WILLIAM13

Bonsoir, une analyse réalisée avec TREND micro pc cillin fait ressortir un virus : TROJ_DRASTWOR.A que je n'arrive pas à supprimer. Ci dessous le log hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 20:59:11, on 20/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Trust\DS-4500X Wireless Laser Deskset\Keyboard\kbdap32a.EXE C:\Program Files\Trust\DS-4500X Wireless Laser Deskset\Mouse\mouse32a.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\DOCUME~1\Admin\LOCALS~1\Temp\services.exe C:\WINDOWS\mrofinu1148.exe C:\WINDOWS\system32\B6BDBBB8B9BCC2.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dot1XCfg\Dot1XCfg.exe C:\DOCUME~1\Admin\MESDOC~1\TSKS~1\chkdsk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\W?nSxS\?hkntfs.exe C:\Program Files\Words\Words.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~2\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~2\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~2\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~2\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\WINDOWS\17PHolmes1148.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\17PHolmes1148.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE C:\Program Files\Windows Live Toolbar\msn_sl.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {1916F764-4C8A-6127-F8B9-11A3E3F8A89B} - C:\WINDOWS\system32\ybtwkf.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {773E8BEE-5C7D-4E79-B0D8-099BE946DF74} - C:\Program Files\ComPlus Applications\hokero455101.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\DS-4500X Wireless Laser Deskset\Keyboard\kbdap32a.EXE O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-4500X Wireless Laser Deskset\Mouse\mouse32a.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\remote dupe.exe O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\Admin\LOCALS~1\Temp\services.exe O4 - HKLM\..\Run: [Windows Service] C:\Documents and Settings\Admin\ujutyn.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKLM\..\Run: [5D64625F60636966] B6BDBBB8B9BCC2.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [info blah] C:\DOCUME~1\Admin\APPLIC~1\VCAIMB~1\TRANS SECT.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [Mest] "C:\DOCUME~1\Admin\MESDOC~1\TSKS~1\chkdsk.exe" -vt yazb O4 - HKCU\..\Run: [Tvr] C:\WINDOWS\W?nSxS\?hkntfs.exe O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Moniteur Gigaset WLAN Adapter.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7ddb55b5b5d14e9ea24f41cf30bb05b8 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7ddb55b5b5d14e9ea24f41cf30bb05b8 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142926749387 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~2\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~2\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~2\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~2\TRENDM~1\INTERN~1\tmproxy.exe puis je avoir un d'aide, merci d'avance.

merci encore Regis vous etes au top !

Re Régis ne tiens pas compte de mon post précédent pour renommer les fichiers, j'ai trouvé - je les ai renommés ils s'ouvrent parfaitement bien - merci beaucoup. par contre regarde le rapport de Kaspersky svp - je dois faire quoi? encore merci de ta patience

