[2].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\MATHIEU\Cookies\mathieu@weborama[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\MATHIEU\Cookies\mathieu@xiti[1].txt Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\ACM.dll Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\ffext.mod Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\Save.exe Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\save.htm Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\SaveUninst.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006530.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006547.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012052.exe Virus:Bck/Ravmon.B Disinfected H:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013584.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006533.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006550.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012055.exe Virus:Bck/Ravmon.B Disinfected I:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013587.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006536.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006553.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012058.exe Virus:Bck/Ravmon.B Disinfected J:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013590.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006539.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{0CDEEC85-A989-4ADB-B59C-3A09C937C36A}\RP31\A0006556.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP66\A0012061.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{201630F6-901F-45C2-9F65-46A01D0087AA}\RP67\A0013593.exe Virus:Bck/Ravmon.B Disinfected K:\System Volume Information\_restore{F2D15CAD-879E-44AA-AACE-2505A1E12FC2}\RP347\A0050002.exe

ca y est le fichier est effacé!!! dois je reconfigurer comme avant ( c'est a dire decocher les cases que je viens de cocher et inversement) ???? pour le scan avec panda je vais le faire des que possible (ce soir ou demain matin) car je dois malheureusemnt partir de chez moi.... merci pour ton aide si precieuse!!!!!! je poste le resultat de panda des que je l'aurai fait!!!

je ne trouve pas C:\Documents and Settings\MATHIEU\Application Data\errorsafescannerinstall_fr.exe ?!?! meme en faisant rechercher... que se passe t il? ca y est j'arrive aussi a ouvrir ma cle USB directement...

yes! effectivement je peux acceder directement a mon disque dur externe... par contre pas ma cle USB... je crois qu'il ne l'avait pas detectée avant... j'ai refait un scan avec combo fix qui a donné ceci : ComboFix 07-08-30.3 - "MATHIEU" 2007-09-07 16:31:28.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.655 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 ))))))))))))))))))))))))))))))) 2007-09-07 16:10 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-04 19:41 <REP> d-------- C:\DOCUME~1\MATHIEU\APPLIC~1\OpenOffice.org2 2007-09-04 19:39 <REP> d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-21 14:35 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-08-21 14:34 <REP> d-------- C:\Program Files\RALINK 2007-08-21 14:33 <REP> d-------- C:\DOCUME~1\MATHIEU\APPLIC~1\InstallShield 2007-08-21 14:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-21 14:20 <REP> d-------- C:\Program Files\CCleaner 2007-08-17 03:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-14 16:37 <REP> d--h----- C:\WINDOWS\PIF (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-07 14:59 --------- d-------- C:\Program Files\Soulseek-Test 2007-08-31 04:13 2560 --a--c--- C:\WINDOWS\system32\BitCometRes.dll 2007-08-26 02:39 --------- d-------- C:\Program Files\BitComet 2007-08-21 14:34 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-21 11:31 --------- d-------- C:\Program Files\BitTorrent 2007-08-05 01:27 --------- d-------- C:\DOCUME~1\MATHIEU\APPLIC~1\dvdcss 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe 2006-10-09 20:39 92368 --a--c--- C:\DOCUME~1\MATHIEU\APPLIC~1\errorsafescannerinstall_fr[1].exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00] "SoundMan"="SOUNDMAN.EXE" [2004-01-09 02:54 C:\WINDOWS\SOUNDMAN.EXE] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-05-06 18:15] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-01-29 17:55] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2005-01-29 17:55] "Mediafour Mac Volume Notifications"="C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.exe" [2005-01-29 17:55] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-06-08 15:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 16:31] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll 2005-01-29 17:55 61440 C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 nwprovau R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys R3 NeroCd2k;NeroCd2k;C:\WINDOWS\system32\drivers\NeroCd2k.sys R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e1b688-b5dc-11db-b3a3-0011090efecc}] AutoRun\command- G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e1b689-b5dc-11db-b3a3-0011090efecc}] AutoRun\command- G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{230f2261-702e-11db-b305-00030d21d74b}] AutoRun\command- G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c028c624-58d9-11dc-b49e-00030d21d74b}] AutoRun\command- notepad readme.txt *Newly Created Service* - CATCHME Contents of the 'Scheduled Tasks' folder 2007-08-25 11:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-07 16:32:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-07 16:33:20 C:\ComboFix-quarantined-files.txt ... 2007-09-07 16:33 C:\ComboFix2.txt ... 2007-09-07 16:12 --- E O F ---

