nanouetalain

BRAVO et un grand merci pour ton intervention, Super pro.. Tout semble de nouveau ok,OUF!!! @+!

dernier bilan.... @ bientôt Logfile of HijackThis v1.99.1 Scan saved at 22:11:52, on 18/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\aaa\Bureau\hijackthis\naou.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

bonsoir, vundo fix ne trouve aucune erreur,ouf!!!! @+ Logfile of HijackThis v1.99.1 Scan saved at 19:39:17, on 18/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\aaa\Bureau\hijackthis\naou.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O2 - BHO: (no name) - -{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {43DE05EB-4F4B-4ED9-BE0D-09F3EA6B3936} - C:\WINDOWS\system32\iifedcy.dll (file missing) O2 - BHO: (no name) - {54F2F32D-8AF7-4F10-9C8B-AD4F2C723D64} - C:\WINDOWS\system32\pmnnl.dll (file missing) O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\nbbbwobs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {8AF5FF06-06D3-40DF-B765-D2E37612B98F} - (no file) O2 - BHO: (no name) - {8BB0C6BC-93B7-487A-A781-4961463CF88D} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {BC58AA6E-51D2-46AF-80A9-1056548EC7EE} - (no file) O2 - BHO: (no name) - {D9244602-72D2-41A0-9D86-DBD4613F2E62} - (no file) O2 - BHO: (no name) - {FD6DCE8D-7904-4B79-AC99-360C5E6DDFC5} - (no file) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: iifedcy - iifedcy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

bonjour, merci pour la suggestion mais je viens de vérifier le mode dans type de démarrage et il était déja en désactivé.... @+

voila le contenu du rapport situé dans C:\vundofix.txt: @ +... C:\WINDOWS\system32\lnnmp.bak1 C:\WINDOWS\system32\lnnmp.bak2 C:\WINDOWS\system32\lnnmp.ini C:\WINDOWS\system32\pmnnl.dll Logfile of HijackThis v1.99.1 Scan saved at 14:34:11, on 18/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\aaa\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O2 - BHO: (no name) - -{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {43DE05EB-4F4B-4ED9-BE0D-09F3EA6B3936} - C:\WINDOWS\system32\iifedcy.dll O2 - BHO: (no name) - {54F2F32D-8AF7-4F10-9C8B-AD4F2C723D64} - C:\WINDOWS\system32\pmnnl.dll (file missing) O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\nbbbwobs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {8AF5FF06-06D3-40DF-B765-D2E37612B98F} - (no file) O2 - BHO: (no name) - {8BB0C6BC-93B7-487A-A781-4961463CF88D} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {BC58AA6E-51D2-46AF-80A9-1056548EC7EE} - (no file) O2 - BHO: (no name) - {D9244602-72D2-41A0-9D86-DBD4613F2E62} - (no file) O2 - BHO: (no name) - {FD6DCE8D-7904-4B79-AC99-360C5E6DDFC5} - (no file) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: iifedcy - C:\WINDOWS\SYSTEM32\iifedcy.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

voilà ce que çà donne.. à + Logfile of HijackThis v1.99.1 Scan saved at 13:56:02, on 18/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\aaa\Bureau\hijackthis\naou.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O2 - BHO: (no name) - -{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {43DE05EB-4F4B-4ED9-BE0D-09F3EA6B3936} - C:\WINDOWS\system32\iifedcy.dll O2 - BHO: (no name) - {54F2F32D-8AF7-4F10-9C8B-AD4F2C723D64} - C:\WINDOWS\system32\pmnnl.dll O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\nbbbwobs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {8AF5FF06-06D3-40DF-B765-D2E37612B98F} - (no file) O2 - BHO: (no name) - {8BB0C6BC-93B7-487A-A781-4961463CF88D} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {BC58AA6E-51D2-46AF-80A9-1056548EC7EE} - (no file) O2 - BHO: (no name) - {D9244602-72D2-41A0-9D86-DBD4613F2E62} - (no file) O2 - BHO: (no name) - {FD6DCE8D-7904-4B79-AC99-360C5E6DDFC5} - (no file) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: iifedcy - C:\WINDOWS\SYSTEM32\iifedcy.dll O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

et bien, il y a toujours des pubs très souvent à apparaitre lors des navigations sur le net (pub meeetic, pub antivirus...,) celà est carrement insupportable.... @+

et voilà le résultat... @ bientôt Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 File to upload & scan: Service Service load: 0% 100% File: MAJ_350_350.zip Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5 afbc0c81be1bccf44a950e2b0d579662 Packers detected: - Scanner results Scan taken on 18 May 2007 10:54:24 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found suspicious file (encrypted program in archive) F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all! -------------------------------------------------------------------------------- Statistics Last file scanned at least one scanner reported something about: QQ2007.exe (MD5: c21784303496a06e384e6ad90ecc7bad, size: 27398 bytes), detected by: Scanner Malware name A-Squared X AntiVir TR/Proxy.Delf.CA ArcaVir X Avast Win32:Nilage-AI AVG Antivirus X BitDefender Generic.PWStealer.B33DE229 ClamAV X Dr.Web DLOADER.Trojan F-Prot Antivirus W32/Downloader.gen10 F-Secure Anti-Virus Trojan-PSW.Win32.QQPass.pf Fortinet X Kaspersky Anti-Virus Trojan-PSW.Win32.QQPass.pf NOD32 X Norman Virus Control Suspicious_F.gen Panda Antivirus X Rising Antivirus X VirusBuster Packed/FSG VBA32 Trojan-PSW.Lmir.104 (paranoid heuristics) You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. Frequently asked questions - Feedback - Privacy policy Page generated by JTPL Copyright © 2004-2007 Jordi Bosveld <[email protected]>

