chtipoutibouille

voici l analyse hijack this Clean Navipromo version 2.0.2 commencé le 05/06/2007 à 20:13:41,79 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** Creation backups fichiers trouvés par Blacklight *** Copie vers "C:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Blacklight *** ** 2ème passage ** C:\WINDOWS\system32\zdcfpskmy_navup.dat absent ! C:\WINDOWS\system32\zdcfpskmy_navtmp.dat absent ! C:\WINDOWS\system32\zdcfpskmy_m2s.xml absent ! C:\WINDOWS\system32\zdcfpskmy.dat trouvé ! Copie C:\WINDOWS\system32\zdcfpskmy.dat réalise avec succes ! C:\WINDOWS\system32\zdcfpskmy.dat supprimé ! C:\WINDOWS\system32\zdcfpskmy_nav.dat trouvé ! Copie C:\WINDOWS\system32\zdcfpskmy_nav.dat réalise avec succes ! C:\WINDOWS\system32\zdcfpskmy_nav.dat supprimé ! C:\WINDOWS\system32\zdcfpskmy_navps.dat trouvé ! Copie C:\WINDOWS\system32\zdcfpskmy_navps.dat réalise avec succes ! C:\WINDOWS\system32\zdcfpskmy_navps.dat supprimé ! C:\WINDOWS\prefetch\zdcfpskmy*.pf trouvé ! Copie C:\WINDOWS\prefetch\zdcfpskmy*.pf réalise avec succes ! C:\WINDOWS\prefetch\zdcfpskmy*.pf supprimé ! C:\WINDOWS\system32\zdcfpskmy.exe trouvé ! Copie C:\WINDOWS\system32\zdcfpskmy.exe réalise avec succes ! C:\WINDOWS\system32\zdcfpskmy.exe supprimé ! *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\MessengerSkinner ...suppression... C:\Program Files\MessengerSkinner supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\b\Application Data *** ...\Application Data\MessengerSkinner ...suppression... ...\Application Data\MessengerSkinner supprimé ! *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\b\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * ** *** **** ***** ****** ******* ******** C:\WINDOWS\System32\uuonzq.exe trouvé ! Copie C:\WINDOWS\system32\uuonzq.exe réalise avec succes ! C:\WINDOWS\system32\uuonzq.exe supprimé ! 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le 05/06/2007 à 20:16:32,64 *** pour information g pas pu lancer avg en mode sans echec du cou je l ai lancé là voici le rapport AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 21:11:02 05/06/2007 + Résultat de l'analyse: HKU\S-1-5-21-1482476501-2025429265-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Adware.RogueSuspect : Nettoyé et sauvegardé (mise en quarantaine). :mozilla.26:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\b\Cookies\b@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.103:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.104:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.115:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.116:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.20:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.27:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.47:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@incredimailltd.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\b\Cookies\b@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\b\Cookies\b@adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé. :mozilla.29:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.30:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\b\Cookies\b@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.216:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé. :mozilla.193:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.194:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.195:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.48:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.49:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\b\Cookies\b@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.14:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.15:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.23:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.62:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\b\Cookies\b@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\b\Cookies\b@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\b\Cookies\b@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\b\Cookies\b@fortunecity[1].txt -> TrackingCookie.Fortunecity : Nettoyé. :mozilla.219:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.26:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.27:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.76:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.77:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. C:\Documents and Settings\b\Cookies\b@ilead.itrack[1].txt -> TrackingCookie.Itrack : Nettoyé. :mozilla.202:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Live : Nettoyé. :mozilla.203:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Live : Nettoyé. :mozilla.204:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Live : Nettoyé. :mozilla.205:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Live : Nettoyé. C:\Documents and Settings\b\Cookies\b@search.live[1].txt -> TrackingCookie.Live : Nettoyé. :mozilla.13:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.21:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.121:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\b\Cookies\b@data2.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\b\Cookies\b@overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\b\Cookies\b@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. :mozilla.221:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé. C:\Documents and Settings\b\Cookies\b@www.paypal[1].txt -> TrackingCookie.Paypal : Nettoyé. C:\Documents and Settings\b\Cookies\b@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé. :mozilla.31:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.32:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. C:\Documents and Settings\b\Cookies\b@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.162:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.163:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.164:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.165:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.166:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.37:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\b\Cookies\b@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\b\Cookies\b@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.223:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.224:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.225:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\b\Cookies\b@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\b\Cookies\b@specificclick[2].txt -> TrackingCookie.Specificclick : Nettoyé. C:\Documents and Settings\b\Cookies\b@h.starware[1].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\b\Cookies\b@starware[2].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\b\Cookies\b@try.starware[1].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\b\Cookies\b@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.172:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.176:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.35:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.36:E:\Mes documents\Nora\doc internet\NORA\qkn1kpa7.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\b\Cookies\b@bnpparibas.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\b\Cookies\b@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.198:C:\Documents and Settings\b\Application Data\Mozilla\Firefox\Profiles\nru6h5cr.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. C:\Documents and Settings\b\Cookies\b@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé. voici hijack apres tous ca Logfile of HijackThis v1.99.1 Scan saved at 21:12:20, on 05/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\explorer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Inventel\Gateway\WLANCFG.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\eMule\emule.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\b\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [swPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe voila voila bon courage

re au fait pour spy bot il me trouve que des cookie traceurs zedo, par contre j ai toujours ces fenetres qui s ouvrent seules olivier

Me revoila, merci bruce lee pour ta réponse voici la recherche de navilog Search Navipromo version 2.0.2 commencé le 05/06/2007 à 14:23:00,48 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** C:\Program Files\MessengerSkinner trouvé ! *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\b\Application Data *** ...\Application Data\MessengerSkinner trouvé ! *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : Processus caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\zdcfpskmy.exe *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\zdcfpskmy.dat trouvé ! ** C:\WINDOWS\system32\zdcfpskmy.dat trouvé ! *** **** C:\WINDOWS\system32\zdcfpskmy_navps.dat trouvé ! ***** ****** ******* ******** C:\WINDOWS\system32\uuonzq.exe trouvé ! C:\WINDOWS\system32\zdcfpskmy.exe trouvé ! *** Analyse Terminé le 05/06/2007 à 14:24:24,51 *** pour info le scan en ligne de kaspersky n a rien donné merci encore Olivier

Encore une victime de ses satanées fenetres de pub qui s ouvrent seulent et ralentissent le pc d une copine. Voici déja un rapport hijack this, le scan en ligne sui avec une analyse spybot, d avance merci pour votre réponse. olivier Logfile of HijackThis v1.99.1 Scan saved at 23:14:10, on 04/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\RAM Idle LE\RAM_XP.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\b\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [swPrnMon] "C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

merci encore regis olivier

voila c'est fini, g relancé spybot et plus rien milles merci regis et quand tu veux pour allez boire un coup olivier

me revoila c bizzar ca kaspersky a rien trouvé voici le compte rendu Total d'objets analysés 104157 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 02:20:35 Nom de l'objet infecté Nom du virus Dernière action H:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré H:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré H:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré H:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré H:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré H:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\cert8.db L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\formhistory.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\history.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\key3.db L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\parent.lock L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\search.sqlite L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\urlclassifier2.sqlite L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\call256.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\callmember256.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\chat512.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\chatmember256.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\chatmsg256.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\contactgroup256.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\dyncontent\bundle.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\index2.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\profile256.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\user1024.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\user16384.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Application Data\Skype\chtipoutibouille\voicemail256.dbb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Cookies\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Messenger\chti.pou@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Messenger\chti.pou@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Messenger\chti.pou@hotmail.fr\SharingMetadata\Working\database_6A88_A8B8_88A8_83E3\dfsr.db L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Messenger\chti.pou@hotmail.fr\SharingMetadata\Working\database_6A88_A8B8_88A8_83E3\fsr.log L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Messenger\chti.pou@hotmail.fr\SharingMetadata\Working\database_6A88_A8B8_88A8_83E3\tmp.edb L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows Live Contacts\chti.pou@hotmail.fr\real\members.stg L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows Live Contacts\chti.pou@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7h60f7l.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Historique\History.IE5\MSHist012007053120070601\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp\hsperfdata_PROPRIETAIRE\2144 L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp\~DFC046.tmp L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp\~DFC060.tmp L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp\~DFD307.tmp L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp\~DFD321.tmp L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\NTUSER.DAT L'objet est verrouillé ignoré H:\Documents and Settings\PROPRIETAIRE\ntuser.dat.LOG L'objet est verrouillé ignoré H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-05-31.19-39-12.log L'objet est verrouillé ignoré H:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré H:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré H:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré H:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré H:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré H:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré H:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP1\change.log L'objet est verrouillé ignoré H:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré H:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1A0F380A-6AFC-4F9C-9998-417872507673}.crmlog L'objet est verrouillé ignoré H:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré H:\WINDOWS\SoftwareDistribution\EventCache\{E9CCD41A-5F34-401B-AD68-1D323BAB8080}.bin L'objet est verrouillé ignoré H:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré H:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré H:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré H:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré H:\WINDOWS\system32\config\default L'objet est verrouillé ignoré H:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré H:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré H:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré H:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré H:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré H:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré H:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré H:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré H:\WINDOWS\system32\config\software L'objet est verrouillé ignoré H:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré H:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré H:\WINDOWS\system32\config\system L'objet est verrouillé ignoré H:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré H:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré H:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré H:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat L'objet est verrouillé ignoré H:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré H:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré H:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré H:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré I:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.