voici le rapport de combofix : ComboFix 07-08-30.3 - "MATHIEU" 2007-09-07 16:10:45.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.662 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Seekmo Programs C:\WINDOWS\sisport.sys C:\WINDOWS\system32\media C:\WINDOWS\system32\media\AvidRender.wav H:\Autorun.inf I:\Autorun.inf J:\Autorun.inf K:\Autorun.inf ((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 ))))))))))))))))))))))))))))))) 2007-09-07 16:10 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-04 19:41 <REP> d-------- C:\DOCUME~1\MATHIEU\APPLIC~1\OpenOffice.org2 2007-09-04 19:39 <REP> d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-21 14:35 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-08-21 14:34 <REP> d-------- C:\Program Files\RALINK 2007-08-21 14:33 <REP> d-------- C:\DOCUME~1\MATHIEU\APPLIC~1\InstallShield 2007-08-21 14:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-21 14:20 <REP> d-------- C:\Program Files\CCleaner 2007-08-17 03:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-14 16:37 <REP> d--h----- C:\WINDOWS\PIF (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-07 14:59 --------- d-------- C:\Program Files\Soulseek-Test 2007-08-31 04:13 2560 --a--c--- C:\WINDOWS\system32\BitCometRes.dll 2007-08-26 02:39 --------- d-------- C:\Program Files\BitComet 2007-08-21 14:34 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-21 11:31 --------- d-------- C:\Program Files\BitTorrent 2007-08-05 01:27 --------- d-------- C:\DOCUME~1\MATHIEU\APPLIC~1\dvdcss 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe 2006-10-09 20:39 92368 --a--c--- C:\DOCUME~1\MATHIEU\APPLIC~1\errorsafescannerinstall_fr[1].exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00] "SoundMan"="SOUNDMAN.EXE" [2004-01-09 02:54 C:\WINDOWS\SOUNDMAN.EXE] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-05-06 18:15] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-01-29 17:55] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2005-01-29 17:55] "Mediafour Mac Volume Notifications"="C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.exe" [2005-01-29 17:55] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-06-08 15:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 16:31] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll 2005-01-29 17:55 61440 C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 nwprovau R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys R3 NeroCd2k;NeroCd2k;C:\WINDOWS\system32\drivers\NeroCd2k.sys R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e1b688-b5dc-11db-b3a3-0011090efecc}] AutoRun\command- G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e1b689-b5dc-11db-b3a3-0011090efecc}] AutoRun\command- G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{230f2261-702e-11db-b305-00030d21d74b}] AutoRun\command- G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c028c624-58d9-11dc-b49e-00030d21d74b}] AutoRun\command- notepad readme.txt *Newly Created Service* - CATCHME Contents of the 'Scheduled Tasks' folder 2007-08-25 11:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-07 16:12:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-07 16:12:55 C:\ComboFix-quarantined-files.txt ... 2007-09-07 16:12 --- E O F ---

voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:48:59, on 07/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\AvidSDMService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 8193 bytes

merci je suis en train d'installer hijackthis j'envoie le rapport des reception

Bonjour! Mon DD externe et ma clé USB ont été infectés par WORM/RJump.D, un scan réalisé avec avira antivir guard me detecte ce fichu WORM dans toutes mes partitions du DD externe... j'ai beau faire "delete" ils ne s'enlevent pas... comment pourrais fair'e pour en venir a bout??? merci beaucoup!