ci dessous les resultats : KASPERSKY ONLINE SCANNER REPORT Wednesday, January 17, 2007 1:02:08 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 17/01/2007 Kaspersky Anti-Virus database records: 244512 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 41405 Number of viruses found 4 Number of infected objects 43 / 0 Number of suspicious objects 0 Duration of the scan process 00:27:41 Infected Object Name Virus Name Last Action C:\Documents and Settings\Administrateur\Application Data\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped C:\Documents and Settings\Administrateur\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Dell\Dell.url Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Dell\Support.Dell.com.url Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Guide des stations de radio.url Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Liens\Hotmail.url Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Liens\Personnaliser les liens.url Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Liens\Windows Media.url Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\Liens\Windows.url Object is locked skipped C:\Documents and Settings\Administrateur\Favoris\MSN.com.url Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory\SL34.tmp.6f798fea.ini Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1036.MST Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Accessibilité\Clavier visuel.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Accessibilité\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Accessibilité\Gestionnaire d'utilitaires.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Accessibilité\Loupe.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Assistant Compatibilité des programmes.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Bloc-notes.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Carnet d'adresses.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Divertissement\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Divertissement\Lecteur Windows Media.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Explorateur Windows.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Invite de commandes.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Synchroniser.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires\Visite guidée de Windows XP.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Assistance à distance.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Internet Explorer.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outlook Express.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Mes documents\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Échantillons de musique.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Mes documents\Mes images\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\Mes documents\Mes images\Échantillons d'images.lnk Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\amipro.sam Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\excel.xls Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\excel4.xls Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\lotus.wk4 Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\powerpnt.ppt Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\presenta.shw Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\quattro.wb2 Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\sndrec.wav Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\winword.doc Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\winword2.doc Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\wordpfct.wpd Object is locked skipped C:\Documents and Settings\Administrateur\Modèles\wordpfct.wpg Object is locked skipped C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Administrateur\ntuser.ini Object is locked skipped C:\Documents and Settings\Administrateur\Recent\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\SendTo\Bureau (créer un raccourci).DeskLink Object is locked skipped C:\Documents and Settings\Administrateur\SendTo\desktop.ini Object is locked skipped C:\Documents and Settings\Administrateur\SendTo\Destinataire.MAPIMail Object is locked skipped C:\Documents and Settings\Administrateur\SendTo\Dossier compressé.ZFSendToTarget Object is locked skipped C:\Documents and Settings\Administrateur\SendTo\Mes documents.mydocs Object is locked skipped C:\Documents and Settings\dessin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Application Data\Identities\{9EA80CF4-4B0C-40F6-9D77-D0174F8EB8E2}\Microsoft\Outlook Express\Boîte de réception.dbx Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Application Data\Identities\{9EA80CF4-4B0C-40F6-9D77-D0174F8EB8E2}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Application Data\Identities\{9EA80CF4-4B0C-40F6-9D77-D0174F8EB8E2}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Application Data\Identities\{9EA80CF4-4B0C-40F6-9D77-D0174F8EB8E2}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Historique\History.IE5\MSHist012007011720070118\index.dat Object is locked skipped C:\Documents and Settings\dessin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\dessin\NTUSER.DAT Object is locked skipped C:\Documents and Settings\dessin\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0000027.exe Infected: Trojan-Downloader.Win32.Small.cug skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0000065.exe Infected: Trojan-Downloader.Win32.Small.cug skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0000281.DLL Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0000373.EXE Infected: Backdoor.Win32.Small.na skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0000381.DLL Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0001232.dll Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64.dll Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_2b4.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_41c.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_424.VI0 Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_424.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_428.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_430.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_45c.VI0 Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_45c.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_47c.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_498.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_5ac.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_5c0.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_804.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_81c.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_850.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_858.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_880.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_898.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_8f8.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_90c.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_938.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_93c.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_9b8.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_a4c.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_ae4.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_b04.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\comdlg64_b94.VIR Infected: Email-Worm.Win32.Locksky.aq skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\snjiwcvj.exe Infected: Backdoor.Win32.Small.na skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\SUJAQAAA26481921.EXE Infected: Trojan-Downloader.Win32.Small.cug skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sujaqaaa26506968.EXE Infected: Trojan-Downloader.Win32.Small.cug skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\vgoimeuw.exe Infected: Trojan-Spy.Win32.BZub.fz skipped C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\vurxhimh.exe Infected: Trojan-Spy.Win32.BZub.fz skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\change.log Object is locked skipped C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0000895.DLL Infected: Email-Worm.Win32.Locksky.aq skipped C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0000896.EXE Infected: Backdoor.Win32.Small.na skipped C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0000897.DLL Infected: Email-Worm.Win32.Locksky.aq skipped C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0000928.exe Infected: Trojan-Downloader.Win32.Small.cug skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{E0ED54BA-FCAB-48EC-A581-6CD4EFD441EA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_c0.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

peux tu me donner pas à pas la démarche pour les renommer svp ?

