JackDaniels123

Ok parfait!!! Merci beaucoup

Une dernière question: Voila ce qui vient de se passer sur mon ordi: Je viens de voir Norton qui analyse le téléchargement ce l'outil software_reporter_tool.exe (Sans que je fasse quoi que ce soit) Il l'installe la : C:\Users\marc\AppData\Local\Google\Chrome\User Data\SwReporter\23.131.1 Es-ce normal??

Merci beaucoup pour votre aide et réactivité!! @+

Oui j'ai déjà utilisé la version d'essai et pour sketchup, en effet nous avons une version etudiant qui est valide 3 ans mais en master (4eme année), la licence se désactive :/ Voilà mon dernier rapport https://up.security-x.fr/file.php?h=R8e3ef57f58cc618b605986c019ca3048

J'avais bien un compte Google chrome oui, j'ai effectué les manip de réinitialisation. Franchement bien mieux l'ordi!!! Il a retrouvé une bonne rapidité d'exécution

Mea culpa Je vais faire gaffe maintenant mais faut absolument que je trouve le moyen d'installer tout mes logiciels sans crack et keygen, mais c'est un autre sujet. J'ai supprimé la quarantaine, puis-je me servir de Chrome?

Bonjour, Désolé j'avais beaucoup de travail en ce moment. En effet ces virus ont été installés par ma faute. Je suis en Master architecture et notre école nous ont donné 3 ans de licence pour des logiciels tels que rhino ou sketchup. Malheureusement, à partir de la 4ème année, nous devons nous procurer les crack de ces logiciels qui sont pour la plupart introuvables et très chers. Le seul moyen que j'ai trouvé était Utorrent sur des sites turcs ou autre. Je savait que je m'exposais à toute sorte de virus par cette application mais je pensais désinfecter après l'installation. Si vous avez d'autres piste de téléchargement de ce genre de crack de logiciel, je suis preneur!!! Merci de prendre du temps pour m'aider en tout cas car mon ordi rame pas mal depuis :/ J'ai suivi votre procédure, j'ai désinstallé McAfee, Windows live essential (toutefois dommage car il y avait movie maker) Et voici les 3 rapports demandés: https://up.security-x.fr/file.php?h=Re41fd12e2536c462072d0f08b8809f52 https://up.security-x.fr/file.php?h=Re4363cadd3cb4c7121247b8221dd77a3 https://up.security-x.fr/file.php?h=R9fea80edaa8a20dcf8f7d3bbfe578acd Merci beaucoup!!

Bonjour, Comme dans les sur certains précédents sujets, mon PC est infecté par le virus des moteur de recherche Cleanserp.net. Pourriez vous m'aider a éradiquer cette saloperie s'ilvous plait? Merci d'avance, voici les lien des logs FRST https://up.security-x.fr/file.php?h=Rd2d4657c4a2783df0bb3652045de0d09 https://up.security-x.fr/file.php?h=Rfcd45189b28fd4fbed8785afb4975c60

Merci beaucoup, pour l'instant tout va bien, 2 mise a jour un peu diffixiles a lancer, sinon pas de ralentissement. Dois-je relancer un sujet si nouveau probleme?

Le lien n'est pas fonctionnel désolé!

Effectivement, j'ai deja nettoyer quelques ordi avant mais j'été dépasse par celui ci! Voici le rapport: ComboFix 12-08-25.04 - Anne-Claire 25/08/2012 22:52:30.1.1 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3001.1730 [GMT 2:00] Lancé depuis: c:\users\Anne-Claire\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\hpeE8B1.dll c:\users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac} c:\users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac}\@ c:\users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac}\n c:\users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac}\U\00000001.@ c:\users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac}\U\80000000.@ c:\users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac}\U\800000cb.@ c:\users\Anne-Claire\AppData\Roaming\quickzip51.msi.tmp c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-07-25 au 2012-08-25 )))))))))))))))))))))))))))))))))))) . . 2012-08-25 20:59 . 2012-08-25 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-25 20:35 . 2012-08-25 20:35 -------- d-----w- c:\program files\Ad-Remover 2012-08-25 20:00 . 2012-08-25 20:00 -------- d-----w- c:\users\Anne-Claire\AppData\Local\Apple 2012-08-25 19:58 . 2012-08-25 19:58 -------- d-----w- c:\users\Anne-Claire\AppData\Roaming\Avira 2012-08-25 19:52 . 2012-07-18 16:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-08-25 19:52 . 2012-07-18 16:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-08-25 19:52 . 2012-07-18 16:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-08-25 19:52 . 2012-08-25 19:52 -------- d-----w- c:\programdata\Avira 2012-08-25 19:52 . 2012-08-25 19:52 -------- d-----w- c:\program files\Avira 2012-08-25 19:08 . 2012-08-25 19:08 -------- d-----w- c:\windows\system32\EventProviders 2012-08-25 18:57 . 2012-08-25 18:57 -------- d-----w- c:\users\Anne-Claire\AppData\Local\Acer ePower Management V4 2012-08-25 16:34 . 2012-08-25 16:34 -------- d-----w- c:\users\Anne-Claire\AppData\Local\Adobe 2012-08-25 15:33 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD99450C-EAED-480F-946C-B78506D8AAD3}\mpengine.dll 2012-08-24 09:04 . 2012-08-25 14:22 -------- d-----w- c:\programdata\6F638C1A377C0CEF79DCE7766C44B161 2012-08-08 17:56 . 2012-08-08 17:56 -------- d-----w- c:\users\Anne-Claire\AppData\Roaming\ArcSoft 2012-08-08 17:56 . 2012-08-08 17:56 -------- d-----w- c:\users\Anne-Claire\AppData\Roaming\HP SimpleSave Application . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 16:53 . 2012-05-21 20:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 16:53 . 2012-03-04 19:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 10:25 . 2012-02-15 18:15 237072 ----a-w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Anne-Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Anne-Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Anne-Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Anne-Claire\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2010-01-28 3404600] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-13 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-07 175128] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-13 153624] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464] "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664] . c:\users\Anne-Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Anne-Claire\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-9-17 565248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - FSUSBEXDISK . Contenu du dossier 'Tâches planifiées' . 2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 16:53] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\users\Anne-Claire\Desktop\PartyPoker.fr.lnk TCP: DhcpNameServer = 212.27.40.241 212.27.40.240 . - - - - ORPHELINS SUPPRIMES - - - - . HKCU-Run-Livestation - c:\program files\Livestation\Livestation.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-25 23:00 Windows 6.0.6001 Service Pack 1 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2012-08-25 23:04:10 ComboFix-quarantined-files.txt 2012-08-25 21:04 . Avant-CF: 79 041 122 304 octets libres Après-CF: 78 985 355 264 octets libres . - - End Of File - - DB41F49F98BC42E5E56146EF27B232D0