Bonjour a tous! Depuis quelques semaines, impossible d'ouvrir directement mon DD externe et ma clé USB en cliquant simplement dessus... je suis obligé de faire click droit et ouvrir... quand je fais un scan avec Antivir guard il trouve toujours le meme probleme : WORM/RJump.D... Quelqu'un peut il m'aider pour eradiquer ce worm... Merci!!

j'avais oublié quand j'ai fait easycleaner en mode sans echec il y a deux fichiers inutiles qui ne voulaient pas s'effacer... ces deux fichiers sont: C:\Documents and Settings\Administrateur.PABLO-FB37EF6A1\Local Settings\Temporary Internet Files\Content.IE5 C:\Documents and Settings\Administrateur.PABLO-FB37EF6A1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Voila sinon pour le scan avec ewido rien a faire, l'ordi plante a chaque fois avant la fin... Tu ne vois toujours rien en ce qui concerne la base du probleme du plantage de l'ordi?? Merci du mal que tu te donnes pour me venir en aide!!!! a plus!

voici le scan de panda : Incident Status Location Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrateur.PABLO-FB37EF6A1\Cookies\administrateur@bluestreak[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrateur.PABLO-FB37EF6A1\Cookies\administrateur@xiti[1].txt Je vais encore essayé de faire celui avec ewido... Si jamais je ne te l'envoie pas c'est que ca foire...