re voila les resultats :Logfile of HijackThis v1.99.1 Scan saved at 17:43:44, on 16/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\TEMP\XB48DA.EXE C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\dessin\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Microsoft Explorer - {3756900C-91CD-8645-BCA1-A735810F4101} - C:\WINDOWS\system\swtctl32.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [userFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Startup: EUS_QueueMgr.lnk = ? O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {51F428EC-EAA5-483F-86AE-AD9CE3A51C79} (EU-supply Upload Utility) - https://www.eu-supply.com/java/EUS_UploadMgr/EUS.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{784F665A-75D9-4442-8F2B-DAFB31B23FCD}: NameServer = 194.183.223.119,194.183.223.120 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pare-feu OfficeScanNT (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe SDFix: Version 1.59 16/01/2007 - 17:38:50,89 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting Normal Mode: Checking Files: Files will be copied to Backups folder then removed: C:\DOCUME~1\dessin\LOCALS~1\Temp\tmp3.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmp4.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmp5.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmp6.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmp7.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmp8.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmp9.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmpA.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmpB.tmp - Deleted C:\DOCUME~1\dessin\LOCALS~1\Temp\tmpC.tmp - Deleted C:\WINDOWS\system32\ipv6mons.dll - Deleted Alternate Stream Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application" "C:\\Program Files\\Placolog\\mysql\\bin\\mysqld-max.exe"="C:\\Program Files\\Placolog\\mysql\\bin\\mysqld-max.exe:*:Enabled:mysqld-max" "C:\\Program Files\\Placolog\\placolog.exe"="C:\\Program Files\\Placolog\\placolog.exe:*:Enabled:placolog" "C:\\WINDOWS\\system32\\snjiwcvj.exe"="C:\\WINDOWS\\system32\\snjiwcvj.exe:*:Enabled:snjiwcvj" "C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program Files\\Winsos\\winsos.exe:*:Enabled:Winsos" "C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program Files\\Winsos\\anti-spy.exe:*:Enabled:anti-spy Winsos" "C:\\Program Files\\WINSOS\\help.exe"="C:\\Program Files\\Winsos\\help.exe:*:Enabled:Winsos Help" "C:\\WINDOWS\\system32\\sysvx.exe"="C:\\WINDOWS\\system32\\sysvx.exe:*:Enabled:enable" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Listing Files with hidden attributes: C:\NTDETECT.COM C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll C:\i386\cdplayer.exe.manifest C:\i386\logonui.exe.manifest C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0000065.exe C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\SUJAQAAA26481921.EXE C:\WINDOWS\system32\cdplayer.exe.manifest C:\WINDOWS\system32\logonui.exe.manifest C:\hiberfil.sys C:\IO.SYS C:\MSDOS.SYS C:\pagefile.sys Finished