MBAM rapport: Malwarebytes Anti-Malware (Essai) 1.62.0.1300 www.malwarebytes.org Version de la base de données: v2012.08.26.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Anne-Claire :: PC-DE-ANNE-CLAI [administrateur] Protection: Activé 26/08/2012 15:05:39 mbam-log-2012-08-26 (15-05-39).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 308339 Temps écoulé: 57 minute(s), 33 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 3 C:\Qoobox\Quarantine\C\Users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac}\n.vir (RootKit.0Access) -> Mis en quarantaine et supprimé avec succès. C:\Qoobox\Quarantine\C\Users\Anne-Claire\AppData\Local\{da2acb81-c61f-8d66-115c-0eab2c5097ac}\U\800000cb.@.vir (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès. C:\Users\Anne-Claire\Documents\Logiciels\WebPlayer.exe (Adware.Dropper) -> Mis en quarantaine et supprimé avec succès. (fin)

Voici le rapport : # AdwCleaner v1.801 - Rapport créé le 26/08/2012 à 14:26:26 # Mis à jour le 14/08/2012 par Xplode # Système d'exploitation : Windows Vista Home Premium Service Pack 2 (32 bits) # Nom d'utilisateur : Anne-Claire - PC-DE-ANNE-CLAI # Mode de démarrage : Normal # Exécuté depuis : C:\Users\Anne-Claire\Desktop\Marc Clean Soft\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** ***** [Registre] ***** Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar Clé Supprimée : HKCU\Software\Ask.com.tmp Clé Supprimée : HKCU\Software\Conduit ***** [Registre - GUID] ***** ***** [Navigateurs] ***** -\\ Internet Explorer v7.0.6002.18005 [OK] Le registre ne contient aucune entrée illégitime. -\\ Opera v12.1.1532.0 Fichier : C:\Users\Anne-Claire\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [3039 octets] - [25/08/2012 22:29:23] AdwCleaner[s1].txt - [3199 octets] - [25/08/2012 22:29:42] AdwCleaner[s2].txt - [1085 octets] - [26/08/2012 14:26:26] ########## EOF - C:\AdwCleaner[s2].txt - [1213 octets] ########## Merci,

Merci, et voila pour le rapport: Download ZHPDiag.txt from Sendspace.com - send big files the easy way