Maintenant il va falloir désenregistrer une DLL[/b][/color] Démarrer, Exécuter, et taper (ou copier/coller): regsvr32 /u C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll et valider par Ok Ca n'a pas marché! Répète l'opération pour celui là C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\ whenu_ff.dll Il n'y avait aucun dossier dans C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\.... Voici le rapport de spysweeper: 11:37: Traces Found: 0 11:37: Full Sweep has completed. Elapsed time 00:08:47 11:37: File Sweep Complete, Elapsed Time: 00:07:59 11:37: Warning: Failed to access drive E: 11:29: Starting File Sweep 11:29: Cookie Sweep Complete, Elapsed Time: 00:00:00 11:29: Starting Cookie Sweep 11:29: Registry Sweep Complete, Elapsed Time:00:00:45 11:29: Memory Sweep Complete, Elapsed Time: 00:00:00 11:29: Starting Registry Sweep 11:28: Starting Memory Sweep 11:28: Sweep initiated using definitions version 691 11:28: Spy Sweeper 5.0.5.1286 started 11:28: | Start of Session, jeudi 21 septembre 2006 | ******** 11:28: | End of Session, jeudi 21 septembre 2006 | 11:28: Program Version 5.0.5.1286 Using Spyware Definitions 691 Operation: File Access Target: Source: C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE 10:52: Tamper Detection Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: Off IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 10:48: Shield States 10:48: Spyware Definitions: 691 10:48: Spy Sweeper 5.0.5.1286 started Operation: File Access Target: Source: C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE 23:04: Tamper Detection Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: Off IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 23:03: Shield States 23:03: Spyware Definitions: 691 23:03: Spy Sweeper 5.0.5.1286 started 22:37: | End of Session, mercredi 20 septembre 2006 | 22:36: Program Version 5.0.5.1286 Using Spyware Definitions 691 Keylogger Shield: On BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: Off IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 22:29: Shield States 22:29: Spyware Definitions: 691 22:29: Spy Sweeper 5.0.5.1286 started 22:29: Spy Sweeper 5.0.5.1286 started 22:29: | Start of Session, mercredi 20 septembre 2006 | ******** 22:47: | End of Session, mercredi 20 septembre 2006 | 22:46: Traces Found: 29 22:46: Full Sweep has completed. Elapsed time 00:09:23 22:46: File Sweep Complete, Elapsed Time: 00:08:36 22:46: Warning: Failed to access drive E: 22:45: iwhenu_ff.xpt (ID = 296809) 22:45: chrome.manifest (ID = 296810) 22:39: whenu_ff.dll (ID = 296501) 22:39: Found Adware: whenu 22:37: Starting File Sweep 22:37: Cookie Sweep Complete, Elapsed Time: 00:00:00 22:37: administrateur@xiti[1].txt (ID = 3717) 22:37: Found Spy Cookie: xiti cookie 22:37: administrateur@weborama[2].txt (ID = 3658) 22:37: Found Spy Cookie: weborama cookie 22:37: administrateur@tradedoubler[1].txt (ID = 3575) 22:37: Found Spy Cookie: tradedoubler cookie 22:37: administrateur@serving-sys[1].txt (ID = 3343) 22:37: Found Spy Cookie: serving-sys cookie 22:37: [email protected][1].txt (ID = 2315) 22:37: [email protected][1].txt (ID = 3566) 22:37: Found Spy Cookie: touchclarity cookie 22:37: administrateur@bluestreak[2].txt (ID = 2314) 22:37: Found Spy Cookie: bluestreak cookie 22:37: administrateur@atdmt[2].txt (ID = 2253) 22:37: Found Spy Cookie: atlas dmt cookie 22:37: administrateur@advertising[1].txt (ID = 2175) 22:37: Found Spy Cookie: advertising cookie 22:37: administrateur@adtech[2].txt (ID = 2155) 22:37: Found Spy Cookie: adtech cookie 22:37: [email protected][2].txt (ID = 3148) 22:37: Found Spy Cookie: pointroll cookie 22:37: administrateur@2o7[1].txt (ID = 1957) 22:37: Found Spy Cookie: 2o7.net cookie 22:37: administrateur@247realmedia[1].txt (ID = 1953) 22:37: Found Spy Cookie: 247realmedia cookie 22:37: Starting Cookie Sweep 22:37: Registry Sweep Complete, Elapsed Time:00:00:14 22:37: HKLM\software\classes\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (ID = 773992) 22:37: HKLM\software\classes\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (ID = 773979) 22:37: HKLM\software\classes\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (ID = 773976) 22:37: HKLM\software\classes\appid\acm.dll\ (ID = 773974) 22:37: HKLM\software\classes\acm.acmfactory.1\ (ID = 773970) 22:37: HKLM\software\classes\acm.acmfactory\ (ID = 773964) 22:37: HKCR\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (ID = 773962) 22:37: HKCR\appid\acm.dll\ (ID = 773960) 22:37: HKCR\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (ID = 773950) 22:37: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (ID = 773937) 22:37: HKCR\acm.acmfactory.1\ (ID = 773933) 22:37: HKCR\acm.acmfactory\ (ID = 773927) 22:37: Starting Registry Sweep 22:37: Memory Sweep Complete, Elapsed Time: 00:00:29 22:37: Starting Memory Sweep 22:37: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\inprocserver32\ (ID = 1353159) 22:37: Found Adware: whenu save 22:37: Sweep initiated using definitions version 691 22:37: Spy Sweeper 5.0.5.1286 started 22:37: | Start of Session, mercredi 20 septembre 2006 | ******** 22:58: Deletion from quarantine completed. Elapsed time 00:00:00 22:58: Processing: tradedoubler cookie 22:58: Processing: xiti cookie 22:58: Processing: bluestreak cookie 22:58: Processing: adtech cookie 22:58: Processing: atlas dmt cookie 22:58: Processing: serving-sys cookie 22:58: Processing: whenu 22:58: Processing: 2o7.net cookie 22:58: Processing: whenu save 22:58: Processing: weborama cookie 22:58: Processing: touchclarity cookie 22:58: Processing: pointroll cookie 22:58: Processing: advertising cookie 22:58: Processing: 247realmedia cookie 22:58: Deletion from quarantine initiated 22:55: Removal process completed. Elapsed time 00:00:11 22:55: Quarantining All Traces: whenu 22:55: Quarantining All Traces: xiti cookie 22:55: Quarantining All Traces: weborama cookie 22:55: Quarantining All Traces: tradedoubler cookie 22:55: Quarantining All Traces: serving-sys cookie 22:55: Quarantining All Traces: touchclarity cookie 22:55: Quarantining All Traces: bluestreak cookie 22:55: Quarantining All Traces: atlas dmt cookie 22:55: Quarantining All Traces: advertising cookie 22:55: Quarantining All Traces: adtech cookie 22:55: Quarantining All Traces: pointroll cookie 22:55: Quarantining All Traces: 2o7.net cookie 22:55: Quarantining All Traces: 247realmedia cookie 22:55: Quarantining All Traces: whenu save 22:55: Removal process initiated 22:54: Traces Found: 29 22:54: Full Sweep has completed. Elapsed time 00:07:32 22:54: File Sweep Complete, Elapsed Time: 00:06:46 22:54: Warning: Failed to access drive E: 22:53: iwhenu_ff.xpt (ID = 296809) 22:53: chrome.manifest (ID = 296810) 22:49: whenu_ff.dll (ID = 296501) 22:49: Found Adware: whenu 22:48: Starting File Sweep 22:48: Cookie Sweep Complete, Elapsed Time: 00:00:00 22:48: administrateur@xiti[1].txt (ID = 3717) 22:48: Found Spy Cookie: xiti cookie 22:48: administrateur@weborama[2].txt (ID = 3658) 22:48: Found Spy Cookie: weborama cookie 22:48: administrateur@tradedoubler[1].txt (ID = 3575) 22:48: Found Spy Cookie: tradedoubler cookie 22:48: administrateur@serving-sys[1].txt (ID = 3343) 22:48: Found Spy Cookie: serving-sys cookie 22:48: [email protected][1].txt (ID = 2315) 22:48: [email protected][1].txt (ID = 3566) 22:48: Found Spy Cookie: touchclarity cookie 22:48: administrateur@bluestreak[2].txt (ID = 2314) 22:48: Found Spy Cookie: bluestreak cookie 22:48: administrateur@atdmt[2].txt (ID = 2253) 22:48: Found Spy Cookie: atlas dmt cookie 22:48: administrateur@advertising[1].txt (ID = 2175) 22:48: Found Spy Cookie: advertising cookie 22:48: administrateur@adtech[2].txt (ID = 2155) 22:48: Found Spy Cookie: adtech cookie 22:48: [email protected][2].txt (ID = 3148) 22:48: Found Spy Cookie: pointroll cookie 22:47: administrateur@2o7[1].txt (ID = 1957) 22:47: Found Spy Cookie: 2o7.net cookie 22:47: administrateur@247realmedia[1].txt (ID = 1953) 22:47: Found Spy Cookie: 247realmedia cookie 22:47: Starting Cookie Sweep 22:47: Registry Sweep Complete, Elapsed Time:00:00:44 22:47: HKLM\software\classes\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (ID = 773992) 22:47: HKLM\software\classes\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (ID = 773979) 22:47: HKLM\software\classes\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (ID = 773976) 22:47: HKLM\software\classes\appid\acm.dll\ (ID = 773974) 22:47: HKLM\software\classes\acm.acmfactory.1\ (ID = 773970) 22:47: HKLM\software\classes\acm.acmfactory\ (ID = 773964) 22:47: HKCR\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (ID = 773962) 22:47: HKCR\appid\acm.dll\ (ID = 773960) 22:47: HKCR\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (ID = 773950) 22:47: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (ID = 773937) 22:47: HKCR\acm.acmfactory.1\ (ID = 773933) 22:47: HKCR\acm.acmfactory\ (ID = 773927) 22:47: Memory Sweep Complete, Elapsed Time: 00:00:00 22:47: Starting Registry Sweep 22:47: Starting Memory Sweep 22:47: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\inprocserver32\ (ID = 1353159) 22:47: Found Adware: whenu save 22:47: Sweep initiated using definitions version 691 22:47: Spy Sweeper 5.0.5.1286 started 22:47: | Start of Session, mercredi 20 septembre 2006 | ******** Le rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 12:29:02, on 21/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Soft4Ever\looknstop\_looknstop.exe C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe C:\Program Files\Real Alternative\Update_OB\realsched.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\SpySweeper\SpySweeper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [AudioDeck] "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\SpySweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137161796765 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{683174EB-0F8D-4DF5-B107-A7F9D21E8599}: NameServer = 212.95.66.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\SpySweeper\SpySweeper.exe Ensuite pour le rapport Ewido... l'ordi plant sans arret... A savoir qu'apres avoir effectué les manips en mode sans echec, il a planté au moins 5 fois quan j'ai voulu le redemarrer... je vais essayer de faire le scan de panda...