11:03: Removal process completed. Elapsed time 00:00:18 11:03: william l. à l'échauffement... is in use. It will be removed on reboot. 11:03: potentially rootkit-masked files is in use. It will be removed on reboot. 11:03: Quarantining All Traces: potentially rootkit-masked files 11:03: Quarantining All Traces: xiti cookie 11:03: Quarantining All Traces: tradedoubler cookie 11:03: Quarantining All Traces: webtrends cookie 11:03: Quarantining All Traces: bluestreak cookie 11:03: Quarantining All Traces: adviva cookie 11:03: Quarantining All Traces: advertising cookie 11:03: Quarantining All Traces: trojan-phisher-bzub 11:03: Removal process initiated 11:02: Traces Found: 11 11:02: Custom Sweep has completed. Elapsed time 00:23:26 11:02: File Sweep Complete, Elapsed Time: 00:22:16 10:58: william l. à l'échauffement... (ID = 0) 10:58: Found System Monitor: potentially rootkit-masked files 10:58: Warning: Failed to access drive E: 10:58: Warning: Failed to access drive D: 10:57: Warning: Failed to open file "c:\documents and settings\dessin\mes documents\william l. à l'échauffement...". Opération réussie 10:40: Starting File Sweep 10:40: Warning: Failed to access drive A: 10:40: Cookie Sweep Complete, Elapsed Time: 00:00:00 10:40: info@xiti[2].txt (ID = 3717) 10:40: dessin@xiti[1].txt (ID = 3717) 10:40: Found Spy Cookie: xiti cookie 10:40: dessin@tradedoubler[2].txt (ID = 3575) 10:40: Found Spy Cookie: tradedoubler cookie 10:40: dessin@m.webtrends[1].txt (ID = 3669) 10:40: Found Spy Cookie: webtrends cookie 10:40: dessin@bluestreak[2].txt (ID = 2314) 10:40: Found Spy Cookie: bluestreak cookie 10:40: dessin@adviva[2].txt (ID = 2177) 10:40: Found Spy Cookie: adviva cookie 10:40: dessin@advertising[2].txt (ID = 2175) 10:40: Found Spy Cookie: advertising cookie 10:40: Starting Cookie Sweep 10:40: Registry Sweep Complete, Elapsed Time:00:00:56 10:40: HKU\S-1-5-21-2906354457-2644947365-112289031-1009\software\classes\xml2\ (ID = 1018758) 10:40: HKLM\software\classes\appid\{73364d99-1240-4dff-b12a-67e448373148}\ (ID = 1628228) 10:40: HKCR\appid\{73364d99-1240-4dff-b12a-67e448373148}\ (ID = 1628219) 10:40: Found Trojan Horse: trojan-phisher-bzub 10:39: Memory Sweep Complete, Elapsed Time: 00:00:00 10:39: Starting Registry Sweep 10:39: Starting Memory Sweep 10:39: Warning: Files are not scanned for viruses because AV engine failed to load. 10:39: Sweep initiated using definitions version 838 10:39: Spy Sweeper 5.2.3.2138 started 10:39: | Start of Session, mardi 16 janvier 2007 | ******** 10:39: | End of Session, mardi 16 janvier 2007 | 10:38: Program Version 5.2.3.2138 Using Spyware Definitions 838 10:38: Warning: Virus definitions files are invalid, please update your virus definitions. 220 Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 10:35: Shield States 10:35: Spyware Definitions: 838 10:35: Warning: Virus definitions files are invalid, please update your virus definitions. 220 10:35: Spy Sweeper 5.2.3.2138 started Operation: Terminate Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe Source: C:\WINDOWS\system32\csrss.exe 10:32: Tamper Detection Operation: Terminate Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe Source: C:\WINDOWS\system32\csrss.exe 10:32: Tamper Detection Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 10:29: Shield States 10:29: Spyware Definitions: 838 10:29: Warning: Virus definitions files are invalid, please update your virus definitions. 220 10:28: Spy Sweeper 5.2.3.2138 started 10:22: Your definitions are up to date. 10:21: Your definitions are up to date. Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 10:21: Shield States 10:21: Spyware Definitions: 838 10:21: Warning: Virus definitions files are invalid, please update your virus definitions. 220 10:21: Spy Sweeper 5.2.3.2138 started 10:21: Spy Sweeper 5.2.3.2138 started 10:21: | Start of Session, mardi 16 janvier 2007 | ******** Logfile of HijackThis v1.99.1 Scan saved at 11:08:11, on 16/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\downloaded program files\EUS_QueueMgr.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\TEMP\MF323D.EXE C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE C:\WINDOWS\system32\dumprep.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\dessin\Bureau\HijackThis.exe C:\WINDOWS\system32\dwwin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Microsoft Explorer - {3756900C-91CD-8645-BCA1-A735810F4101} - C:\WINDOWS\system\swtctl32.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sysvx.exe] C:\WINDOWS\system32\sysvx.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [userFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Startup: EUS_QueueMgr.lnk = ? O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {51F428EC-EAA5-483F-86AE-AD9CE3A51C79} (EU-supply Upload Utility) - https://www.eu-supply.com/java/EUS_UploadMgr/EUS.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{784F665A-75D9-4442-8F2B-DAFB31B23FCD}: NameServer = 194.183.223.119,194.183.223.120 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pare-feu OfficeScanNT (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

sos que dois je faire???

rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 10:53:03, on 15/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\sysvx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Palm\Hotsync.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\downloaded program files\EUS_QueueMgr.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\TEMP\JE9793.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\dessin\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Microsoft Explorer - {3756900C-91CD-8645-BCA1-A735810F4101} - C:\WINDOWS\system\swtctl32.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sysvx.exe] C:\WINDOWS\system32\sysvx.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Startup: EUS_QueueMgr.lnk = ? O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {51F428EC-EAA5-483F-86AE-AD9CE3A51C79} (EU-supply Upload Utility) - https://www.eu-supply.com/java/EUS_UploadMgr/EUS.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{784F665A-75D9-4442-8F2B-DAFB31B23FCD}: NameServer = 194.183.223.119,194.183.223.120 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pare-feu OfficeScanNT (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

