baret

bonsoir Bruce comme tu me l'as demandé le rapport de kaspersky KASPERSKY ON-LINE SCANNER REPORT Saturday, May 26, 2007 11:14:32 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 26/05/2007 Enregistrements dans la base antivirus Kaspersky : 309917 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Statistiques de l'analyse Total d'objets analysés 108635 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:56:01 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{2E59F8D4-46AC-49F5-96AF-04D9117480D4}.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{B21C8D74-EFC7-4DEC-B783-83DCCBBD0D8A}.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{BC1B098C-1F0E-4FE8-AA21-F69C2F5C4B9B}.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Application Data\SiteAdvisor\SiteAdv.csh L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Cookies\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Pando\Pando Files\cert\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Application Data\Pando\Pando Files\pando.log L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Historique\History.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Historique\History.IE5\MSHist012007052520070526\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Historique\History.IE5\MSHist012007052620070527\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temp\Acr1B43.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temp\Acr1B55.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temp\Acr278B.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\58JAVFDV\Zodiac.FRENCH.TS.REPACK.1CD.XViD-STS.avi.003[1].avi L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Gilles\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-05-25.18-16-15.log L'objet est verrouillé ignoré C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\AlertFilter.log L'objet est verrouillé ignoré C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\log\httpclient.log L'objet est verrouillé ignoré C:\Program Files\Club-Internet\Le Compagnon Club\SmartBridge\SmartBridge.log L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf L'objet est verrouillé ignoré C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9\A0001101.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9\A0001102.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9\A0001103.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9\A0001104.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP9\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\default L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\sam L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\security L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\software L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\system L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\H323LOG.TXT L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcafee_2ngkI0Rn4Bn8qwS L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcafee_nrJxN8ad6ZQEPKh L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcafee_pXqMozuxJXm9Snt L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_dbGcgcNtkcRAtP5 L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_GpV6DXzcH85xU2e L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_iIVnWQQyD24mare L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_j6szbgmtjF8v5st L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_kedUsVVgPAsPy3P L'objet est verrouillé ignoré C:\WINDOWS\Temp\mcmsc_nwsNNpBSI7QvzgQ L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_338.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_768.dat L'objet est verrouillé ignoré C:\WINDOWS\WIADEBUG.LOG L'objet est verrouillé ignoré C:\WINDOWS\WIASERVC.LOG L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. voila a plus

Bonjour Bruce ci-dessous rapport hijackthis fraichement sorti de mon pc Logfile of HijackThis v1.99.1 Scan saved at 14:59:10, on 26/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\yProxy fr\yProxy.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe au plaisir de te lire baret

re, Si durant la procédure ci-dessous, il y a des étapes que tu n'as pas reussi a faire, merci de continuer la procédure jusqu'au bout et de les signaler dans ta prochaine reponse. Je te conseille d'enregistrer la page web compléte sous Internet Explorer comme ceci : * Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht) / Enregistre la sur le bureau,comme cela tu retrouvera la mise en forme ou imprime cette réponse. Une partie de la désinfection se déroulera en mode sans échec. 1/lance hijackthis en cliquant sur scanner seulement et coche ces lignes: O20 - Winlogon Notify: ssqpm - C:\WINDOWS\ O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing) Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fixer objet 2/ Télécharge OTMoveIt de OldTimer. Sauvegarde le sur ton Bureau. Double-Clique sur OTMoveIt.exe pour le lancer. Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) : CITATION C:\WINDOWS\system32\ssqpm.dll Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller. Clique sur le bouton rouge Moveit!. Ferme OTMoveIt. Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes. Poste moi le rapport de OTMoveIT disponible ici : C:\_OTMoveIt\MovedFiles, en pièce jointe. 3/Poste un nouveau log Hijackthis. Bon courage, et si tu as la moindre question n'hésite surtout pas @+ rebonjour Bruce voila la derniere manip que j'ai conserve apres tu m'as indique de supprime les fichiers infectes et de vide la corbeille tu m'as confirmer de desactiver la restauration puis la réactiver et enfin tu m'as indique des liens pour se proteger mais je ne l'avais pas enregistre baret

bonjour Bruce j'avais vu pour le site je vais voir ce soir chez moi ce que j'ai conservé et je le mettrais en réponse cordialement

Rebonjour Bruce j'ai suivi tes indications (très claires) à la lettre et utilise combofix au reboot je n'ai plus de fenetre m'indiquant erreur de chargement dans windows \temp plus les deux fichiers que ne n'arrivais pas à enlever et dont macafee me disait que c'etait des generic.PUP.q ci-dessous le log de combofix j'ai installe et fait tourne spybot également "Gilles" - 2007-05-19 14:35:03 Service Pack 2 ComboFix 07-05.19.5.V - Running from: "C:\Documents and Settings\Gilles\Bureau\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\gfqwguok.dll C:\WINDOWS\system32\glkbbkft.dll C:\WINDOWS\system32\ssqpm.dll C:\WINDOWS\system32\mpqss.bak1 C:\WINDOWS\system32\mpqss.ini C:\WINDOWS\system32\awtutur.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-19 )))))))))))))))))))))))))))))))))) 2007-05-19 13:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-19 13:03 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe 2007-05-19 12:15 <REP> d-------- C:\VundoFix Backups 2007-05-19 09:29 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise 2007-05-18 22:55 <REP> d-------- C:\WINDOWS\report 2007-05-18 22:54 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-05-18 22:54 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-05-18 22:54 267,845 --a------ C:\WINDOWS\tsc.exe 2007-05-18 22:54 1,101,904 --a------ C:\WINDOWS\vsapi32.dll 2007-05-18 22:54 <REP> d-------- C:\WINDOWS\AU_Backup 2007-05-18 22:53 <REP> d-------- C:\WINDOWS\AU_Temp 2007-05-18 22:53 <REP> d-------- C:\WINDOWS\AU_Log 2007-05-18 22:52 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-05-18 22:52 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-05-18 22:52 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-05-17 16:56 20,976 --a------ C:\WINDOWS\SYSTEM\CTL3D.DLL 2007-05-17 16:56 <REP> d-------- C:\FXIWIN18 2007-05-17 15:39 5,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.sys 2007-05-17 15:38 85,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.sys 2007-05-17 15:38 19,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS 2007-05-17 15:37 17,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.sys 2007-05-17 15:37 11,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.sys 2007-05-17 15:37 10,880 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NdisIP.sys 2007-05-17 15:34 15,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\StreamIP.sys 2007-05-17 15:25 54,784 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll 2007-05-17 15:15 81,920 -ra------ C:\WINDOWS\SYSTEM32\ZS211STI.dll 2007-05-17 15:15 57,344 --a------ C:\WINDOWS\Sti211.exe 2007-05-17 15:15 307,200 --a------ C:\WINDOWS\vidcap32.Exe 2007-05-17 15:15 102,400 -ra------ C:\WINDOWS\ZS211Cap.exe 2007-05-17 15:15 <REP> d-------- C:\WINDOWS\EffectResources 2007-05-17 15:14 49,152 -ra------ C:\WINDOWS\ZSSnp211.EXE 2007-05-17 15:14 49,152 -ra------ C:\WINDOWS\Domino.EXE 2007-05-17 15:14 391,836 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\ZS211.sys 2007-05-17 15:14 163,840 -ra------ C:\WINDOWS\amcap.exe 2007-05-17 15:14 <REP> d-------- C:\WINDOWS\CatRoot 2007-05-10 23:23 <REP> d-------- C:\Program Files\DAEMON Tools 2007-05-09 05:50 <REP> d-------- C:\Program Files\Alcohol Soft(3) 2007-05-07 10:51 <REP> d-------- C:\DOCUME~1\Anick\APPLIC~1\Druide 2007-05-06 09:59 <REP> d-------- C:\Program Files\Vimicro 2007-05-05 16:19 <REP> d-------- C:\Program Files\Mouse 2007-05-05 15:40 <REP> d-------- C:\WINDOWS\setupupd 2007-05-05 15:09 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL 2007-05-05 15:09 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll 2007-05-05 15:09 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll 2007-05-02 19:48 <REP> d-------- C:\Program Files\Druide 2007-05-02 18:58 <REP> d-------- C:\Program Files\Serials 2000 7.1 Plus 2007-05-01 22:51 <REP> d-------- C:\DOCUME~1\ZO7369~1\APPLIC~1\Druide 2007-05-01 22:42 <REP> d-------- C:\DOCUME~1\ZO7369~1\APPLIC~1\SiteAdvisor 2007-05-01 21:51 81,920 --a------ C:\WINDOWS\SYSTEM32\ZDPN50.dll 2007-05-01 21:51 81,920 --a------ C:\WINDOWS\SYSTEM32\ZDBRGDLL.dll 2007-05-01 21:51 28,672 --a------ C:\WINDOWS\SYSTEM32\InsDrvZD.dll 2007-05-01 21:51 247,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ZD11UXP.sys 2007-05-01 21:51 24,576 --a------ C:\WINDOWS\SYSTEM32\ZyDelReg.exe 2007-05-01 14:10 <REP> d-------- C:\DOCUME~1\Gilles\APPLIC~1\Druide 2007-04-28 23:17 <REP> d-------- C:\Program Files\Alcohol Soft(2) 2007-04-28 21:09 4,014,080 --a------ C:\DOCUME~1\Anick\ntuser.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-19 12:31:41 -------- d-----w C:\DOCUME~1\Gilles\APPLIC~1\OpenOffice.org2 2007-05-19 11:47:07 -------- d-----w C:\Program Files\Hijackthis Version Française 2007-05-17 21:41:24 -------- d-----w C:\DOCUME~1\Gilles\APPLIC~1\SolidDocuments 2007-05-13 16:49:41 -------- d-----w C:\Program Files\Easy CD-DA Extractor 10 2007-05-13 16:47:50 -------- d-----w C:\Program Files\Alcohol Soft 2007-05-06 07:59:14 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-05 13:47:03 87,660 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-05-05 13:47:03 493,540 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-04-17 04:41:35 -------- d-----w C:\Program Files\EPSON Print CD 2007-04-14 08:05:28 -------- d-----w C:\Program Files\SiteAdvisor 2007-04-10 06:14:18 -------- d-----w C:\DOCUME~1\Gilles\APPLIC~1\SiteAdvisor 2007-04-10 06:05:00 -------- d-----w C:\Program Files\McAfee.com 2007-04-10 06:05:00 -------- d-----w C:\Program Files\McAfee 2007-04-10 06:00:20 -------- d-----w C:\Program Files\Fichiers communs\McAfee 2007-04-07 13:18:26 -------- d-----w C:\Program Files\Picasa2 2007-03-31 13:07:24 -------- d-----w C:\DOCUME~1\Gilles\APPLIC~1\Real 2007-03-24 20:41:26 -------- d-----w C:\Program Files\Larousse 2007-03-17 23:56:30 -------- d-----w C:\DOCUME~1\Gilles\APPLIC~1\Vso 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 18:07:09 -------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-12 15:58:33 1,901 ----a-w C:\WINDOWS\panose.bin 2007-02-12 07:09:57 74 ---ha-w C:\WINDOWS\efdcet.dat 2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {030AE9F4-6FA9-473E-9916-7794AD7F16B3}=C:\WINDOWS\system32\vturs.dll [] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 16:17] {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41] {1DDE697D-A9EC-486C-B4C8-BE7E1EE1DEEE}=C:\WINDOWS\system32\vturs.dll [] {259F616C-A300-44F5-B04A-ED001A26C85C}=C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-02-10 18:58] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 06:33] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll [2007-04-04 20:29] {B71C4C93-893D-4DD6-ABC3-3F48707E5A82}=C:\WINDOWS\system32\ssttu.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-07 19:12] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50] "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33] "rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2006-07-03 12:01] "NWEReboot"="" [] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16] "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51] "StandardInstall"="" [] "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 20:22] "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-04-26 17:46] "@"="" [] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-05 21:10] "C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe"="C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe" [2007-01-16 18:03] "WheelMouse"="C:\PROGRA~1\Mouse\Amoumain.exe" [2005-08-29 09:31] "ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-11-21 05:32] "Domino"="C:\WINDOWS\Domino.exe" [2006-11-21 05:32] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54] "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-11-04 21:54] "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-04-26 17:46] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 20:29] "@"="" [] "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 19:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpm] C:\WINDOWS\system32\ssqpm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32] winwly32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 Security Packages kerberos msv1_0 schannel wdigest Notification Packages scecli [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HTTPFilter HTTPFilter LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV NetworkService DnsCache DcomLaunch DcomLaunch TermService rpcss RpcSs imgsvc StiSvc termsvcs TermService WudfServiceGroup WUDFSvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-04-10 05:59:55 C:\WINDOWS\tasks\McDefragTask.job 2007-04-10 05:59:53 C:\WINDOWS\tasks\McQcTask.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-19 14:43:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"?????B????????????a?w????????????????p????????????????????b?w????p???????????8???????????h??w????p???????z??wp???????????)??|??????? scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-19 14:49:17 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-19 14:49 --- E O F --- toute ma reconnaissance à toi et à ce super forum ps un jour j'aimerais bien comprendre les logs et pouvoir également venir en aide mais le chemin est encore long je te remercie aussi de ta patience avec moi

rebonjour Bruce je l'ai fait plusieurs fois voici les logs VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 12:15:52 19/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\jdcohrkn.dll C:\WINDOWS\system32\srutv.bak1 C:\WINDOWS\system32\srutv.bak2 C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\vturs.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\jdcohrkn.dll C:\WINDOWS\system32\jdcohrkn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\srutv.bak1 C:\WINDOWS\system32\srutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\srutv.bak2 C:\WINDOWS\system32\srutv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\srutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturs.dll C:\WINDOWS\system32\vturs.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 12:50:48 19/05/2007 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\brlhgtfx.ini C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\uttss.bak1 C:\WINDOWS\system32\uttss.ini C:\WINDOWS\SYSTEM32\xftghlrb.dll Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\brlhgtfx.ini C:\WINDOWS\SYSTEM32\brlhgtfx.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ssttu.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\uttss.bak1 C:\WINDOWS\system32\uttss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\xftghlrb.dll C:\WINDOWS\SYSTEM32\xftghlrb.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ssttu.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 13:12:54 19/05/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 13:38:18 19/05/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Logfile of HijackThis v1.99.1 Scan saved at 13:47:17, on 19/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {030AE9F4-6FA9-473E-9916-7794AD7F16B3} - C:\WINDOWS\system32\vturs.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {1DDE697D-A9EC-486C-B4C8-BE7E1EE1DEEE} - C:\WINDOWS\system32\vturs.dll (file missing) O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\gfqwguok.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll O2 - BHO: (no name) - {B71C4C93-893D-4DD6-ABC3-3F48707E5A82} - C:\WINDOWS\system32\ssttu.dll (file missing) O2 - BHO: (no name) - {B78D2BC2-76AA-4B1A-A207-BEA15773050D} - C:\WINDOWS\system32\awtutur.dll O2 - BHO: (no name) - {C1807241-12A9-4E16-B140-7F087142AB51} - C:\WINDOWS\system32\glkbbkft.dll O2 - BHO: (no name) - {D7FE695B-EEAC-4A4C-891D-596EB2507E7b} - C:\WINDOWS\system32\glkbbkft.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\xftghlrb.dll",realset O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: awtutur - C:\WINDOWS\SYSTEM32\awtutur.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe merci à toi j'espère que je pourrais ne plus avoir cette fenetre au démarrage qui m'indique l'erreur de chargement de la bestiole

rebonjour je viens de rebooter mon pc et j'ai au demarrage une fenetre qui m'indique erreur de chargement de c:\windows\system32\xftghlrb.dll je ne sais pas à quoi ca corresponde

j'ai été trop content trop vite je viens d'avoir des fenetres de pub qui viennent de s'ouvrir et macafee vient de m'indique qu'il a detecte vundo.dll qui vient de supprimer dommage à plus

bonjour Bruce et un grand merci ca fait chaud au coeur de savoir que des personnes comme toi existe et prennent de leur temps pour aider des novices comme moi j'ai fait comme tu me l'as indique j'ai serre les fesses pour que tout remarche bien et je joins les logs de vundofix et hijackthis apres l'utilisation de VundoFix.exe VundoFix V6.3.23 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 12:15:52 19/05/2007 Listing files found while scanning.... C:\WINDOWS\system32\jdcohrkn.dll C:\WINDOWS\system32\srutv.bak1 C:\WINDOWS\system32\srutv.bak2 C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\vturs.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\jdcohrkn.dll C:\WINDOWS\system32\jdcohrkn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\srutv.bak1 C:\WINDOWS\system32\srutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\srutv.bak2 C:\WINDOWS\system32\srutv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\srutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturs.dll C:\WINDOWS\system32\vturs.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 12:32:53, on 19/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {030AE9F4-6FA9-473E-9916-7794AD7F16B3} - C:\WINDOWS\system32\vturs.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {1DDE697D-A9EC-486C-B4C8-BE7E1EE1DEEE} - C:\WINDOWS\system32\vturs.dll (file missing) O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\gfqwguok.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll O2 - BHO: (no name) - {B78D2BC2-76AA-4B1A-A207-BEA15773050D} - C:\WINDOWS\system32\awtutur.dll O2 - BHO: (no name) - {C1807241-12A9-4E16-B140-7F087142AB51} - C:\WINDOWS\system32\glkbbkft.dll O2 - BHO: (no name) - {D7FE695B-EEAC-4A4C-891D-596EB2507E7b} - C:\WINDOWS\system32\glkbbkft.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: awtutur - C:\WINDOWS\SYSTEM32\awtutur.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe au plaisir de te lire baret

bonjour à tous suis novice dans ce domaine et depuis une semaine quand je surf sur internet j'ai des fenetres de pub pour laplupart du temps un antivirus windoctor qui s'ouvre mon antivirus macafee m'a signale des fichiers qu'il ne peut ni reparer ni supprimer comme winwly32.dll et deux fichiers qui sont dans le repertoire temp de windows on regardant sur le forum j'ai vu qu'il etait important d'utiliser hijackthis pour savoir de quoi il en retournait j'ai installe ce logiciel et j'ai un log mais pour moi ca reste du chinois si quelqu'un pouvait m'aider ca serait super je mets le log Logfile of HijackThis v1.99.1 Scan saved at 08:57:52, on 19/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Pando Networks\Pando\Pando.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\PROGRA~1\Mouse\Amoumain.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\yProxy fr\yProxy.exe C:\Program Files\Outlook Express\MSIMN.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe C:\Documents and Settings\Gilles\Mes documents001hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe avec le plaisir de vous lire cordialement baret