au secour regis, j ai vider spybot, puis je me suis dit allez relance le search and destroy, cette cochonnerie es toujours là! argggghhhhhhh allez je lance quand meme kaspersky merci olivier

merci regis il marche super bien le pc, zut j'ai virer la quarantaine de spysweeper, allez je vire celle de spybot et te renvoi un scan, Encore une fois merci pour le temps que tu y a passé olivier

me revoila, voici le deuxieme rapport de scan en ligne KASPERSKY ONLINE SCANNER REPORT Thursday, May 31, 2007 7:56:58 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 31/05/2007 Kaspersky Anti-Virus database records: 313703 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics Total number of scanned objects 104611 Number of viruses found 1 Number of infected objects 0 / 0 Number of suspicious objects 6 Duration of the scan process 01:49:30 Infected Object Name Virus Name Last Action H:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu1000272.exe Suspicious: Password-protected-EXE skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt2.zip/retadpu1000272.exe Suspicious: Password-protected-EXE skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt2.zip ZIP: suspicious - 1 skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt5.zip/retadpu1000272.exe Suspicious: Password-protected-EXE skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt5.zip ZIP: suspicious - 1 skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS01D4D752-AC01-4941-A61C-EABA765322A2.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS03F7038A-1CAC-47CD-B45B-C44586C09A77.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0424126F-70A1-4369-92A8-5BA3DADF3E7E.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09E46473-30E4-4E05-9CA4-91752851FB8F.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D3AC1D3-C2C7-43C6-A187-9AF24F2793F6.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0DCCC8F6-E1CB-4C30-97AD-5336FC8EC8C4.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F604868-A898-4165-A46D-AFD04BF88BC5.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS125DC902-6C74-48AA-983B-12C4221925D4.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1381D42D-0636-4A52-AE3F-D0D92F78EBE8.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS19A91271-9B08-4C65-A2CB-8220EA73F0D0.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1E700EEF-2753-484A-9D20-1EA114023AB2.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2AB6F5F5-4B87-4890-9CD1-9E99F938CA8D.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D2637DA-4078-4D43-A82F-AF4138A9D1E2.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3092C6DF-AA58-4645-BD68-848973E235FC.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS323A7643-C1CE-4019-9368-73345C0FC887.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B50B31E-1BA8-43C3-B6B8-53D7107BB8B3.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS408B783E-1F95-4F9F-8251-DDBC90598204.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4123AAFE-F613-48EE-BC08-067181DBFFE7.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4879EF18-DC10-4CCA-B193-B97AB02817C1.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS504FB203-9AB7-48B2-8B74-D748B6D48E57.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS584119ED-3CDB-4934-B7FA-839C4F071920.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS59433B07-A65D-422D-B320-34AA4F4BE5B6.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS615DCF78-22A8-4A01-9891-2F1156392684.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6656B2A7-05EF-495D-B411-F37A88F7AEAD.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS67C06AB9-7197-4205-AE1B-C2F403DE330C.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B02728B-F273-4BA7-82F8-82D40C443375.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CA07027-6722-4EBA-8ED5-F727B7D66E45.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS71FEAF16-303D-4959-8EA4-5F4BC8E55D91.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS74688718-9C90-4160-A232-41960CBDFCFD.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS779F5DFE-F3FC-413B-B0CA-4DCE68D7FD93.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78B07302-63BF-416F-BEAB-D2BA4540E44B.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87B79C83-764D-49CA-87CC-D40834A16E79.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88ABBEA4-FA67-4B55-9D10-98B1715906E3.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8A6E7922-A5E2-4DAE-840B-8E8B097DEEB1.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS934EE6AA-4E0D-4440-95B1-D6C6DD028E26.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9514A268-21AA-4411-BCF3-7C44F101CCF3.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS957A2FA1-347B-4F53-BCDE-D62769DDC55A.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS95DEAC55-D76B-4E95-93F4-7E4BECA6882A.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A06A991-1F85-4BE6-9DBD-B1B50A5BE2FF.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C03C606-ED30-4D82-81FD-6E78EB22F863.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C33297A-C3F1-4F93-BE21-36543AF65D29.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0B6FFE1-7E00-4C29-8B81-A14A4627CDF7.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA31DCA6C-B3C4-43DB-B440-46AC2205D265.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC75BC53-605E-4205-9206-E9EBDC205E8A.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC8FE850-E2D2-4F6F-854D-00C752475A9D.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF1B8E7B-265E-4F7E-A8DF-D5987288738E.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBDC151F4-3754-48A3-872D-438AA2EAE4FA.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF8774A7-E44B-4D35-BC39-72434031BBDD.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC046B5D9-0FFB-473D-BDA0-F98C7296743C.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC23C90F7-011D-4F8E-AC2C-C13BB224E436.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC39EC968-4686-4DC6-8C51-0CDFAAC38803.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC3EAEA7E-D90A-4B4E-8F2C-AE34831633EC.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC77B7F37-D59C-425C-A549-489CF39BB80C.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCAC23C30-18F9-4CDF-90D7-CCAECCF7E4A3.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCFA3D604-6B16-4732-8A78-3D59E763CBB0.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA31FC5F-2F4A-446D-8056-148C60B1C508.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDDBAF377-00AD-49C9-9639-B032CCDF74B6.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDEEEC690-B84F-4C65-8A18-57D8BCBE839F.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDF86C719-F66A-4153-A958-012FD3634178.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE6390E02-36C9-4F59-9A7D-A584BE4C37DF.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE6A24365-A8C1-49B4-99F9-A1368D219856.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE873A986-7FE0-4B62-A9EE-24A652872498.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8939A12-8491-48F0-A775-8D490D89784D.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE95A885E-8994-4D23-BE5E-3613532058F4.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEAEBB567-1BBC-42F2-9D91-4EE4F2527629.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED86F19B-12B9-4B16-8FC0-E334963F7DFD.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF05D0DF1-133A-40F4-8BD5-577EAC88030B.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF907D315-648A-4206-AD2F-CC814CF54490.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBFBCD93-65EF-4025-BD92-6CF1B157B793.tmp Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Cookies\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Historique\History.IE5\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Historique\History.IE5\MSHist012007053120070601\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp\Perflib_Perfdata_844.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp\~ROMFN_00000844 Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\NTUSER.DAT Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\ntuser.dat.LOG Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\UserData\index.dat Object is locked skipped H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-05-31.00-13-31.log Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP1\change.log Object is locked skipped H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped H:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8F7A8A77-9C07-4C98-8AED-05E5C01AF316}.crmlog Object is locked skipped H:\WINDOWS\SchedLgU.Txt Object is locked skipped H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped H:\WINDOWS\Sti_Trace.log Object is locked skipped H:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped H:\WINDOWS\system32\config\default Object is locked skipped H:\WINDOWS\system32\config\default.LOG Object is locked skipped H:\WINDOWS\system32\config\Internet.evt Object is locked skipped H:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped H:\WINDOWS\system32\config\SAM Object is locked skipped H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped H:\WINDOWS\system32\config\SECURITY Object is locked skipped H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped H:\WINDOWS\system32\config\software Object is locked skipped H:\WINDOWS\system32\config\software.LOG Object is locked skipped H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped H:\WINDOWS\system32\config\system Object is locked skipped H:\WINDOWS\system32\config\system.LOG Object is locked skipped H:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped H:\WINDOWS\system32\h323log.txt Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped H:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat Object is locked skipped H:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped H:\WINDOWS\wiadebug.log Object is locked skipped H:\WINDOWS\wiaservc.log Object is locked skipped H:\WINDOWS\WindowsUpdate.log Object is locked skipped I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.