voici les rapports : 01/15/07 10:42:20 [info]: BlackLight Engine 1.0.55 initialized 01/15/07 10:42:20 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/15/07 10:42:20 [Note]: 7019 4 01/15/07 10:42:20 [Note]: 7005 0 01/15/07 10:42:34 [Note]: 7006 0 01/15/07 10:42:34 [Note]: 7011 1608 01/15/07 10:42:34 [Note]: 7026 0 01/15/07 10:42:34 [Note]: 7026 0 01/15/07 10:42:34 [Note]: 7024 3 01/15/07 10:42:34 [info]: Hidden process: C:\WINDOWS\system32\sysvx.exe 01/15/07 10:42:39 [Note]: FSRAW library version 1.7.1021 01/15/07 10:43:48 [Note]: 7002 0 01/15/07 10:43:48 [Note]: 7003 1 01/15/07 10:44:34 [Note]: 7007 0 01/15/07 10:41:41 [info]: BlackLight Engine 1.0.55 initialized 01/15/07 10:41:41 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/15/07 10:41:41 [Note]: 7019 4 01/15/07 10:41:41 [Note]: 7005 0 01/15/07 10:42:14 [Note]: 7007 0 C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9\A0001112.exe -> Downloader.Tiny.bm : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP10\A0001169.dll -> Logger.Agent.ir : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\sbpqxnfv.exe -> Logger.Agent.ir : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\dessin\Cookies\dessin@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\INFO\Cookies\info@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\INFO\Cookies\info@servedby.advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@com[1].txt -> TrackingCookie.Com : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\dessin\Cookies\dessin@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé. C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9\A0001128.dll -> Worm.Locksky.aq : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport

Merci les gars vous etes super j'attends le post de Régis pour la manip qui pourra me permettre de recuperer mes fichiers voila pour Régis : Logfile of HijackThis v1.99.1 Scan saved at 18:43:19, on 12/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\TEMP\TV3B68.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\sysvx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\WINDOWS\downloaded program files\EUS_QueueMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\dessin\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Microsoft Explorer - {3756900C-91CD-8645-BCA1-A735810F4101} - C:\WINDOWS\system\swtctl32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sysvx.exe] C:\WINDOWS\system32\sysvx.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Startup: EUS_QueueMgr.lnk = ? O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {51F428EC-EAA5-483F-86AE-AD9CE3A51C79} (EU-supply Upload Utility) - https://www.eu-supply.com/java/EUS_UploadMgr/EUS.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{784F665A-75D9-4442-8F2B-DAFB31B23FCD}: NameServer = 194.183.223.119,194.183.223.120 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Pare-feu OfficeScanNT (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe a + et merci encore

par contre mes fichiers ne sont toujours pas utilisables !!!!!!

voila le rapport : ms_update_0610_kb72306.exe c:\documents and settings\all users\menu démarrer\programmes\démarrage Trojan.DownLoader.16941 Supprimé. winvnc.exe c:\program files\realvnc\winvnc Program.RemoteAdmin Irréparable.Sera déplacé en quarantaine après le redémarrage de l'ordinateur. fe5f5.exe c:\windows\temp Probablement BACKDOOR.Trojan Irréparable.Sera déplacé en quarantaine après le redémarrage de l'ordinateur. ETUDE DE PRIX COGEDIM DEFINITIF.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. ETUDE DE PRIX HOTEL IBIS MARTIGUES.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. ETUDE DE PRIX MAISON DE L'ENTREPRISE CLERMONT L'HERAULT.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. ETUDE DE PRIX PIERRES ET VACANCES.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. ETUDE DE PRIX SIEGE CAOEB MARTIGUES.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. ETUDE DE PRIX SIFER.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. ETUDE DE PRIX VILLA DAUNOU EXTERIEUR 2.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. MEMOTECHNIQUE Immeuble de bureaux Montpellier en VALREUIL.doc.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. MEMOTECHNIQUE MEUNIER PROMOTION.doc.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. RECAO LEOUBE.xls.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. TEMMER-OFFER.eml.exe C:\Documents and Settings\dessin\Mes documents\fichiers infectes Trojan.Encoder.10 Désinfecté. vncviewer.exe C:\Program Files\RealVNC Program.RemoteAdmin Irréparable.Quarantaine. vnchooks.dll C:\Program Files\RealVNC\WinVNC Program.RemoteAdmin Irréparable.Quarantaine. winvnc.exe C:\Program Files\RealVNC\WinVNC Program.RemoteAdmin Irréparable.Quarantaine. A0000652.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000667.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000668.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000669.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000670.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000671.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000672.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000673.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000674.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000675.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000676.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0000677.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6 Trojan.Encoder.10 Désinfecté. A0001111.exe C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9 Trojan.DownLoader.16941 Supprimé. vajsdaaa.exe C:\WINDOWS\system32 Trojan.DownLoader.17087 Supprimé.