Ouai merci pour la reponse rapide! Voici le dernier rapport antivir: Avira Free Antivirus Report file date: samedi 25 août 2012 21:56 Scanning for 4166737 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available. Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Home Premium Windows version : (Service Pack 1) [6.0.6001] Boot mode : Normally booted Username : Anne-Claire Computer name : PC-DE-ANNE-CLAI Version information: BUILD.DAT : 12.0.0.1167 40870 Bytes 18/07/2012 20:07:00 AVSCAN.EXE : 12.3.0.33 468472 Bytes 18/07/2012 16:04:51 AVSCAN.DLL : 12.3.0.15 54736 Bytes 18/07/2012 16:05:06 LUKE.DLL : 12.3.0.15 68304 Bytes 18/07/2012 16:04:59 AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18/07/2012 16:04:51 AVREG.DLL : 12.3.0.33 232232 Bytes 18/07/2012 16:04:51 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 23:23:21 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 23:32:24 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 22:38:13 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 16:05:05 VBASE006.VDF : 7.11.34.117 2048 Bytes 29/06/2012 16:05:05 VBASE007.VDF : 7.11.34.118 2048 Bytes 29/06/2012 16:05:05 VBASE008.VDF : 7.11.34.119 2048 Bytes 29/06/2012 16:05:05 VBASE009.VDF : 7.11.34.120 2048 Bytes 29/06/2012 16:05:05 VBASE010.VDF : 7.11.34.121 2048 Bytes 29/06/2012 16:05:05 VBASE011.VDF : 7.11.34.122 2048 Bytes 29/06/2012 16:05:05 VBASE012.VDF : 7.11.34.123 2048 Bytes 29/06/2012 16:05:05 VBASE013.VDF : 7.11.34.124 2048 Bytes 29/06/2012 16:05:05 VBASE014.VDF : 7.11.38.18 2554880 Bytes 30/07/2012 19:54:23 VBASE015.VDF : 7.11.38.70 556032 Bytes 31/07/2012 19:54:27 VBASE016.VDF : 7.11.38.143 171008 Bytes 02/08/2012 19:54:28 VBASE017.VDF : 7.11.38.221 178176 Bytes 06/08/2012 19:54:30 VBASE018.VDF : 7.11.39.37 168448 Bytes 08/08/2012 19:54:31 VBASE019.VDF : 7.11.39.89 131072 Bytes 09/08/2012 19:54:32 VBASE020.VDF : 7.11.39.145 142336 Bytes 11/08/2012 19:54:33 VBASE021.VDF : 7.11.39.207 165888 Bytes 14/08/2012 19:54:34 VBASE022.VDF : 7.11.40.9 156160 Bytes 16/08/2012 19:54:35 VBASE023.VDF : 7.11.40.49 133120 Bytes 17/08/2012 19:54:36 VBASE024.VDF : 7.11.40.95 156160 Bytes 20/08/2012 19:54:37 VBASE025.VDF : 7.11.40.155 181760 Bytes 22/08/2012 19:54:38 VBASE026.VDF : 7.11.40.205 203264 Bytes 23/08/2012 19:54:39 VBASE027.VDF : 7.11.40.206 2048 Bytes 23/08/2012 19:54:39 VBASE028.VDF : 7.11.40.207 2048 Bytes 23/08/2012 19:54:39 VBASE029.VDF : 7.11.40.208 2048 Bytes 23/08/2012 19:54:39 VBASE030.VDF : 7.11.40.209 2048 Bytes 23/08/2012 19:54:39 VBASE031.VDF : 7.11.40.250 96256 Bytes 25/08/2012 19:54:40 Engine version : 8.2.10.146 AEVDF.DLL : 8.1.2.10 102772 Bytes 25/08/2012 19:55:03 AESCRIPT.DLL : 8.1.4.46 455034 Bytes 25/08/2012 19:55:02 AESCN.DLL : 8.1.8.2 131444 Bytes 16/02/2012 16:11:36 AESBX.DLL : 8.2.5.12 606578 Bytes 18/07/2012 16:04:48 AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 23:22:40 AEPACK.DLL : 8.3.0.32 811382 Bytes 25/08/2012 19:55:01 AEOFFICE.DLL : 8.1.2.42 201083 Bytes 25/08/2012 19:54:58 AEHEUR.DLL : 8.1.4.92 5177718 Bytes 25/08/2012 19:54:58 AEHELP.DLL : 8.1.23.2 258422 Bytes 18/07/2012 16:04:45 AEGEN.DLL : 8.1.5.36 434549 Bytes 25/08/2012 19:54:45 AEEXP.DLL : 8.1.0.80 86389 Bytes 25/08/2012 19:55:03 AEEMU.DLL : 8.1.3.2 393587 Bytes 25/08/2012 19:54:43 AECORE.DLL : 8.1.27.4 201078 Bytes 25/08/2012 19:54:42 AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 23:22:35 AVWINLL.DLL : 12.3.0.15 27344 Bytes 18/07/2012 16:04:53 AVPREF.DLL : 12.3.0.15 51920 Bytes 18/07/2012 16:04:51 AVREP.DLL : 12.3.0.15 179208 Bytes 18/07/2012 16:04:51 AVARKT.DLL : 12.3.0.15 211408 Bytes 18/07/2012 16:04:49 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18/07/2012 16:04:50 SQLITE3.DLL : 3.7.0.1 398288 Bytes 18/07/2012 16:05:02 AVSMTP.DLL : 12.3.0.32 63480 Bytes 18/07/2012 16:04:52 NETNT.DLL : 12.3.0.15 17104 Bytes 18/07/2012 16:04:59 RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 18/07/2012 16:05:09 RCTEXT.DLL : 12.3.0.31 97784 Bytes 18/07/2012 16:05:09 Configuration settings for the scan: Jobname.............................: Short system scan after installation Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat Logging.............................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Deviating risk categories...........: +JOKE,+PFS, Start of the scan: samedi 25 août 2012 21:56 Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'WMIADAP.EXE' - '1' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'setup.exe' - '1' Module(s) have been scanned Scan process 'presetup.exe' - '1' Module(s) have been scanned Scan process 'avira_free_antivirus_en.exe' - '1' Module(s) have been scanned Module is OK -> <C:\Users\Anne-Claire\Desktop\avira_free_antivirus_en.exe> [WARNING] The file is password protected Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned Scan process 'ePowerEvent.exe' - '1' Module(s) have been scanned Scan process 'igfxext.exe' - '1' Module(s) have been scanned Scan process 'ePowerTray.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'igfxext.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'Dropbox.exe' - '1' Module(s) have been scanned Scan process 'AcerVCM.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'mwlDaemon.exe' - '1' Module(s) have been scanned Scan process 'EgisUpdate.exe' - '1' Module(s) have been scanned Scan process 'ODDPWR.exe' - '1' Module(s) have been scanned Scan process 'BackupManagerTray.exe' - '1' Module(s) have been scanned Scan process 'PLFSetI.exe' - '1' Module(s) have been scanned Scan process 'LManager.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RS_Service.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SupServ.exe' - '1' Module(s) have been scanned Scan process 'ODDPWRSvc.exe' - '1' Module(s) have been scanned Scan process 'SchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'IScheduleSvc.exe' - '1' Module(s) have been scanned Scan process 'MWLService.exe' - '1' Module(s) have been scanned Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned Scan process 'dsiwmis.exe' - '1' Module(s) have been scanned Scan process 'dgdersvc.exe' - '1' Module(s) have been scanned Scan process 'armsvc.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'Dwm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting to scan executable files (registry). C:\Program Files\Object\bho_project.dll [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen The registry was scanned ( '2219' files ). Beginning disinfection: The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}\> was removed successfully. The registration entry <HKEY_CLASSES_ROOT\CLSID\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}\> was removed successfully. The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}\> was removed successfully. C:\Program Files\Object\bho_project.dll [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen [NOTE] The file was moved to the quarantine directory under the name '556f9e43.qua'. [NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}> was successfully repaired. [NOTE] The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}> was successfully repaired. [NOTE] The registration entry <HKEY_USERS\S-1-5-21-1065561180-239058308-3607678911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}> was successfully repaired. End of the scan: samedi 25 août 2012 22:11 Used time: 02:24 Minute(s) The scan has been done completely. 0 Scanned directories 3704 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 3703 Files not concerned 21 Archives were scanned 1 Warnings 1 Notes Merci