Bonjour, apres quelques plantage de kaspersky, voici enfin le rapport Wednesday, May 30, 2007 5:56:28 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 30/05/2007 Kaspersky Anti-Virus database records: 313231 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics Total number of scanned objects 114578 Number of viruses found 4 Number of infected objects 9 / 0 Number of suspicious objects 6 Duration of the scan process 01:38:45 Infected Object Name Virus Name Last Action H:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu1000272.exe Suspicious: Password-protected-EXE skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt2.zip/retadpu1000272.exe Suspicious: Password-protected-EXE skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt2.zip ZIP: suspicious - 1 skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt5.zip/retadpu1000272.exe Suspicious: Password-protected-EXE skipped H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt5.zip ZIP: suspicious - 1 skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D32EAF0-4F13-43BE-AC7B-A4595D63C181.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F14ECE9-E794-4D07-B5C8-1F20D284DD66.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F31DCC6-DC74-4736-9D47-556C041E1B74.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11B528E7-3185-46D4-BB0E-58201690278F.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS16565C4E-5F00-4A61-9ACB-98A28C30AE1B.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BC66D15-6429-465A-A801-CB4E64D47F78.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D4873C8-4FF8-4416-9D41-E32DFBDD9607.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28A28BDD-C606-4364-AB1F-D73EBCA4A517.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29E44392-7E4B-439A-BE57-435E0DCEEE52.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A6774DF-4CE6-4867-9DF6-3A1D8D4A14F0.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A87C3FA-527C-4A18-800E-BEE0AA20C668.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F13DBC0-3B6C-428D-AA20-62CB8625E2E6.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS316FF1AB-C748-41A8-A1C6-7C83D7CDC21B.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS31AD08C6-F09C-4373-97F2-5A29A5AB5DC3.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS35B32EFB-FF96-4422-A39F-3D1A64645128.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3F445D55-D072-490F-8384-5BB32EFFAF33.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS40E574A7-DA2C-4C08-B9E0-E001C7DFD7BD.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4393B0B0-F9DE-4616-B69A-7D5E8E939905.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS440B6A58-2F72-433E-B0BB-2C8A1D724AF3.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4846E498-F3A6-4B30-9FDB-3EA4449B0848.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS48FAC90C-442E-4BC3-81AE-7CD4E6F540D9.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B0C9149-BE68-4B95-B613-01397314B7D2.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4C9BE3F9-FE77-490B-A942-7F7BCE67A63C.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4EBEBE91-732A-4C3D-9AB2-04CAE6B9E006.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5277CC10-34BE-4BFD-A082-C93FD5869061.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58FE66C7-B712-4C5F-A9CE-2D4CF053C03C.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS59804105-0FA7-46CF-A70E-DA120BA73D18.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A7C7FC9-371F-44BC-912B-C0EC70B7E2E9.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C97E6D7-87C6-4BA1-9A1B-B380B1B84F1A.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS658410DE-F382-4083-BEFA-0DA2F8B0657D.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS673E58D2-A4BF-451C-A7C5-C8E436D8A816.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A15584D-1A90-4F28-A677-D507D3BE0EB1.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS752AE600-AE90-42A3-8EF6-AFB119B63C5C.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7774AACA-F8A3-4062-B39B-FB66970129B0.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A0DDCAC-F1D8-45C9-9F40-5FC0D37D49B6.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D3049E6-C4A7-4A5D-A76A-6572516D3BCD.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EE9C191-0DC2-4E08-BC98-FEA2BCB3F57F.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82D084E7-D52F-42AC-8FB7-AE7BD902C72D.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82E96758-EAF3-49A5-9EC2-112FA7790AAE.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8BE1D62D-2425-44DD-B4E7-F7BCA0FDDDDF.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8F8E8ECD-0DDF-4B06-A665-EDFAF4E3B316.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS91189F54-6486-439C-9056-42473E877E7B.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS945B15B4-69A3-4789-8EE2-FB0C64893DD4.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9774729C-54B1-4211-9849-CD93130923F2.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A2BF970-3F48-458D-A25C-3125110CB879.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A47832D-5954-4C5A-8005-A30AC26F7D0F.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA3932839-22EF-4514-BBE3-87E91384D8F3.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAB16B9CA-117A-42DF-9228-FC5DEA9D137A.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC7DFECA-BBC8-4B3A-A5B7-C820474FBF76.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSADFF821E-B76A-4878-884E-C974ED0DB18B.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB5596358-E10D-44CB-9081-72F644A4173D.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7C47014-2F28-4BAB-A1BD-876F9DB235A4.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC3D7EF3-1301-41EE-AF04-B5FBEC97B247.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBE2E6F9B-D01D-4C30-BB5D-ED8595A3FE31.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7610B5A-68A2-4DBF-8070-32FFEB6A5E4D.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD263F5E6-C1C6-4A8B-BE18-4F177F7DC9DF.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4B17C46-F1D3-4031-900E-270D3989C6A6.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD78C7B06-1C0A-41AB-AE48-CB6730241EE7.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE38A2E35-A4BE-4A99-B9AF-D7DDE061FC04.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE78C3AA4-1B14-4DA7-8CD6-9F6F1B2D2A19.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEBADA337-B838-4096-A212-5F2B745D97FE.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSECA8DD97-91EF-4563-8FF1-BDCBA33AA9B1.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDED8FB9-8175-4646-928C-8E9D79F7DC89.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE49215F-0918-488F-9F00-7EC6730E7371.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0C9F27B-F8FE-411F-B63A-034DC7D21635.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF39CAC5B-479C-4339-8308-204C297C5B33.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3B86A00-D3D9-4B87-A375-F63897CB0728.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9429906-20B5-4BF7-9223-11D9DC857B2B.tmp Object is locked skipped H:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA5FA6A5-98C4-4292-8251-8D15DA3367B2.tmp Object is locked skipped H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Cookies\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Historique\History.IE5\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Historique\History.IE5\MSHist012007053020070531\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\NTUSER.DAT Object is locked skipped H:\Documents and Settings\PROPRIETAIRE\ntuser.dat.LOG Object is locked skipped H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-05-30.07-32-04.log Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped H:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped H:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped H:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP127\A0017753.exe Infected: Trojan.Win32.Dialer.qn skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP127\A0017754.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP127\A0017758.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP127\A0017758.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP127\A0017758.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP127\A0017758.exe RarSFX: infected - 3 skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP128\A0019864.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP128\A0019918.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP129\A0022227.dll Infected: Trojan.Win32.Dialer.qn skipped H:\System Volume Information\_restore{E794E933-603A-4D46-BC6F-D6778D502E48}\RP129\change.log Object is locked skipped H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped H:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D0352AE7-91A5-4ED7-8DAE-917A6CCF0D3A}.crmlog Object is locked skipped H:\WINDOWS\SchedLgU.Txt Object is locked skipped H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped H:\WINDOWS\Sti_Trace.log Object is locked skipped H:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped H:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped H:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped H:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped H:\WINDOWS\system32\config\default Object is locked skipped H:\WINDOWS\system32\config\default.LOG Object is locked skipped H:\WINDOWS\system32\config\Internet.evt Object is locked skipped H:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped H:\WINDOWS\system32\config\SAM Object is locked skipped H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped H:\WINDOWS\system32\config\SECURITY Object is locked skipped H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped H:\WINDOWS\system32\config\software Object is locked skipped H:\WINDOWS\system32\config\software.LOG Object is locked skipped H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped H:\WINDOWS\system32\config\system Object is locked skipped H:\WINDOWS\system32\config\system.LOG Object is locked skipped H:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped H:\WINDOWS\system32\h323log.txt Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped H:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat Object is locked skipped H:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped H:\WINDOWS\wiadebug.log Object is locked skipped H:\WINDOWS\wiaservc.log Object is locked skipped H:\WINDOWS\WindowsUpdate.log Object is locked skipped I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed.