bonjour, voilà les dernières nouvelles... @+ KASPERSKY ON-LINE SCANNER REPORT Friday, May 18, 2007 8:11:35 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 17/05/2007 Enregistrements dans la base antivirus Kaspersky : 303062 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse Total d'objets analysés 95388 Nombre de virus trouvés 1 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 6 Durée de l'analyse 02:37:44 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\aaa\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\ApplicationHistory\iexplore.exe.26e3ad32.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Identities\{46CA5865-21A8-4647-AFDD-033033299677}\Microsoft\Outlook Express\Boîte de réception.dbx L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Identities\{46CA5865-21A8-4647-AFDD-033033299677}\Microsoft\Outlook Express\Folders.dbx L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Identities\{46CA5865-21A8-4647-AFDD-033033299677}\Microsoft\Outlook Express\Offline.dbx L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CEF05E8C-EB31-4D56-8B1A-C296D086063A} L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Historique\History.IE5\MSHist012007051720070518\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temp\IMG4C.tmp L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_342.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_342.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_350.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_350.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\à faire\MAJ_350_350.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\à faire\MAJ_350_350.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05152007-155527.log L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Spamihilator\SPA37E6.tmp.log L'objet est verrouillé ignoré C:\Program Files\Spamihilator\SPA37E7.tmp.log L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\tracking.log L'objet est verrouillé ignoré C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini L'objet est verrouillé ignoré C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log L'objet est verrouillé ignoré C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.

bonsoir, les fichiers à supprimer étaient introuvables.. ci dessous le dernier bilan!! à bientôt KASPERSKY ON-LINE SCANNER REPORT Thursday, May 17, 2007 6:03:54 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 17/05/2007 Enregistrements dans la base antivirus Kaspersky : 302957 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse Total d'objets analysés 94989 Nombre de virus trouvés 2 Nombre d'objets infectés 1 / 0 Nombre d'objets suspects 6 Durée de l'analyse 02:22:01 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\aaa\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\ApplicationHistory\Explorer.EXE.3c2f65a1.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\ApplicationHistory\iexplore.exe.26e3ad32.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{904E3871-945C-49F3-9690-2D51A7C4E373} L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Historique\History.IE5\MSHist012007051720070518\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temp\IMG2.tmp L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temp\jshdxrxe.dll L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_342.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_342.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_350.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_350.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\à faire\MAJ_350_350.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\à faire\MAJ_350_350.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05152007-155527.log L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Spamihilator\SPA436D.tmp.log L'objet est verrouillé ignoré C:\Program Files\Spamihilator\SPA436F.tmp.log L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\tracking.log L'objet est verrouillé ignoré C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini L'objet est verrouillé ignoré C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\nbbbwobs.dll Infecté : Trojan.Win32.BHO.g ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.

re, ça était un peu long... voici le dernier résultat obtenu? @++ Thursday, May 17, 2007 10:08:28 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 16/05/2007 Enregistrements dans la base antivirus Kaspersky : 302162 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse Total d'objets analysés 95335 Nombre de virus trouvés 3 Nombre d'objets infectés 8 / 0 Nombre d'objets suspects 6 Durée de l'analyse 02:21:15 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\aaa\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-131e8132/FcPred.class Infecté : Trojan-Downloader.Java.Agent.c ignoré C:\Documents and Settings\aaa\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-131e8132 ZIP: infecté - 1 ignoré C:\Documents and Settings\aaa\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\ApplicationHistory\Explorer.EXE.3c2f65a1.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\ApplicationHistory\iexplore.exe.26e3ad32.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E6A9ACFF-CF32-439A-AFD4-9FCBF0EDCFA5} L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temp\IMG1.tmp L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_342.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_342.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_350.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\maj\MAJ_350_350.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\à faire\MAJ_350_350.zip/MAJ_V_Medion_350rm30_OBS.exe Suspect : Password-protected-EXE ignoré C:\Documents and Settings\aaa\Mes documents\application\gps\à faire\MAJ_350_350.zip ZIP: suspect - 1 ignoré C:\Documents and Settings\aaa\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\aaa\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05152007-155527.log L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\tracking.log L'objet est verrouillé ignoré C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini L'objet est verrouillé ignoré C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log L'objet est verrouillé ignoré C:\VundoFix Backups\efniqkse.dll.bad Infecté : Trojan.Win32.BHO.o ignoré C:\VundoFix Backups\gpdfaphc.dll.bad Infecté : Trojan.Win32.BHO.o ignoré C:\VundoFix Backups\hwgubmhb.dll.bad Infecté : Trojan.Win32.BHO.o ignoré C:\VundoFix Backups\vlhnsqby.dll.bad Infecté : Trojan.Win32.BHO.o ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\cpfgbbxa.dll Infecté : Trojan.Win32.BHO.o ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\kmraupvh.dll Infecté : Trojan.Win32.BHO.o ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.