Bonjour a tous, Je sollicite vos talents d'informaticiens afin de sauver la vie de mon PC C'est un ACER sous Windows vista SP1 (recemment télécharger SP2); Antivirus avira. Le dernier scan m'a detecter quelques virus et un scan sur Kaspersky n'a pas pu aboutir. Voici mon rapport HijackThis. Merci beaucoup pour votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:07:08, on 26/08/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\PLFSetI.exe C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Windows\system32\igfxext.exe C:\Users\Anne-Claire\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0911&m=aspire_4810t R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe" O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun O4 - Global Startup: Acer VCM.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Users\Anne-Claire\Desktop\PartyPoker.fr.lnk O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Users\Anne-Claire\Desktop\PartyPoker.fr.lnk O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9780 bytes

Bonjours les techniciens!! Alors voilà mon problème, j'ai un portable ou je ne pouvais acceder au gestionnaire de peripheriques, où tout les services étaient arretés et qui doit etre infecté par je ne sais quel virus. Je l'ai nettoyé, j'ai relancer pas mal de services mais je n'arrive toujours pas a me connecter à internet, il envoie des paquets mais n'en recoit pas. Je vous joins un rapport HijackThis pour une petite vérif, merci d'avance. Logfile of HijackThis v1.99.1 Scan saved at 10:09:48, on 13/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\netdde.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\clipsrv.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\carpserv.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\dmadmin.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [RavMont] C:\WINDOWS\System32\RavMon.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1B2EFE67-2690-4C04-B90D-ED74CC32AAC9}: NameServer = 62.128.175.15,62.128.175.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{92CDDAA1-FBF9-4F45-ABA0-FE264D13CDE2}: NameServer = 62.128.175.15,62.128.175.14 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9A1782E-0720-4462-85EB-194485E8140C}: NameServer = 62.128.175.15,62.128.175.14 O17 - HKLM\System\CS1\Services\Tcpip\..\{1B2EFE67-2690-4C04-B90D-ED74CC32AAC9}: NameServer = 62.128.175.15,62.128.175.14 O17 - HKLM\System\CS2\Services\Tcpip\..\{1B2EFE67-2690-4C04-B90D-ED74CC32AAC9}: NameServer = 62.128.175.15,62.128.175.14 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Bonjour à vous, merci encore pour les "réparations, mes trois ordi sont impécables. J'ai un autre qui fais des siennes, c un vieux portable qu'on a récupéré, l'ecran était en panne alors on l'a branché sur un moniteur. Je l'ai nettoyé façon Zebulon puis j'ai effectuer pas mal d'analyse avec Antivir et il dois rester quelques problèmes. Je vous joins le rapport HijackThis. Merci d'avance!!! Logfile of HijackThis v1.99.1 Scan saved at 17:37:56, on 15/02/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\ams_ii\iao.exe C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yayoo.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.10.16.113:9877 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p \\Esther\Printer -pn "" -n 0 -l 1033 -sl 120000 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{3F25A7A9-9756-4203-8713-0348F11DD3B2}: NameServer = 62.128.175.10,62.128.175.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{9767ED23-DBC3-4E2D-96D7-F7E0C855EAB5}: NameServer = 62.128.175.15,62.128.175.14 O17 - HKLM\System\CS1\Services\Tcpip\..\{3F25A7A9-9756-4203-8713-0348F11DD3B2}: NameServer = 62.128.175.10,62.128.175.11 O17 - HKLM\System\CS2\Services\Tcpip\..\{3F25A7A9-9756-4203-8713-0348F11DD3B2}: NameServer = 62.128.175.10,62.128.175.11 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Salut, bon alors le 2ème PC est très propre, j'ai fais une analyse sur internet (kasper...) et il n'a rien trouvé. Le 1er est archi clean car j'ai été obligé de réinstaller Windows XP. Je suis passé au 3ème et je l'ai nettoyé méthode Zebulon, j'ai fait un scan HijackThis et un SDFix. Voici le rapport Hijack: Logfile of HijackThis v1.99.1 Scan saved at 12:48:24, on 04/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Launchpad.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F881FAE3-0EF8-49DB-A7D0-A9EFCCB0EE4A}: Domain = bou O17 - HKLM\System\CCS\Services\Tcpip\..\{F881FAE3-0EF8-49DB-A7D0-A9EFCCB0EE4A}: NameServer = 62.128.175.15,62.128.175.14 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Et voici le rapport SDFix: SDFix: Version 1.76 Run by PREMIERE URGENCE - 04/04/2007 - 12:57:38,15 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\MST4E.tmp - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Disabled:javaw" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\WINDOWS\\AdobeR.exe"="C:\\WINDOWS\\AdobeR.exe:*:Disabled:AdobeR" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\WINDOWS\system32\msvbvm60.dll C:\WINDOWS\system32\sistem.sys C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\Documents and Settings\PREMIERE URGENCE\Application Data\Microsoft\Word\~WRL0156.tmp C:\Documents and Settings\PREMIERE URGENCE\Application Data\Microsoft\Word\~WRL1485.tmp C:\Documents and Settings\PREMIERE URGENCE\Application Data\Microsoft\Word\~WRL3084.tmp C:\Documents and Settings\PREMIERE URGENCE\Application Data\Microsoft\Word\~WRL4048.tmp C:\Documents and Settings\PREMIERE URGENCE\Mes documents\~WRL2158.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\921489dbadb512bef621a699353e4e8b\BIT65.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a42167dd61c9f9b73a704b23be685e03\BITC3.tmp Finished Voilà merci encore et à tout à l'heure!!!

Bonjour, voici le rapport SDFix: Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\AntiVir PersonalEdition Classic\\avcenter.exe"="C:\\Program Files\\AntiVir PersonalEdition Classic\\avcenter.exe:*:Enabled:Start AntiVir PersonalEdition Classic" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector" "C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector" Remaining Files: --------------- Checking For Files with Hidden Attributes : C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\76aa2685383a8603c91b6c50dbcb89fc\BIT4F.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ca1c9a5f6bfb5c940f7b592a816e164e\BIT50.tmp Finished et voilà le rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 21:20:56, on 03/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{53B7D770-B406-455D-9399-1D7C7CDC4EA8}: NameServer = 62.128.175.15,62.128.175.14 O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Salut, pour répondre à ta question, les pc ne sont pas en réseau mais nous nous servons de clé USB pur transférer nos dossiers et elles sont touts infectées, mon disk dur externe compris. Y aurait il un moyen de nettoyer tout ça pour éviter que l'on se transmette a nouveau ce virus?

Bon je crois que j'ai réussi à en sauver un. C'est un IBM de mathusalem et il ya une fonction restauration d'usine, par contre l'autre est un DELL et il y a que dalle je crois.

Oh la la, je crois que j'ai un enorme problème : les 2 ordi ne veulent plus démarrer et un ecran noir s'affiche me disant que le fichier C:\WINDOWS\SYSTEM32\Config\SYSTEM est endommagé, il me demande alors d'inserer le CD original pour réparer, malheuresement, je n'ai rien ici, pour info je suis au Congo....

Voilà j'ai fais les manip sur le 2ème PC donc le rapport silentrunner est le suivant: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "ibmmessages" = "C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" ["IBM"] "Tok-Cirrhatus" = "*a" (unwritable string) [file not found] "Tok-Cirrhatus-6777" = ""C:\Documents and Settings\PREMIERE URGENCE\Local Settings\Application Data\br14577on.exe"" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "S3TRAY2" = "S3Tray2.exe" ["S3 Graphics, Inc."] "SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "TPKMAPHELPER" = "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper" ["IBM Corp."] "TpShocks" = "TpShocks.exe" ["IBM Corp."] "TPHOTKEY" = "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [null data] "TP4EX" = "tp4ex.exe" ["IBM Corporation"] "EZEJMNAP" = "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" ["IBM Corp."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "UC_Start" = "C:\Program Files\IBM\Updater\\ucstartup.exe" [null data] "UpdateManager" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "(Default)" = "(empty string)" [file not found] "ibmmessages" = "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" ["IBM"] "IBMPRC" = "C:\IBMTOOLS\UTILS\ibmprc.exe" ["IBM Corp."] "BMMGAG" = "RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor" [MS] "BMMLREF" = "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [null data] "BMMMONWND" = "rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor" [MS] "HPWRTOOLBOX" = "C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"" ["Hewlett-Packard Company"] "StatusClient" = "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto" ["Hewlett-Packard"] "TomcatStartup" = "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" ["Hewlett-Packard"] "vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" [file not found] "Bron-Spizaetus" = "*Z" (unwritable string) [file not found] "Update" = "C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER" [file not found] "RavAV" = "C:\WINDOWS\AdobeR.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\IBM RecordNow!\shlext.dll" [null data] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared context menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "Shell" = "Explorer.exe "C:\WINDOWS\sembako-dezjkkg.exe"" [MS], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"] <<!>> QConGina\DLLName = "QConGina.dll" ["IBM Corp."] <<!>> tphotkey\DLLName = "tphklock.dll" [null data] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a-squared context menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a-squared context menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoFolderOptions" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Removes the Folder Options menu item from the Tools menu} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableCMD" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\PREMIERE URGENCE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "PREMIERE URGENCE" & "All Users" startup folders: ------------------------------------------------------------------ C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll" ["Yahoo! Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (IBM)" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ "ButtonText" = "Messenger" "MenuText" = "Yahoo! Messenger" "CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll" ["Yahoo! Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Carte de performance WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS] EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"] IBM KCU Service, TpKmpSVC, "C:\WINDOWS\system32\TpKmpSVC.exe" [null data] IBM PM Service, IBMPMSVC, "C:\WINDOWS\System32\ibmpmsvc.exe" [null data] IBM Rapid Restore Ultra Service, IBM Rapid Restore Ultra Service, ""C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"" [empty string] QCONSVC, QCONSVC, "System32\QCONSVC.EXE" ["IBM Corp."] RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"] Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"] hpz3l3xt\Driver = "hpz3l3xt.dll" ["Hewlett-Packard Company"] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] PCL Language Monitor\Driver = "hpz3l3y2.dll" ["Hewlett-Packard Company"] SP501 GDI Language Monitor\Driver = "PWLANMON.DLL" ["Destiny Technology Corporation"] SP501 GDI Port Monitor\Driver = "PWPRTMON.DLL" [null data] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 38 seconds, including 12 seconds for message boxes) .... et le rapport LoP est : Rapport fait à 13:13:42,93 le 02/04/2007 ****************************************** ## Répertoires Application Data Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\Administrateur\Application Data 25/02/2003 18:19 <REP> . 25/02/2003 18:19 <REP> .. 25/02/2003 18:19 <REP> Identities 25/02/2003 18:19 <REP> Microsoft 10/09/2005 13:39 <REP> Sonic 10/09/2005 13:40 <REP> Symantec 25/02/2003 18:19 62 desktop.ini 1 fichier(s) 62 octets 6 R‚p(s) 27ÿ121ÿ713ÿ152 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data 25/02/2003 18:19 <REP> . 25/02/2003 18:19 <REP> .. 29/03/2007 19:11 <REP> Bron.tok-18-29 10/09/2005 13:32 <REP> BVRP Software 25/02/2003 18:19 <REP> Microsoft 10/09/2005 13:23 33ÿ208 GDIPFONTCACHEV1.DAT 25/02/2003 19:06 1ÿ930ÿ896 IconCache.db 2 fichier(s) 1ÿ964ÿ104 octets 5 R‚p(s) 27ÿ121ÿ709ÿ056 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\All Users\Application Data 25/02/2003 18:05 <REP> . 25/02/2003 18:05 <REP> .. 30/08/2006 10:18 <REP> Adobe 18/07/2006 17:04 <REP> Apple Computer 10/09/2005 13:39 <REP> IBM 10/09/2005 13:29 <REP> Intel 25/02/2003 18:05 <REP> Microsoft 25/02/2003 18:22 <REP> SBSI 10/09/2005 13:40 <REP> Symantec 12/08/2006 16:14 <REP> Windows Genuine Advantage 10/08/2006 18:44 <REP> Yahoo! 25/02/2003 18:05 62 desktop.ini 1 fichier(s) 62 octets 11 R‚p(s) 27ÿ121ÿ709ÿ056 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\Default User\Application Data 25/02/2003 18:05 <REP> . 25/02/2003 18:05 <REP> .. 18/07/2006 07:28 <REP> Identities 25/02/2003 18:05 <REP> Microsoft 18/07/2006 07:28 <REP> Sonic 18/07/2006 07:28 <REP> Symantec 25/02/2003 18:05 62 desktop.ini 1 fichier(s) 62 octets 6 R‚p(s) 27ÿ121ÿ709ÿ056 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data 25/02/2003 18:05 <REP> . 25/02/2003 18:05 <REP> .. 18/07/2006 07:28 <REP> BVRP Software 18/07/2006 07:28 <REP> Microsoft 18/07/2006 07:28 13ÿ104 GDIPFONTCACHEV1.DAT 18/07/2006 07:28 6ÿ291ÿ456 IconCache.db 2 fichier(s) 6ÿ304ÿ560 octets 4 R‚p(s) 27ÿ121ÿ709ÿ056 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\LocalService\Application Data 25/02/2003 18:19 <REP> . 25/02/2003 18:19 <REP> .. 25/02/2003 18:19 <REP> Microsoft 0 fichier(s) 0 octets 3 R‚p(s) 27ÿ121ÿ709ÿ056 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data 25/02/2003 18:19 <REP> . 25/02/2003 18:19 <REP> .. 25/02/2003 18:19 <REP> Microsoft 0 fichier(s) 0 octets 3 R‚p(s) 27ÿ121ÿ704ÿ960 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\NetworkService\Application Data 25/02/2003 18:19 <REP> . 25/02/2003 18:19 <REP> .. 25/02/2003 18:19 <REP> Microsoft 0 fichier(s) 0 octets 3 R‚p(s) 27ÿ121ÿ704ÿ960 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data 25/02/2003 18:19 <REP> . 25/02/2003 18:19 <REP> .. 25/02/2003 18:19 <REP> Microsoft 0 fichier(s) 0 octets 3 R‚p(s) 27ÿ121ÿ704ÿ960 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\PREMIERE URGENCE\Application Data 18/07/2006 07:29 <REP> . 18/07/2006 07:29 <REP> .. 29/08/2006 08:37 <REP> Adobe 29/08/2006 10:12 <REP> AdobeUM 18/07/2006 17:06 <REP> Apple Computer 09/03/2007 17:11 <REP> DivX 19/07/2006 13:16 <REP> Help 18/07/2006 07:51 <REP> IBM 18/07/2006 07:29 <REP> Identities 09/08/2006 15:22 <REP> InterVideo 18/07/2006 07:45 <REP> Macromedia 18/07/2006 07:29 <REP> Microsoft 18/07/2006 16:55 <REP> Microsoft Web Folders 09/03/2007 17:24 <REP> Mozilla 30/08/2006 10:43 <REP> PlayFirst 18/07/2006 07:29 <REP> Sonic 18/07/2006 07:29 <REP> Symantec 18/07/2006 07:29 62 desktop.ini 27/10/2006 13:07 284 ViewerApp.dat 2 fichier(s) 346 octets 17 R‚p(s) 27ÿ121ÿ704ÿ960 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Documents and Settings\PREMIERE URGENCE\Local Settings\Application Data 18/07/2006 07:29 <REP> . 18/07/2006 07:29 <REP> .. 29/08/2006 10:12 <REP> Adobe 18/07/2006 17:06 <REP> Apple Computer 01/03/2007 16:05 <REP> Bron.tok-18-1 10/12/2006 01:00 <REP> Bron.tok-18-10 11/12/2006 08:02 <REP> Bron.tok-18-11 12/12/2006 08:56 <REP> Bron.tok-18-12 13/12/2006 10:56 <REP> Bron.tok-18-13 14/12/2006 06:53 <REP> Bron.tok-18-14 15/12/2006 08:56 <REP> Bron.tok-18-15 16/03/2007 09:15 <REP> Bron.tok-18-16 17/12/2006 12:43 <REP> Bron.tok-18-17 18/12/2006 08:44 <REP> Bron.tok-18-18 19/12/2006 09:37 <REP> Bron.tok-18-19 02/10/2006 09:41 <REP> Bron.tok-18-2 20/12/2006 09:35 <REP> Bron.tok-18-20 21/12/2006 08:48 <REP> Bron.tok-18-21 24/03/2007 19:44 <REP> Bron.tok-18-24 25/03/2007 01:00 <REP> Bron.tok-18-25 26/03/2007 09:03 <REP> Bron.tok-18-26 27/03/2007 08:53 <REP> Bron.tok-18-27 28/02/2007 12:28 <REP> Bron.tok-18-28 29/03/2007 13:07 <REP> Bron.tok-18-29 05/12/2006 10:54 <REP> Bron.tok-18-5 06/12/2006 09:38 <REP> Bron.tok-18-6 07/12/2006 08:38 <REP> Bron.tok-18-7 08/12/2006 08:18 <REP> Bron.tok-18-8 09/12/2006 07:18 <REP> Bron.tok-18-9 18/07/2006 07:29 <REP> BVRP Software 19/07/2006 13:16 <REP> Help 02/11/2006 09:57 <REP> Identities 02/10/2006 09:46 <REP> Loc.Mail.Bron.Tok 18/07/2006 07:29 <REP> Microsoft 24/08/2006 15:25 <REP> MicroVision Applications 09/03/2007 17:25 <REP> Mozilla 02/10/2006 09:49 <REP> Ok-SendMail-Bron-tok 06/08/2006 13:04 20ÿ480 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 18/07/2006 07:29 13ÿ104 GDIPFONTCACHEV1.DAT 18/07/2006 07:29 4ÿ835ÿ494 IconCache.db 02/10/2006 09:46 51 Kosong.Bron.Tok.txt 4 fichier(s) 4ÿ869ÿ129 octets 37 R‚p(s) 27ÿ121ÿ700ÿ864 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data 25/02/2003 18:17 <REP> . 25/02/2003 18:17 <REP> .. 18/07/2006 07:29 <REP> Identities 25/02/2003 18:17 <REP> Microsoft 18/07/2006 07:29 <REP> Sonic 18/07/2006 07:29 <REP> Symantec 25/02/2003 18:17 62 desktop.ini 1 fichier(s) 62 octets 6 R‚p(s) 27ÿ121ÿ700ÿ864 octets libres Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 25/02/2003 18:17 <REP> . 25/02/2003 18:17 <REP> .. 18/07/2006 07:29 <REP> BVRP Software 18/07/2006 07:26 <REP> Microsoft 18/07/2006 07:29 13ÿ104 GDIPFONTCACHEV1.DAT 18/07/2006 07:29 6ÿ291ÿ456 IconCache.db 2 fichier(s) 6ÿ304ÿ560 octets 4 R‚p(s) 27ÿ121ÿ700ÿ864 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS\tasks Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\WINDOWS\Tasks 10/09/2005 13:49 316 BMMTask.job 25/02/2003 18:13 6 SA.DAT 25/02/2003 18:11 <REP> .. 25/02/2003 18:11 <REP> . 01/01/1980 09:00 65 desktop.ini 3 fichier(s) 387 octets 2 R‚p(s) 27ÿ121ÿ700ÿ864 octets libres ****************************************** ## Répertoires de C:\Program Files Le volume dans le lecteur C s'appelle IBM_PRELOAD Le num‚ro de s‚rie du volume est 584B-B6F2 R‚pertoire de C:\Program Files 01/04/2007 19:40 <REP> . 01/04/2007 19:40 <REP> .. 18/07/2006 17:15 <REP> Adobe 29/03/2007 21:20 <REP> Alwil Software 10/09/2005 13:32 <REP> ATI Technologies 18/07/2006 17:20 <REP> ClearProg 25/02/2003 18:10 <REP> ComPlus Applications 10/09/2005 13:32 <REP> CONEXANT 10/09/2005 13:32 <REP> Digital Line Detect 30/03/2007 10:58 <REP> DivX 13/01/2007 13:14 <REP> Fichiers communs 30/08/2006 10:23 0 gditst 09/03/2007 17:25 <REP> Google 11/08/2006 11:27 <REP> Hewlett-Packard 01/04/2007 19:47 <REP> hijackthis 10/09/2005 13:36 <REP> IBM 10/09/2005 13:39 <REP> IBM DLA 10/09/2005 13:38 <REP> IBM RecordNow! 20/08/2006 15:02 812 INSTALL.LOG 10/09/2005 13:29 <REP> Intel 24/03/2007 18:16 <REP> Internet Explorer 10/09/2005 13:40 <REP> InterVideo 29/08/2006 18:32 <REP> Messenger 18/07/2006 16:55 <REP> microsoft frontpage 18/07/2006 16:55 <REP> Microsoft Office 18/07/2006 16:57 <REP> Microsoft Visual Studio 06/10/2006 09:47 <REP> MLT1100L 25/02/2003 18:11 <REP> Movie Maker 30/03/2007 11:19 <REP> Mozilla Firefox 25/02/2003 18:09 <REP> MSN 25/02/2003 18:10 <REP> MSN Gaming Zone 01/02/2007 19:03 <REP> MSXML 4.0 25/02/2003 18:11 <REP> NetMeeting 10/09/2005 13:32 <REP> NetWaiting 30/08/2006 10:43 <REP> orange 12/01/2007 19:32 <REP> Outlook Express 10/09/2005 13:47 <REP> PC-Doctor for Windows 13/01/2007 13:17 <REP> QuickTime 25/02/2003 18:10 <REP> Services en ligne 10/09/2005 13:38 <REP> Sonic 01/11/2006 20:30 <REP> Sony Corporation 10/09/2005 13:12 <REP> Synaptics 10/09/2005 13:27 <REP> ThinkPad 29/03/2007 18:12 <REP> Vilma 29/03/2007 17:31 <REP> VirtualDJ 14/02/2007 21:45 <REP> Windows Live Safety Center 29/09/2006 15:56 <REP> Windows Media Player 25/02/2003 18:09 <REP> Windows NT 30/03/2007 11:19 <REP> WinRAR 25/02/2003 18:14 <REP> xerox 01/11/2006 20:35 <REP> Yahoo! 2 fichier(s) 812 octets 49 R‚p(s) 27ÿ121ÿ696ÿ768 octets libres ****************************************** ## Popups autorisées * Internet Explorer ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow www.citibank.be REG_BINARY www.safety.live.com REG_BINARY * Mozilla Firefox (1 autorisé 2 interdit) ****************************************** ## Registre * [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Tok-Cirrhatus-6777 REG_SZ "C:\Documents and Settings\PREMIERE URGENCE\Local Settings\Application Data\br14577on.exe" ****************************************** ## Zones de sécurité * HKCU Domains (4) * P3P History (5) ****************************************** ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif" *************** Fin du rapport **************** Voilà sur celui ci aussi il doit rester symantec antivirus donc je vais essayer la meme méthode que pour le premier PC. Merci encore!!

Bonjour, alors j'ai recommencer les manipulations décrites (installation du logiciel remove, les deux liens), le résultat était tjs le même: fenetre d'installation qui apparait. Alors je suis allé dans la Bande de registre et à l'aide de la fonction rechercher, j'ai effacer toutes les clé Symantec, liveupdate et Norton. Maintenant la fenetre n'apparait plus. Le rapport hijack du PC1 est le suivant: Logfile of HijackThis v1.99.1 Scan saved at 11:49:36, on 02/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\WINDOWS\AdobeR.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D89659C-7BD6-4D11-9175-FD22811293EB}: NameServer = 62.128.175.15,62.128.175.14 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe Voilà, je fais les manipulations du 2ème PC et je vous communique tout ça. Merci!!!