milles merci sans toi m en serai jamais tiré

merci beaucoup cher monsieur pour ton humour décapant, pour info le problème est résolu merci bertrandB pout ton aide, le problème venait du bios que j avais laissé en auto, voila. Et oui effectivement je n y connait pas grand chose mais bon je fais ce que je peux Encore merci

me revoila encore mille merci pour tout ce que tu as déja fait, voici ce que tu m as demandé : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:02:50, on 29/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe H:\Program Files\Alwil Software\Avast4\ashServ.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\eHome\ehRecvr.exe H:\WINDOWS\eHome\ehSched.exe H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe H:\WINDOWS\system32\nvsvc32.exe H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\svchost.exe H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe H:\WINDOWS\ehome\ehtray.exe H:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe H:\WINDOWS\eHome\ehmsas.exe H:\Program Files\Alwil Software\Avast4\ashWebSv.exe H:\WINDOWS\system32\dllhost.exe H:\Program Files\Java\jre1.6.0_01\bin\jusched.exe H:\WINDOWS\system32\LVCOMSX.EXE H:\Program Files\Logitech\Video\LogiTray.exe H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE H:\WINDOWS\system32\rundll32.exe H:\WINDOWS\RTHDCPL.EXE H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe H:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\MSN Messenger\MsnMsgr.Exe H:\Program Files\Logitech\Video\FxSvr2.exe H:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe H:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe H:\WINDOWS\system32\wuauclt.exe H:\Documents and Settings\PROPRIETAIRE\Bureau\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {018F8182-CDC3-43FD-87DB-E61F955CA6EC} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - H:\PROGRA~1\YETISP~1\IEBUTT~1.DLL O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - H:\WINDOWS\system32\eyjecsfd.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {59882460-DA99-43EB-B219-4A2BF239681A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {FE47E88E-F470-4439-97D8-94C10F6BCB57} - (no file) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Vade Retro Outlook Express] "H:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Name of App] "H:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Picasa Media Detector] "H:\Program Files\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] "H:\Program Files\Logitech\Video\ISStart.exe" O4 - HKLM\..\Run: [LogitechVideoTray] "H:\Program Files\Logitech\Video\LogiTray.exe" O4 - HKLM\..\Run: [\\Olive-is5zaz93r\EPSON Stylus D68 Series] "H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" /P41 "\\Olive-is5zaz93r\EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [EPSON Stylus D68 Series] "H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [Auto EPSON Stylus D68 Series sur ENBAS] "H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" /P38 "Auto EPSON Stylus D68 Series sur ENBAS" /O18 "\\ENBAS\Imprimante" /M "Stylus D68" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [spySweeper] "H:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [eMuleAutoStart] "H:\Program Files\eMule\emule.exe" -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = H:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = H:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - H:\WINDOWS\System32\dmadmin.exe O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - H:\WINDOWS\eHome\ehSched.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - H:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - H:\WINDOWS\system32\imapi.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - H:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - H:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - H:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - H:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - H:\WINDOWS\System32\SCardSvr.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - H:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - H:\WINDOWS\System32\vssvc.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - H:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 11203 bytes et voila pour spysweeper 20:53: Removal process completed. Elapsed time 00:00:49 20:53: Quarantining All Traces: trojan-koos 20:53: Quarantining All Traces: purityscan 20:53: Quarantining All Traces: virtumonde 20:53: wingdm32.dll is in use. It will be removed on reboot. 20:53: wingdm32.dll is in use. It will be removed on reboot. 20:53: trojan agent winlogonhook is in use. It will be removed on reboot. 20:53: Quarantining All Traces: trojan agent winlogonhook 20:53: Quarantining All Traces: whenu savenow 20:52: Removal process initiated 20:52: Traces Found: 12 20:52: Custom Sweep has completed. Elapsed time 00:28:05 20:52: wingdm32.dll (ID = 360877) 20:52: Detected running threat: wingdm32.dll (ID = 360877) 20:52: File Sweep Complete, Elapsed Time: 00:27:14 Espace insuffisant pour traiter cette commande 20:51: Warning: Unable to sweep compressed file: System Error. Code: 8. Accès refusé 20:51: Warning: Unable to sweep compressed file: System Error. Code: 5. Accès refusé 20:51: Warning: Unable to sweep compressed file: System Error. Code: 5. Espace insuffisant pour traiter cette commande 20:51: Warning: Unable to sweep compressed file: System Error. Code: 8. Espace insuffisant pour traiter cette commande 20:51: Warning: Unable to sweep compressed file: System Error. Code: 8. Espace insuffisant pour traiter cette commande 20:51: Warning: Unable to sweep compressed file: System Error. Code: 8. Accès refusé 20:51: Warning: Unable to sweep compressed file: System Error. Code: 5. Accès refusé 20:51: Warning: Unable to sweep compressed file: System Error. Code: 5. Espace insuffisant pour traiter cette commande 20:38: Warning: Unable to sweep compressed file: System Error. Code: 8. Espace insuffisant pour traiter cette commande 20:38: Warning: Unable to sweep compressed file: System Error. Code: 8. 20:38: Warning: SweepDirectories: Cannot find directory "l:". This directory was not added to the list of paths to be scanned. 20:38: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned. 20:38: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned. 20:25: yazzle1162oinuninstaller.exe (ID = 516993) 20:25: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned. 20:25: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned. 20:25: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned. 20:25: Starting File Sweep 20:25: Warning: SweepDirectories: Cannot find directory "c:". This directory was not added to the list of paths to be scanned. 20:25: Cookie Sweep Complete, Elapsed Time: 00:00:00 20:25: Starting Cookie Sweep 20:25: Registry Sweep Complete, Elapsed Time:00:00:08 20:25: HKLM\system\currentcontrolset\services\poof\ (ID = 2136492) 20:25: HKLM\system\controlset002\services\poof\ (ID = 2109010) 20:25: HKLM\system\controlset001\services\poof\ (ID = 2108973) 20:25: Found Trojan Horse: trojan-koos 20:25: HKLM\software\microsoft\windows\currentversion\uninstall\outerinfo\ (ID = 2063030) 20:25: Found Adware: purityscan 20:25: HKLM\software\microsoft\uniqdata\ (ID = 1997747) 20:25: Found Adware: virtumonde 20:25: HKLM\software\microsoft\mssmgr\ (ID = 1776755) 20:25: Found Trojan Horse: trojan agent winlogonhook 20:25: HKLM\software\classes\wusn.1\ (ID = 635554) 20:25: HKCR\wusn.1\ (ID = 635412) 20:25: HKCR\wusn.1\ (ID = 140463) 20:25: Found Adware: whenu savenow 20:25: Starting Registry Sweep 20:25: Memory Sweep Complete, Elapsed Time: 00:00:42 20:24: Starting Memory Sweep 20:24: Sweep initiated using definitions version 919 20:24: Spy Sweeper 5.3.2.2361 started 20:24: | Start of Session, mardi 29 mai 2007 | *************** 20:23: Program Version 5.3.2.2361 Using Spyware Definitions 919 20:23: Spy Sweeper 5.3.2.2361 started 20:23: | Start of Session, mardi 29 mai 2007 | *************** 20:21: ApplicationMinimized - EXIT 20:21: ApplicationMinimized - ENTER 20:18: Your spyware definitions have been updated. Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 20:17: Shield States 20:17: Spyware Definitions: 866 20:17: Spy Sweeper 5.3.2.2361 started 20:17: Spy Sweeper 5.3.2.2361 started 20:17: | Start of Session, mardi 29 mai 2007 | merci encore Olivier

je reviens plus tard je doit ramener mes filles chez leur mère encore merci au fait je doit couper mon pc ou pas? je suis encore là jusqu a 17 h encore milles merci si je te revois pas d ici là olivier

vla encore DiagHelp version v1.1 - http://www.malekal.com excute le 28/05/2007 à 16:25:38,12 Liste des derniers fichies modifies/crees dans windir\system32 H:\WINDOWS\System32/drivers\fwdrv.err -->28/05/2007 09:20:26 H:\WINDOWS\System32/drivers\sptd.sys -->13/05/2007 11:04:07 H:\WINDOWS\System32/drivers\limsgt.sys -->13/05/2007 09:34:06 H:\WINDOWS\System32/drivers\athsgt.sys -->13/05/2007 09:34:06 H:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55 H:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42 H:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41 H:\WINDOWS\System32\nvapps.xml -->28/05/2007 15:57:14 H:\WINDOWS\System32\wpa.dbl -->28/05/2007 15:57:00 H:\WINDOWS\System32\tmp.txt -->28/05/2007 12:18:17 H:\WINDOWS\System32\tmp.reg -->28/05/2007 12:18:17 H:\WINDOWS\System32\rrutv.tmp -->28/05/2007 10:11:13 H:\WINDOWS\System32\eyjecsfd.dll -->27/05/2007 15:28:01 H:\WINDOWS\System32\wingdm32.dll -->26/05/2007 21:32:39 H:\WINDOWS\System32\lvcoinst.log -->26/05/2007 15:47:40 H:\WINDOWS\System32\PerfStringBackup.INI -->17/05/2007 14:20:48 H:\WINDOWS\System32\perfh00C.dat -->17/05/2007 14:20:48 H:\WINDOWS\System32\perfh009.dat -->17/05/2007 14:20:48 H:\WINDOWS\System32\perfc00C.dat -->17/05/2007 14:20:48 H:\WINDOWS\System32\perfc009.dat -->17/05/2007 14:20:48 H:\WINDOWS\System32\CmdLineExt.dll -->15/05/2007 23:05:59 H:\WINDOWS\System32\SI.bin -->15/05/2007 22:51:39 H:\WINDOWS\System32\MRT.exe -->11/05/2007 15:18:46 H:\WINDOWS\System32\CONFIG.NT -->08/05/2007 22:19:26 H:\WINDOWS\System32\aswBoot.exe -->30/04/2007 17:46:10 H:\WINDOWS\System32\AVASTSS.scr -->30/04/2007 17:35:28 H:\WINDOWS\System32\preinst.log -->26/04/2007 18:36:57 H:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->19/04/2007 18:40:08 H:\WINDOWS\System32\nwiz.exe -->19/04/2007 13:26:00 H:\WINDOWS\System32\nvwrszht.dll -->19/04/2007 13:26:00 H:\WINDOWS\System32\nvwrszhc.dll -->19/04/2007 13:26:00 H:\WINDOWS\System32\nvwrstr.dll -->19/04/2007 13:26:00 H:\WINDOWS\WindowsUpdate.log -->28/05/2007 15:56:49 H:\WINDOWS\wiadebug.log -->28/05/2007 15:56:48 H:\WINDOWS\wiaservc.log -->28/05/2007 15:56:45 H:\WINDOWS.log -->28/05/2007 15:56:28 H:\WINDOWS\bootstat.dat -->28/05/2007 15:56:27 H:\WINDOWS\SchedLgU.Txt -->28/05/2007 15:20:48 H:\WINDOWS\setupapi.log -->28/05/2007 13:49:35 H:\WINDOWS\wr.txt -->28/05/2007 10:37:53 H:\WINDOWS\ntbtlog.txt -->28/05/2007 10:16:27 H:\WINDOWS\setupact.log -->27/05/2007 21:28:37 H:\WINDOWS\DirectX.log -->27/05/2007 15:17:02 H:\WINDOWS\game.ini -->26/05/2007 19:30:13 H:\WINDOWS\Ascd_tmp.ini -->26/05/2007 17:09:29 H:\WINDOWS\tsoc.log -->26/05/2007 15:51:09 H:\WINDOWS\tabletoc.log -->26/05/2007 15:51:09 Le volume dans le lecteur H s'appelle SYSTEME Le numéro de série du volume est 88A8-83E3 Répertoire de H:\WINDOWS\system32 10/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 63 898 238 976 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur H s'appelle SYSTEME Le numéro de série du volume est 88A8-83E3 Répertoire de H:\WINDOWS\Downloaded Program Files 28/05/2007 11:52 <REP> . 28/05/2007 11:52 <REP> .. 09/02/2007 15:14 65 desktop.ini 13/04/2007 02:14 382 344 GAME_UNO1.dll 17/01/2007 15:44 316 GAME_UNO1.INF 08/08/2006 11:45 576 kavwebscan.inf 22/02/2007 23:41 304 544 MessengerStatsPAClient.dll 28/02/2007 14:21 131 472 msgrchkr.dll 20/06/2006 15:44 379 704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 20/06/2006 15:44 117 560 PURen-us.dll 09/01/2007 08:30 110 592 PURfr-fr.dll 26/03/2007 16:46 5 085 swflash.inf 11 fichier(s) 1 432 651 octets Total des fichiers listés : 11 fichier(s) 1 432 651 octets 2 Rép(s) 63 898 238 976 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "H:\\Program Files\\Messenger\\msmsgs.exe"="H:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "H:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="H:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "H:\\Program Files\\BitTorrent\\bittorrent.exe"="H:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "H:\\Program Files\\eMule\\emule.exe"="H:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "H:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="H:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "H:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="H:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI" "H:\\WINDOWS\\system32\\rundll32.exe"="H:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "H:\\WINDOWS\\system32\\dpvsetup.exe"="H:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "H:\\Program Files\\MSN Messenger\\msnmsgr.exe"="H:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "H:\\Program Files\\MSN Messenger\\livecall.exe"="H:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "H:\\WINDOWS\\system32\\dpnsvr.exe"="H:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "H:\\DOCUME~1\\PROPRI~1\\LOCALS~1\\Temp\\win59.tmp.exe"="H:\\DOCUME~1\\PROPRI~1\\LOCALS~1\\Temp\\win59.tmp.exe:*:Enabled:win59.tmp" "H:\\WINDOWS\\TEMP\\win7C.tmp.exe"="H:\\WINDOWS\\TEMP\\win7C.tmp.exe:*:Enabled:win7C.tmp" "H:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="H:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "H:\\WINDOWS\\TEMP\\win1EE.tmp.exe"="H:\\WINDOWS\\TEMP\\win1EE.tmp.exe:*:Enabled:win1EE.tmp" "H:\\WINDOWS\\TEMP\\win277.tmp.exe"="H:\\WINDOWS\\TEMP\\win277.tmp.exe:*:Enabled:win277.tmp" "H:\\WINDOWS\\TEMP\\win6F3.tmp.exe"="H:\\WINDOWS\\TEMP\\win6F3.tmp.exe:*:Enabled:win6F3.tmp" "H:\\Program Files\\Skype\\Phone\\Skype.exe"="H:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "H:\\Program Files\\MSN Messenger\\msnmsgr.exe"="H:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "H:\\Program Files\\MSN Messenger\\livecall.exe"="H:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-28 16:26:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 324 - LVCOMSX.EXE 656 - ehRecvr.exe 776 - kpf4ss.exe 824 - csrss.exe 848 - winlogon.exe 892 - services.exe 904 - lsass.exe 1008 - nvsvc32.exe 1064 - svchost.exe 1124 - svchost.exe 1216 - svchost.exe 1328 - E_FATIAAE.EXE 1492 - rundll32.exe 1652 - explorer.exe 1716 - ashServ.exe 1992 - spoolsv.exe 2064 - ashMaiSv.exe 2120 - RTHDCPL.exe 2208 - ashWebSv.exe 2356 - kpf4gui.exe 2420 - alg.exe 2544 - dllhost.exe 2848 - cmd.exe 3356 - kpf4gui.exe 3428 - ashDisp.exe 3892 - PicasaMediaDete 3948 - firefox.exe Total number of processes = 28 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7987000 - \WINDOWS\system32\KDCOM.DLL F7897000 - \WINDOWS\system32\BOOTVID.dll F72AF000 - sptd.sys F7989000 - \WINDOWS\System32\Drivers\WMILIB.SYS F7297000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F7268000 - ACPI.sys F7257000 - pci.sys F7487000 - ohci1394.sys F7497000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F74A7000 - isapnp.sys F7A4F000 - pciide.sys F7707000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F74B7000 - MountMgr.sys F7238000 - ftdisk.sys F798B000 - dmload.sys F7212000 - dmio.sys F770F000 - PartMgr.sys F7717000 - sfsync02.sys F74C7000 - VolSnap.sys F71FA000 - atapi.sys F71E0000 - nvata.sys F74D7000 - disk.sys F74E7000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F71C0000 - fltMgr.sys F71AE000 - sr.sys F74F7000 - PxHelp20.sys F7197000 - KSecDD.sys F710A000 - Ntfs.sys F70DD000 - NDIS.sys F798D000 - speedfan.sys F771F000 - sfhlp02.sys F70CC000 - sfdrv01.sys F70B1000 - Mup.sys F7A50000 - giveio.sys F7617000 - \SystemRoot\system32\DRIVERS\processr.sys F6B3B000 - \SystemRoot\system32\DRIVERS\serial.sys F786F000 - \SystemRoot\system32\DRIVERS\irsir.sys F7071000 - \SystemRoot\system32\DRIVERS\irenum.sys F6B27000 - \SystemRoot\system32\DRIVERS\parport.sys F7069000 - \SystemRoot\system32\DRIVERS\gameenum.sys F7B89000 - \SystemRoot\system32\drivers\msmpu401.sys F6B05000 - \SystemRoot\system32\drivers\portcls.sys F7647000 - \SystemRoot\system32\drivers\drmk.sys F6AE2000 - \SystemRoot\system32\drivers\ks.sys F7657000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7877000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F787F000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7065000 - \SystemRoot\system32\DRIVERS\serenum.sys F7887000 - \SystemRoot\system32\DRIVERS\usbohci.sys F6ABF000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F788F000 - \SystemRoot\system32\DRIVERS\usbehci.sys F6A9A000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7667000 - \SystemRoot\system32\DRIVERS\imapi.sys F773F000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys F7677000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7687000 - \SystemRoot\system32\DRIVERS\redbook.sys F7697000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys F697E000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS F65B0000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F659C000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F6552000 - \SystemRoot\System32\Drivers\at86unk4.SYS F76B7000 - \SystemRoot\System32\Drivers\tosrfcom.sys F7B40000 - \SystemRoot\system32\DRIVERS\audstub.sys F77A7000 - \SystemRoot\system32\DRIVERS\rasirda.sys F77AF000 - \SystemRoot\system32\DRIVERS\TDI.SYS F7537000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7081000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F653B000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F7547000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F7557000 - \SystemRoot\system32\DRIVERS\raspptp.sys F648A000 - \SystemRoot\system32\DRIVERS\psched.sys F7567000 - \SystemRoot\system32\DRIVERS\msgpc.sys F77B7000 - \SystemRoot\system32\DRIVERS\ptilink.sys F77BF000 - \SystemRoot\system32\DRIVERS\raspti.sys F6459000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F7577000 - \SystemRoot\system32\DRIVERS\termdd.sys F79D7000 - \SystemRoot\system32\DRIVERS\swenum.sys F6425000 - \SystemRoot\system32\DRIVERS\update.sys F7051000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F7587000 - \SystemRoot\system32\DRIVERS\tosporte.sys F7597000 - \SystemRoot\System32\Drivers\NDProxy.SYS F75A7000 - \SystemRoot\system32\DRIVERS\usbhub.sys F79DD000 - \SystemRoot\system32\DRIVERS\USBD.SYS F75B7000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys F3E59000 - \SystemRoot\system32\drivers\RtkHDAud.sys F79E5000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7A8B000 - \SystemRoot\System32\Drivers\Null.SYS F79E7000 - \SystemRoot\System32\Drivers\Beep.SYS F77D7000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F77DF000 - \SystemRoot\System32\drivers\vga.sys F79EB000 - \SystemRoot\System32\Drivers\mnmdd.SYS F79ED000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F3D96000 - \SystemRoot\system32\drivers\fwdrv.sys F77E7000 - \SystemRoot\System32\Drivers\Msfs.SYS F77EF000 - \SystemRoot\System32\Drivers\Npfs.SYS F7089000 - \SystemRoot\system32\DRIVERS\rasacd.sys F3D83000 - \SystemRoot\system32\DRIVERS\ipsec.sys F3D2B000 - \SystemRoot\system32\DRIVERS\tcpip.sys F75E7000 - \SystemRoot\System32\Drivers\aswTdi.SYS F3D03000 - \SystemRoot\system32\DRIVERS\netbt.sys F3CE1000 - \SystemRoot\System32\drivers\afd.sys F75F7000 - \SystemRoot\system32\DRIVERS\netbios.sys F3CB6000 - \SystemRoot\system32\DRIVERS\rdbss.sys F3C47000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F7607000 - \SystemRoot\system32\drivers\khips.sys F3B86000 - \SystemRoot\system32\DRIVERS\ipnat.sys F7627000 - \SystemRoot\system32\DRIVERS\wanarp.sys F7637000 - \SystemRoot\System32\Drivers\Fips.SYS F7807000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F76C7000 - \SystemRoot\System32\Drivers\Cdfs.SYS F76D7000 - \SystemRoot\system32\drivers\lvusbsta.sys F3B2A000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS F76E7000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F7817000 - \SystemRoot\system32\DRIVERS\usbprint.sys F63F1000 - \SystemRoot\system32\DRIVERS\hidusb.sys F76F7000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F7827000 - \SystemRoot\System32\Drivers\usbdtv.sys F63ED000 - \SystemRoot\System32\Drivers\BdaSup.SYS F782F000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F3A70000 - \SystemRoot\System32\Drivers\dump_nvata.sys F79F9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F63D5000 - \SystemRoot\System32\drivers\Dxapi.sys F7837000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7ADF000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BAC82000 - \SystemRoot\system32\DRIVERS\irda.sys BAD20000 - \SystemRoot\system32\DRIVERS\ndisuio.sys BA32C000 - \SystemRoot\System32\Drivers\aswMon2.SYS F783F000 - \SystemRoot\System32\Drivers\TDTCP.SYS BA179000 - \SystemRoot\System32\Drivers\RDPWD.SYS BA0C4000 - \SystemRoot\system32\drivers\wdmaud.sys BA284000 - \SystemRoot\system32\drivers\sysaudio.sys B9F2F000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F7A1D000 - \SystemRoot\System32\Drivers\ParVdm.SYS B9F06000 - \SystemRoot\system32\DRIVERS\athsgt.sys B9EDD000 - \SystemRoot\system32\DRIVERS\atksgt.sys F7A27000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys BA208000 - \SystemRoot\system32\DRIVERS\limsgt.sys F781F000 - \SystemRoot\system32\DRIVERS\lirsgt.sys B9CFB000 - \SystemRoot\system32\DRIVERS\srv.sys B9C83000 - \SystemRoot\system32\DRIVERS\secdrv.sys F7997000 - \SystemRoot\system32\drivers\MSPQM.sys BA300000 - \SystemRoot\System32\Drivers\aswRdr.SYS B96CA000 - \SystemRoot\System32\Drivers\HTTP.sys F7B6E000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 149 Liste des programmes installes Adobe Flash Player 9 ActiveX Adobe Reader 8 - Français ANNO 1602 Version Gold Archiveur WinRAR avast! Antivirus Battlefield 2 Call of Duty® 2 Call of Duty® 2 CCleaner (remove only) Championsheep Rally CloneCD Colin McRae Rally 04 Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] Creabilis ScreenSaver eMule EPSON Logiciel imprimante FW LiveUpdate Google Earth Heroes of Might and Magic V HijackThis 2.0.0 Hitman 2: Silent Assassin IrfanView (remove only) J2SE Runtime Environment 5.0 Update 11 Java SE Runtime Environment 6 Update 1 K-Lite Mega Codec Pack 1.64 Kaspersky On-line Scanner Kaspersky Online Scanner Kit de Connexion Alice ADSL Lecteur Windows Media 10 Logiciel QuickCam de Logitech Look@LAN 2.50 Build 35 Medal of Honor débarquement allié Microsoft Combat Flight Simulator 3.0 Microsoft Crimson Skies Microsoft Flight Simulator 2004 Un siècle d'aviation Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Small Business Edition 2003 mIRC Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour pour Windows XP (KB927891) Mission Equitation Moorhuhn Soccer Mozilla (1.7.12) (fr) Mozilla Firefox (2.0.0.3) Mozilla Thunderbird (1.5.0.10) Navilog1 Version 2.0.2 Nero OEM NVIDIA Drivers OpenOffice.org 2.1 Outerinfo Package de base Microsoft de service de chiffrement pour cartes à puce Picasa 2 Programme de gestion Camera de Logitech® Quick Zip 4.60.017b rayman2 Rayman3 Realtek High Definition Audio Driver Rep-Listing RevClock Riding Star Savvy TV Ski Racing 2006 Skype™ 3.2 SpeedFan (remove only) Spybot - Search & Destroy 1.4 Subm Sunbelt Kerio Personal Firewall TeamScripT 4 The Ultimate Screen Clock Tom Clancy's Splinter Cell Chaos Theory TOSHIBA Bluetooth Stack for Windows Vade Retro Outllook & Outlook Express VD Codec Pack 3.7 WebFldrs XP Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime Windows Media Player Firefox Plugin World Championship Snooker Yahoo! Install Manager Yahoo! Toolbar Yahoo! Toolbar avec bloqueur de fenêtres pop-up YETISPORTS Pingu Throw D.C. Le volume dans le lecteur H s'appelle SYSTEME Le numéro de série du volume est 88A8-83E3 Répertoire de H:\Program Files 28/05/2007 14:58 <REP> . 28/05/2007 14:58 <REP> .. 26/05/2007 19:24 <REP> Activision 09/02/2007 15:40 <REP> Adobe 09/02/2007 16:11 <REP> Ahead 24/02/2007 17:46 <REP> Alchemy Mindworks 13/05/2007 11:34 <REP> Alcohol Soft 26/02/2007 19:03 <REP> Alice 09/02/2007 15:34 <REP> Alwil Software 14/03/2007 21:27 <REP> ANNO 1602 Version Gold 09/04/2007 17:13 <REP> BitTorrent 24/02/2007 12:47 <REP> Black Sheep Studio 23/02/2007 21:37 <REP> CCleaner 24/02/2007 09:31 <REP> Codemasters 09/02/2007 15:00 <REP> ComPlus Applications 22/03/2007 23:28 <REP> DAEMON Tools 22/03/2007 23:27 <REP> DaemonTools_WhenUSave_Installer 09/02/2007 17:13 <REP> DIFX 24/02/2007 10:47 <REP> directx 27/05/2007 15:10 <REP> EA GAMES 22/03/2007 22:40 <REP> Eidos Interactive 28/05/2007 15:57 <REP> eMule 15/05/2007 20:44 <REP> EPSON 28/05/2007 10:41 <REP> Fichiers communs 15/03/2007 22:11 <REP> Google 09/02/2007 15:34 <REP> Goto Software 28/05/2007 09:16 <REP> Grisoft 23/02/2007 18:43 <REP> IGN Rando 09/05/2007 22:35 <REP> Internet Explorer 01/03/2007 20:56 <REP> IrfanView 17/05/2007 09:11 <REP> IRGurusInteractive 19/04/2007 18:40 <REP> Java 13/05/2007 09:31 <REP> JoWooD 23/02/2007 23:13 <REP> K-Lite Codec Pack 26/04/2007 19:06 <REP> Logitech 24/02/2007 17:41 <REP> LoikSoft 17/05/2007 15:37 <REP> Look@LAN 12/02/2007 11:21 <REP> Messenger 09/02/2007 15:16 <REP> microsoft frontpage 16/05/2007 19:59 <REP> Microsoft Games 24/02/2007 14:22 <REP> Microsoft Office 23/02/2007 21:08 <REP> Mindscape 09/02/2007 15:13 <REP> Movie Maker 28/05/2007 11:04 <REP> Mozilla Firefox 28/05/2007 11:35 <REP> Mozilla Thunderbird 24/02/2007 14:43 <REP> mozilla.org 09/02/2007 14:55 <REP> MSN 09/02/2007 14:55 <REP> MSN Gaming Zone 25/04/2007 22:42 <REP> MSN Messenger 28/05/2007 15:22 <REP> Navilog1 09/02/2007 15:13 <REP> NetMeeting 09/02/2007 14:59 <REP> Online Services 09/02/2007 15:47 <REP> OpenOffice.org 2.1 09/02/2007 16:58 <REP> Outlook Express 17/05/2007 09:55 <REP> phenomedia 16/03/2007 08:37 <REP> Picasa2 21/02/2007 18:48 <REP> Pinnacle 17/03/2007 21:41 <REP> QuickZip4 26/05/2007 17:10 <REP> Realtek 29/03/2007 23:01 <REP> Replisting 04/03/2007 16:40 <REP> SAMSUNG 26/04/2007 18:36 <REP> Savvy TV 09/02/2007 15:14 <REP> Services en ligne 03/03/2007 16:38 <REP> Setup 26/05/2007 16:08 <REP> Skype 22/03/2007 22:11 <REP> SlySoft 04/03/2007 12:38 <REP> SpeedFan 09/05/2007 21:22 <REP> Spybot - Search & Destroy 24/02/2007 14:36 <REP> Sunbelt Software 18/05/2007 20:02 <REP> Toshiba 18/03/2007 11:24 <REP> Ubi Soft 26/05/2007 19:08 <REP> Ubisoft 04/03/2007 12:38 <REP> VDCodecPack3.7 02/03/2007 22:15 <REP> Webteh 04/03/2007 12:31 <REP> Winamp 15/04/2007 14:37 <REP> Windows Media Player 09/02/2007 14:55 <REP> Windows NT 09/02/2007 14:59 <REP> Windows Plus 17/03/2007 21:52 <REP> WinRAR 09/02/2007 15:16 <REP> xerox 23/02/2007 21:37 <REP> Yahoo! 18/03/2007 15:40 <REP> Yetisports 0 fichier(s) 0 octets 82 Rép(s) 63 898 120 192 octets libres Le volume dans le lecteur H s'appelle SYSTEME Le numéro de série du volume est 88A8-83E3 Répertoire de H:\Program Files\fichiers communs 28/05/2007 10:41 <REP> . 28/05/2007 10:41 <REP> .. 09/02/2007 15:40 <REP> Adobe 09/02/2007 16:11 <REP> Ahead 24/02/2007 14:22 <REP> DESIGNER 23/02/2007 18:49 <REP> InstallShield 18/03/2007 15:34 <REP> Java 26/04/2007 19:06 <REP> Logitech 25/04/2007 22:42 <REP> Microsoft Shared 24/02/2007 14:43 <REP> mozilla.org 09/02/2007 15:13 <REP> MSSoap 09/02/2007 15:41 <REP> ODBC 09/02/2007 15:13 <REP> Services 26/05/2007 16:08 <REP> Skype 09/02/2007 15:41 <REP> SpeechEngines 24/02/2007 14:21 <REP> System 0 fichier(s) 0 octets 16 Rép(s) 63 898 120 192 octets libres Le volume dans le lecteur H s'appelle SYSTEME Le numéro de série du volume est 88A8-83E3 Répertoire de H:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24/02/2007 14:22 <REP> . 24/02/2007 14:22 <REP> .. 24/02/2007 14:21 <REP> 1033 24/02/2007 14:21 <REP> 1036 11/07/2003 11:15 1 292 872 MSONSEXT.DLL 15/07/2003 07:52 35 896 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 11/07/2003 03:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 63 898 120 192 octets libres Le volume dans le lecteur H s'appelle SYSTEME Le numéro de série du volume est 88A8-83E3 Répertoire de H:\ 20/04/2007 20:40 82 647 desinstaller.exe 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 18/03/2005 05:49 1 949 696 mirc.exe 4 fichier(s) 2 203 863 octets 0 Rép(s) 63 898 116 096 octets libres ****** Fin du rapport DiagHelp

RE ME REVOILA désolé de prendre sur ton temps comme ca VundoFix V6.4.1 Checking Java version... Java version is 1.5.0.11 Scan started at 21:41:25 27/05/2007 Listing files found while scanning.... H:\WINDOWS\system32\ayadd.bak1 H:\WINDOWS\system32\ayadd.ini H:\WINDOWS\system32\ddaya.dll H:\WINDOWS\system32\hgghfgg.dll H:\WINDOWS\system32\hphgkfhj.dll H:\WINDOWS\system32\jhfkghph.ini Beginning removal... Attempting to delete H:\WINDOWS\system32\ayadd.bak1 H:\WINDOWS\system32\ayadd.bak1 Has been deleted! Attempting to delete H:\WINDOWS\system32\ayadd.ini H:\WINDOWS\system32\ayadd.ini Has been deleted! Attempting to delete H:\WINDOWS\system32\ddaya.dll H:\WINDOWS\system32\ddaya.dll Has been deleted! Attempting to delete H:\WINDOWS\system32\hgghfgg.dll H:\WINDOWS\system32\hgghfgg.dll Has been deleted! Attempting to delete H:\WINDOWS\system32\hphgkfhj.dll H:\WINDOWS\system32\hphgkfhj.dll Has been deleted! Attempting to delete H:\WINDOWS\system32\jhfkghph.ini H:\WINDOWS\system32\jhfkghph.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.4.1 Checking Java version... Java version is 1.5.0.11 Scan started at 10:04:49 28/05/2007 Listing files found while scanning.... H:\WINDOWS\system32\ayigugco.dll H:\WINDOWS\system32\iifefff.dll H:\WINDOWS\system32\ocgugiya.ini H:\WINDOWS\system32\rrutv.bak1 H:\WINDOWS\system32\rrutv.ini H:\WINDOWS\system32\vturr.dll Beginning removal... Attempting to delete H:\WINDOWS\system32\ayigugco.dll H:\WINDOWS\system32\ayigugco.dll Has been deleted! Attempting to delete H:\WINDOWS\system32\iifefff.dll H:\WINDOWS\system32\iifefff.dll Could not be deleted. Attempting to delete H:\WINDOWS\system32\ocgugiya.ini H:\WINDOWS\system32\ocgugiya.ini Has been deleted! Attempting to delete H:\WINDOWS\system32\rrutv.bak1 H:\WINDOWS\system32\rrutv.bak1 Has been deleted! Attempting to delete H:\WINDOWS\system32\rrutv.ini H:\WINDOWS\system32\rrutv.ini Could not be deleted. Attempting to delete H:\WINDOWS\system32\vturr.dll H:\WINDOWS\system32\vturr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete H:\WINDOWS\system32\iifefff.dll H:\WINDOWS\system32\iifefff.dll Has been deleted! Attempting to delete H:\WINDOWS\system32\rrutv.ini H:\WINDOWS\system32\rrutv.ini Has been deleted! Attempting to delete H:\WINDOWS\system32\vturr.dll H:\WINDOWS\system32\vturr.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.4.1 Checking Java version... Java version is 1.5.0.11 Scan started at 12:00:42 28/05/2007 Listing files found while scanning.... H:\WINDOWS\system32\ehhkj.bak1 H:\WINDOWS\system32\ehhkj.ini H:\WINDOWS\system32\hsjskkio.ini H:\WINDOWS\system32\jkhhe.dll H:\WINDOWS\system32\oikksjsh.dll H:\WINDOWS\system32\tuvwtqo.dll Beginning removal... Attempting to delete H:\WINDOWS\system32\ehhkj.bak1 H:\WINDOWS\system32\ehhkj.bak1 Has been deleted! Attempting to delete H:\WINDOWS\system32\ehhkj.ini H:\WINDOWS\system32\ehhkj.ini Has been deleted! Attempting to delete H:\WINDOWS\system32\hsjskkio.ini H:\WINDOWS\system32\hsjskkio.ini Has been deleted! Attempting to delete H:\WINDOWS\system32\jkhhe.dll H:\WINDOWS\system32\jkhhe.dll Could not be deleted. Attempting to delete H:\WINDOWS\system32\oikksjsh.dll H:\WINDOWS\system32\oikksjsh.dll Has been deleted! Attempting to delete H:\WINDOWS\system32\tuvwtqo.dll H:\WINDOWS\system32\tuvwtqo.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete H:\WINDOWS\system32\jkhhe.dll H:\WINDOWS\system32\jkhhe.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Beginning removal... Attempting to delete H:\WINDOWS\system32\rrutv.ini2 H:\WINDOWS\system32\rrutv.ini2 Has been deleted! Performing Repairs to the registry. Done!

Clean Navipromo version 2.0.2 commencé le 28/05/2007 à 15:20:23,12 Fix lancé depuis H:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression par méthode manuelle Nom du fichier saisi : hnkliswlnc *** Recherche, Creation backups et suppression *** H:\WINDOWS\system32\hnkliswlnc.dat absent ! H:\WINDOWS\system32\hnkliswlnc_nav.dat absent ! H:\WINDOWS\system32\hnkliswlnc_navps.dat absent ! H:\WINDOWS\system32\hnkliswlnc_navup.dat absent ! H:\WINDOWS\system32\hnkliswlnc_navtmp.dat absent ! H:\WINDOWS\system32\hnkliswlnc_m2s.xml absent ! H:\WINDOWS\prefetch\hnkliswlnc*.pf absent ! H:\WINDOWS\System32\hnkliswlnc.exe trouvé ! Copie H:\WINDOWS\system32\hnkliswlnc.exe réalise avec succes ! H:\WINDOWS\system32\hnkliswlnc.exe supprimé ! *** Suppression dossiers dans H:\WINDOWS *** *** Suppression dossiers dans H:\Program Files *** *** Suppression dossiers dans H:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans H:\Documents and Settings\PROPRIETAIRE\Application Data *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu H:\WINDOWS\Temp effectué ! Nettoyage contenu H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: H:\WINDOWS\system32\rrutv.ini2 trouvé ! infection Vundo possible non traité par cet outil ! 2)Recherche et Suppression Heuristique : * ** *** **** ***** ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le 28/05/2007 à 15:22:58,96 *** voila g tout fait