bonsoir, petit souci avec AVG AS qui a bien traité plusieurs fichiers infecté mais qui me dit "aucun rapport"....?? voilà à suivre le dernier rapport HijackThis: @+ (et merci..) Logfile of HijackThis v1.99.1 Scan saved at 19:07:14, on 16/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Documents and Settings\aaa\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

bonjour, voila donc mes derniers rapports obtenus??....: VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 18:27:46 15/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\abeeg.ini2 C:\WINDOWS\system32\geeba.dll C:\WINDOWS\system32\hqcebtnq.ini C:\WINDOWS\system32\qntbecqh.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\abeeg.ini2 C:\WINDOWS\system32\abeeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\geeba.dll C:\WINDOWS\system32\geeba.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\hqcebtnq.ini C:\WINDOWS\system32\hqcebtnq.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qntbecqh.dll C:\WINDOWS\system32\qntbecqh.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 19:01:01 15/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\rqtss.bak1 C:\WINDOWS\system32\rqtss.ini C:\WINDOWS\system32\sstqr.dll C:\WINDOWS\system32\vlhnsqby.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\rqtss.bak1 C:\WINDOWS\system32\rqtss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtss.ini C:\WINDOWS\system32\rqtss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\sstqr.dll C:\WINDOWS\system32\sstqr.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\vlhnsqby.dll C:\WINDOWS\system32\vlhnsqby.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 19:28:14 15/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\ttstv.bak1 C:\WINDOWS\system32\ttstv.ini C:\WINDOWS\system32\vtstt.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ttstv.bak1 C:\WINDOWS\system32\ttstv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttstv.ini C:\WINDOWS\system32\ttstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtstt.dll C:\WINDOWS\system32\vtstt.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 19:44:34 15/05/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 20:45:46 15/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\efniqkse.dll C:\WINDOWS\system32\rqtss.bak1 C:\WINDOWS\system32\rqtss.ini C:\WINDOWS\system32\sstqr.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\efniqkse.dll C:\WINDOWS\system32\efniqkse.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtss.bak1 C:\WINDOWS\system32\rqtss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtss.ini C:\WINDOWS\system32\rqtss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\sstqr.dll C:\WINDOWS\system32\sstqr.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 21:20:24 15/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\xycdd.bak1 C:\WINDOWS\system32\xycdd.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\ddcyx.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\xycdd.bak1 C:\WINDOWS\system32\xycdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\xycdd.ini C:\WINDOWS\system32\xycdd.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 22:28:07 15/05/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 22:44:32 15/05/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 06:59:27 16/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\hwgubmhb.dll C:\WINDOWS\system32\xycdd.bak1 C:\WINDOWS\system32\xycdd.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\ddcyx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\hwgubmhb.dll C:\WINDOWS\system32\hwgubmhb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xycdd.bak1 C:\WINDOWS\system32\xycdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\xycdd.ini C:\WINDOWS\system32\xycdd.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 08:36:21 16/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\gpdfaphc.dll C:\WINDOWS\system32\ihkmp.bak1 C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\pmkhi.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\gpdfaphc.dll C:\WINDOWS\system32\gpdfaphc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ihkmp.bak1 C:\WINDOWS\system32\ihkmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\ihkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pmkhi.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pmkhi.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 09:00:27, on 16/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\aaa\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

voila le dernier rapport... Logfile of HijackThis v1.99.1 Scan saved at 20:42:28, on 15/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\aaa\Bureau\hijackthis\nanouetalain.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O2 - BHO: (no name) - -{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {43DE05EB-4F4B-4ED9-BE0D-09F3EA6B3936} - C:\WINDOWS\system32\iifedcy.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {8AF5FF06-06D3-40DF-B765-D2E37612B98F} - C:\WINDOWS\system32\sstqr.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {D9244602-72D2-41A0-9D86-DBD4613F2E62} - C:\WINDOWS\system32\geeba.dll (file missing) O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\efniqkse.dll O2 - BHO: (no name) - {FD6DCE8D-7904-4B79-AC99-360C5E6DDFC5} - C:\WINDOWS\system32\vtstt.dll (file missing) O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O20 - Winlogon Notify: iifedcy - C:\WINDOWS\SYSTEM32\iifedcy.dll O20 - Winlogon Notify: sstqr - C:\WINDOWS\system32\sstqr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

merci pour ta réponse.. voilà les rapports obtenus: vundofix: C:\WINDOWS\system32\abeeg.ini2 C:\WINDOWS\system32\geeba.dll C:\WINDOWS\system32\hqcebtnq.ini C:\WINDOWS\system32\qntbecqh.dll Logfile of HijackThis v1.99.1 Scan saved at 18:54:53, on 15/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\aaa\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js) O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe