lolostin

Salut, si, je voudrai savoir comment je peut afficher que le probleme est resolu sur le Sujet? et encore mille merci A+ Laurent

re: Je viens d'installé le programme de Norton et de l'executer. Pour la corbeille je l'ai simple vider. Y a t-il une autre manip a faire? PS: Je sais je ne suis pas doué en Informatique Merci A+ Laurent

Je ne comprend pas ma corbeille est vide???? Oui, j'ai été infecté j'ai d'installé norton et remplacé par Pc Cilling. A+ Laurent

J'ai oublié de te dire que je n'utilise plus Norton mais Pc Cillin. Je ne sais pas si cela à une importance? Encore merci pour tout

Si c'est pas si grave, c'est Génial Voici le dernier rapport Kaspersky : KASPERSKY ON-LINE SCANNER REPORT Monday, January 22, 2007 5:46:12 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 22/01/2007 Enregistrements dans la base antivirus Kaspersky : 260846 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 58196 Nombre de virus trouvés 7 Nombre d'objets infectés 24 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:32:13 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe/data0002 Infecté : Trojan-Downloader.Win32.PurityScan.dc ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe NSIS: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe CryptFF: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp/[From [email protected]][Date Sun, 15 Oct 2006 22:58:26 +0200]/details05.zip/data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp/[From [email protected]][Date Sun, 15 Oct 2006 22:58:26 +0200]/details05.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp Mail: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp CryptFF: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp/[From MAILER-DAEMON (Mail Delivery System)][Date Thu, 19 Oct 2006 16:16:22 -0400 (EDT)]/details.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp/[From MAILER-DAEMON (Mail Delivery System)][Date Thu, 19 Oct 2006 16:16:22 -0400 (EDT)]/details.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp Mail: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp CryptFF: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F4C6233.exe Infecté : not-a-virus:Downloader.Win32.WinFixer.m ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71553F46.tmp Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp/392315089702606E-02,UUE Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp Mail: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp CryptFF: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71903306.tmp Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp/New Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp Mail: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp CryptFF: infecté - 1 ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\.housecall6.6\Quarantine\mdqinokg.exe.bac_a01152 Infecté : not-a-virus:AdWare.Win32.Agent.at ignoré C:\Documents and Settings\Lolostin\.housecall6.6\Quarantine\VSAdd-in.dll.bac_a01152 Infecté : not-a-virus:AdWare.Win32.Agent.at ignoré C:\Documents and Settings\Lolostin\Bureau\rapports annalyses\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré C:\Documents and Settings\Lolostin\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Historique\History.IE5\MSHist012007012220070123\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll L'objet est verrouillé ignoré C:\RECYCLER\S-1-5-21-4188401613-2092787217-2997995234-500\Dc2.dll Infecté : Trojan.Win32.BHO.g ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. Merci A+ Laurent

Salut, voici les rapports d'analyse. A) Log Hijacthis : Logfile of HijackThis v1.99.1 Scan saved at 14:22:54, on 22/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Lolostin\Bureau\lolostin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161770510312 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://www.press-vision.com/files/widelook/widelookX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe B) Kasperskky : KASPERSKY ON-LINE SCANNER REPORT Monday, January 22, 2007 2:18:50 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 22/01/2007 Enregistrements dans la base antivirus Kaspersky : 260739 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 57878 Nombre de virus trouvés 10 Nombre d'objets infectés 27 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:14:37 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe/data0002 Infecté : Trojan-Downloader.Win32.PurityScan.dc ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe NSIS: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe CryptFF: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp/[From [email protected]][Date Sun, 15 Oct 2006 22:58:26 +0200]/details05.zip/data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp/[From [email protected]][Date Sun, 15 Oct 2006 22:58:26 +0200]/details05.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp Mail: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp CryptFF: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp/[From MAILER-DAEMON (Mail Delivery System)][Date Thu, 19 Oct 2006 16:16:22 -0400 (EDT)]/details.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp/[From MAILER-DAEMON (Mail Delivery System)][Date Thu, 19 Oct 2006 16:16:22 -0400 (EDT)]/details.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp Mail: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp CryptFF: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F4C6233.exe Infecté : not-a-virus:Downloader.Win32.WinFixer.m ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71553F46.tmp Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp/392315089702606E-02,UUE Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp Mail: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp CryptFF: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71903306.tmp Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp/New Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp Mail: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp CryptFF: infecté - 1 ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\.housecall6.6\Quarantine\mdqinokg.exe.bac_a01152 Infecté : not-a-virus:AdWare.Win32.Agent.at ignoré C:\Documents and Settings\Lolostin\.housecall6.6\Quarantine\VSAdd-in.dll.bac_a01152 Infecté : not-a-virus:AdWare.Win32.Agent.at ignoré C:\Documents and Settings\Lolostin\Bureau\rapports annalyses\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré C:\Documents and Settings\Lolostin\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Historique\History.IE5\MSHist012007012220070123\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll L'objet est verrouillé ignoré C:\RECYCLER\S-1-5-21-4188401613-2092787217-2997995234-500\Dc2.dll Infecté : Trojan.Win32.BHO.g ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\VundoFix Backups\awtqp.dll.bad Infecté : not-a-virus:AdWare.Win32.Virtumonde.fp ignoré C:\VundoFix Backups\ouvxkhyu.dll.bad Infecté : Trojan-Spy.Win32.VBStat.j ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\peouhwxc.dll Infecté : Trojan-Spy.Win32.VBStat.h ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. Merci A+ Laurent

Salut, voici le rapport Hijackthis dit Lolostin : Logfile of HijackThis v1.99.1 Scan saved at 10:47:02, on 19/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Documents and Settings\Lolostin\Bureau\lolostin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\holtefdr.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {C4C81771-9CFE-4299-A133-B4CE329B574D} - C:\WINDOWS\system32\awtqp.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161770510312 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://www.press-vision.com/files/widelook/widelookX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Merci A+ Laurent

Re, Oups, je ne trouve pas cette ligne après avoir lancer Hijackthis : lance hijackthis en cliquant sur do a scan system only et coche cette ligne O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\eqjkkjki.dll",setvm est-ce normal? Merci A+ Laurent.

Re, Voici le 2ème rapport Vundofix VundoFix V6.3.2 Checking Java version... Java version is 1.5.0.6 Java version is 1.5.0.9 Scan started at 14:40:18 18/01/2007 Listing files found while scanning.... C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt C:\Program Files\VSAdd-in\VSAdd-in.dll C:\WINDOWS\system32\awtqp.dll C:\WINDOWS\system32\holtefdr.dll C:\WINDOWS\system32\nnnmmkh.dll C:\WINDOWS\system32\ouvxkhyu.dll C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.bak2 C:\WINDOWS\system32\pqtwa.ini C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.tmp Beginning removal... Attempting to delete C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted! Attempting to delete C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted! Attempting to delete C:\WINDOWS\system32\awtqp.dll C:\WINDOWS\system32\awtqp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nnnmmkh.dll C:\WINDOWS\system32\nnnmmkh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ouvxkhyu.dll C:\WINDOWS\system32\ouvxkhyu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.bak2 C:\WINDOWS\system32\pqtwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.ini C:\WINDOWS\system32\pqtwa.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.tmp C:\WINDOWS\system32\pqtwa.tmp Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Performing Repairs to the registry. Done! Merci A+ Laurent

No probleme Voici le rapport VundoFix V6.3.2 Checking Java version... Java version is 1.5.0.6 Java version is 1.5.0.9 Scan started at 14:40:18 18/01/2007 Listing files found while scanning.... C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt C:\Program Files\VSAdd-in\VSAdd-in.dll C:\WINDOWS\system32\awtqp.dll C:\WINDOWS\system32\holtefdr.dll C:\WINDOWS\system32\nnnmmkh.dll C:\WINDOWS\system32\ouvxkhyu.dll C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.bak2 C:\WINDOWS\system32\pqtwa.ini C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.tmp Beginning removal... Attempting to delete C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted! Attempting to delete C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt C:\Documents and settings\Lolostin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted! Attempting to delete C:\WINDOWS\system32\awtqp.dll C:\WINDOWS\system32\awtqp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nnnmmkh.dll C:\WINDOWS\system32\nnnmmkh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ouvxkhyu.dll C:\WINDOWS\system32\ouvxkhyu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.bak1 C:\WINDOWS\system32\pqtwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.bak2 C:\WINDOWS\system32\pqtwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.ini C:\WINDOWS\system32\pqtwa.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.ini2 C:\WINDOWS\system32\pqtwa.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\pqtwa.tmp C:\WINDOWS\system32\pqtwa.tmp Has been deleted! Performing Repairs to the registry. Done! je continu le reste de la manip Merci A+

Re, comment puis je trouver le VundoFix.exe?

Salut, voici le rapport d'hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 13:33:11, on 18/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Documents and Settings\Lolostin\Bureau\HijackThis.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\eqjkkjki.dll",setvm O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161770510312 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://www.press-vision.com/files/widelook/widelookX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Merci A+ Laurent

Re Salut, Voici le rapport de Silent Runner. Je n'ai pas compris si je devai refaire un scan avec HijackThis? A+ "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] "HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "] "Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data] "RecGuard" = "C:\Windows\SMINST\RecGuard.exe" [empty string] "hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."] "QPService" = ""C:\Program Files\HP\QuickPlay\QPService.exe"" ["CyberLink Corp."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "pccguide.exe" = ""C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"" ["Trend Micro Incorporated."] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "DllRunning" = "rundll32.exe "C:\WINDOWS\system32\eqjkkjki.dll",setvm" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {20C1F36D-6E59-4CA8-AA3D-80CA98DA3591}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\awtqp.dll" [null data] {46A4E9D9-B30E-452A-8157-DBBEC8573B03}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\VSAdd-in\VSAdd-in.dll" [file not found] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {7DA39570-5FD2-4f18-94B4-20730CB3F727}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\holtefdr.dll" [file not found] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF" -> {HKLM...CLSID} = "ShellViewRTF" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" -> {HKLM...CLSID} = "ImageExtractorShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data] "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}" -> {HKLM...CLSID} = "CInfoTipShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data] "{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension" -> {HKLM...CLSID} = "TMD Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 12\Tmdshell.dll" ["Trend Micro Incorporated."] "{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet" -> {HKLM...CLSID} = "VBPropSheet" \InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 12\VBProp.dll" ["Trend Micro Incorporated."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> awtqp\DLLName = "C:\WINDOWS\system32\awtqp.dll" [null data] <<!>> winjrs32\DLLName = "winjrs32.dll" [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmarque.scr" [MS] Startup items in "Lolostin" & "All Users" startup folders: ---------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "DataViz Inc Messenger" -> shortcut to: "C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe" ["DataViz, Inc."] "HOTSYNCSHORTCUTNAME" -> shortcut to: "C:\Program Files\Palm\Hotsync.exe -logon" ["PalmSource, Inc"] "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Lancement rapide de Microsoft Office OneNote 2003" -> shortcut to: "C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] "{74DD705D-6834-439C-A735-A6DBE2677452}" -> {HKLM...CLSID} = "&VSAdd-in" \InProcServer32\(Default) = "C:\Program Files\VSAdd-in\VSAdd-in.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"] Trend Micro Central Control Component, PcCtlCom, "C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe" ["Trend Micro Incorporated."] Trend Micro Personal Firewall, TmPfw, "C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe" ["Trend Micro Inc."] Trend Micro Proxy Service, tmproxy, "C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe" ["Trend Micro Inc."] Trend Micro Real-time Service, Tmntsrv, "C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe" ["Trend Micro Incorporated."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 55 seconds, including 8 seconds for message boxes)

Salut, j'ai mon ordi qui deviens de plus en plus lent, quand je l'allume j'ai un message "Run dll" erreur de charement de : c:\windows\systeme32\eqjkki.dll le module spécifié est introuvable. Que dois-je faire? Faudra t-il formater? bon, voici le dernier rapport de Kapersky. Encore Merci. A+ Laurent

Bonjour, encore mille merci pour ton aide precieuse . Voici donc le dernier rapport de Kaspersky : KASPERSKY ON-LINE SCANNER REPORT Tuesday, January 16, 2007 3:09:36 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 16/01/2007 Enregistrements dans la base antivirus Kaspersky : 258725 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 50658 Nombre de virus trouvés 8 Nombre d'objets infectés 25 / 0 Nombre d'objets suspects 0 Durée de l'analyse 02:38:16 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe/data0002 Infecté : Trojan-Downloader.Win32.PurityScan.dc ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe NSIS: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\113F0183.exe CryptFF: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp/[From [email protected]][Date Sun, 15 Oct 2006 22:58:26 +0200]/details05.zip/data.rtf .scr Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp/[From [email protected]][Date Sun, 15 Oct 2006 22:58:26 +0200]/details05.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp Mail: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\467E004A.tmp CryptFF: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp/[From MAILER-DAEMON (Mail Delivery System)][Date Thu, 19 Oct 2006 16:16:22 -0400 (EDT)]/details.zip/document.txt .exe Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp/[From MAILER-DAEMON (Mail Delivery System)][Date Thu, 19 Oct 2006 16:16:22 -0400 (EDT)]/details.zip Infecté : Email-Worm.Win32.NetSky.q ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp Mail: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B29BE.tmp CryptFF: infecté - 2 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F4C6233.exe Infecté : not-a-virus:Downloader.Win32.WinFixer.m ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71553F46.tmp Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp/392315089702606E-02,UUE Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp Mail: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71790D1F.tmp CryptFF: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71903306.tmp Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp/New Infecté : Email-Worm.Win32.Nyxem.e ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp Mail: infecté - 1 ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A758ED.tmp CryptFF: infecté - 1 ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\.housecall6.6\Quarantine\mdqinokg.exe.bac_a01152 Infecté : not-a-virus:AdWare.Win32.Agent.at ignoré C:\Documents and Settings\Lolostin\.housecall6.6\Quarantine\VSAdd-in.dll.bac_a01152 Infecté : not-a-virus:AdWare.Win32.Agent.at ignoré C:\Documents and Settings\Lolostin\Bureau\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré C:\Documents and Settings\Lolostin\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Historique\History.IE5\MSHist012007011620070117\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Lolostin\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll L'objet est verrouillé ignoré C:\RECYCLER\S-1-5-21-4188401613-2092787217-2997995234-500\Dc2.dll Infecté : Trojan.Win32.BHO.g ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\ouvxkhyu.dll Infecté : Trojan-Spy.Win32.VBStat.j ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. A+ Laurent