voila le résultat : Find AWF report by noahdfear ©2006 21504 byte files found ~~~~~~~~~~~~~ 21504 "C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\MS_update_0610_KB72306.exe" 21504 byte files sorted with strings ~~~~~~~~~~~~~~~~~~~~~ 25600 byte files found ~~~~~~~~~~~~~ 25600 byte files sorted with strings ~~~~~~~~~~~~~~~~~~~~~ 26450 byte files found ~~~~~~~~~~~~~ 26450 byte files sorted with strings ~~~~~~~~~~~~~~~~~~~~~ bak folders found ~~~~~~~~~~~ Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 2037-4CEE R‚pertoire de C:\DOCUME~1\DESSIN\MESDOC~1\DESSINS\DOEWUL~1\PLANSD~1\PLANS.BAK 26/04/2005 17:16 <REP> . 26/04/2005 17:16 <REP> .. 28/02/2005 13:58 334ÿ111 Bat C rue Cdt Rolland.bak 25/01/2005 16:36 138ÿ337 Cartouche Wulfram Puget.bak 07/11/2004 18:44 112ÿ805 d‚tail d‚bitage.bak 10/09/2004 16:47 248ÿ472 Pignons Ouest chainages bt A.bak 15/02/2005 10:38 662ÿ857 Soubassement bat. C.bak 26/04/2005 17:01 929ÿ977 Wulfram Puget fa‡ade arriŠre batiment C.bak 28/02/2005 13:34 686ÿ485 Wulfram Puget fa‡ade haute rue Wulfram Puget.bak 28/02/2005 13:40 635ÿ432 Wulfram Puget facades hautes bat A et B.bak 28/02/2005 13:49 496ÿ746 Wulfram Puget Hall A.bak 09/03/2005 17:23 372ÿ298 Wulfram Puget Hall B.bak 21/03/2005 07:14 503ÿ469 Wulfram Puget Hall C.bak 26/04/2005 17:05 753ÿ591 Wulfram Puget soubassement bat A et B.bak 12 fichier(s) 5ÿ874ÿ580 octets 2 R‚p(s) 71ÿ054ÿ708ÿ736 octets libres Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 334111 28 Feb 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Bat C rue Cdt Rolland.bak" 153358 23 Jun 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\Cartouche Wulfram Puget pour DOE.bak" 1134622 21 Nov 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\Viaduc LOUBAT\Divers\Cartouche LOUBAT Rocamat.bak" 138337 25 Jan 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Cartouche Wulfram Puget.bak" 112805 7 Nov 2004 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\d‚tail d‚bitage.bak" 248472 10 Sep 2004 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Pignons Ouest chainages bt A.bak" 662857 15 Feb 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Soubassement bat. C.bak" 496746 28 Feb 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Wulfram Puget Hall A.bak" 372298 9 Mar 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Wulfram Puget Hall B.bak" 503469 21 Mar 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Wulfram Puget Hall C.bak" 753591 26 Apr 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Wulfram Puget soubassement bat A et B.bak" 929977 26 Apr 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Wulfram Puget fa‡ade arriŠre batiment C.bak" 686485 28 Feb 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Wulfram Puget fa‡ade haute rue Wulfram Puget.bak" 635432 28 Feb 2005 "C:\Documents and Settings\dessin\Mes documents\DESSINS\DOE Wulfram Puget\Plans DWG\plans.bak\Wulfram Puget facades hautes bat A et B.bak" end of report