Clean Navipromo version 2.0.2 commencé le 28/05/2007 à 15:15:59,59 Fix lancé depuis H:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression par méthode manuelle Nom du fichier saisi : uqhjsq *** Recherche, Creation backups et suppression *** H:\WINDOWS\system32\uqhjsq.exe absent ! H:\WINDOWS\system32\uqhjsq.dat absent ! H:\WINDOWS\system32\uqhjsq_nav.dat absent ! H:\WINDOWS\system32\uqhjsq_navps.dat absent ! H:\WINDOWS\system32\uqhjsq_navup.dat absent ! H:\WINDOWS\system32\uqhjsq_navtmp.dat absent ! H:\WINDOWS\system32\uqhjsq_m2s.xml absent ! H:\WINDOWS\prefetch\uqhjsq*.pf absent ! *** Suppression dossiers dans H:\WINDOWS *** *** Suppression dossiers dans H:\Program Files *** *** Suppression dossiers dans H:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans H:\Documents and Settings\PROPRIETAIRE\Application Data *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu H:\WINDOWS\Temp effectué ! Nettoyage contenu H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: H:\WINDOWS\system32\rrutv.ini2 trouvé ! infection Vundo possible non traité par cet outil ! 2)Recherche et Suppression Heuristique : * ** *** **** ***** ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le 28/05/2007 à 15:18:40,15 ***

Clean Navipromo version 2.0.2 commencé le 28/05/2007 à 15:11:08,84 Fix lancé depuis H:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression par méthode manuelle Nom du fichier saisi : ghlomkcvn *** Recherche, Creation backups et suppression *** H:\WINDOWS\system32\ghlomkcvn.exe absent ! H:\WINDOWS\system32\ghlomkcvn.dat absent ! H:\WINDOWS\system32\ghlomkcvn_nav.dat absent ! H:\WINDOWS\system32\ghlomkcvn_navps.dat absent ! H:\WINDOWS\system32\ghlomkcvn_navup.dat absent ! H:\WINDOWS\system32\ghlomkcvn_navtmp.dat absent ! H:\WINDOWS\system32\ghlomkcvn_m2s.xml absent ! H:\WINDOWS\prefetch\ghlomkcvn*.pf absent ! *** Suppression dossiers dans H:\WINDOWS *** *** Suppression dossiers dans H:\Program Files *** *** Suppression dossiers dans H:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans H:\Documents and Settings\PROPRIETAIRE\Application Data *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu H:\WINDOWS\Temp effectué ! Nettoyage contenu H:\Documents and Settings\PROPRIETAIRE\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: H:\WINDOWS\system32\rrutv.ini2 trouvé ! infection Vundo possible non traité par cet outil ! 2)Recherche et Suppression Heuristique : *

me revoila avec le rapport, Clean Navipromo version 2.0.2 commencé le 28/05/2007 à 14:55:07,01 Fix lancé depuis H:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** Creation backups fichiers trouvés par Blacklight *** Copie vers "H:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Blacklight *** h:\WINDOWS\system32\rckpac.dat supprimé ! H:\windows\system32\rckpac.exe supprimé ! h:\WINDOWS\system32\rckpac_nav.dat supprimé ! h:\WINDOWS\system32\rckpac_navps.dat supprimé ! ** 2ème passage ** H:\WINDOWS\system32\rckpac.exe absent ! H:\WINDOWS\system32\rckpac.dat absent ! H:\WINDOWS\system32\rckpac_nav.dat absent ! H:\WINDOWS\system32\rckpac_navps.dat absent ! H:\WINDOWS\system32\rckpac_navup.dat absent ! H:\WINDOWS\system32\rckpac_navtmp.dat absent ! H:\WINDOWS\system32\rckpac_m2s.xml absent ! H:\WINDOWS\prefetch\rckpac*.pf trouvé ! Copie H:\WINDOWS\prefetch\rckpac*.pf réalise avec succes ! H:\WINDOWS\prefetch\rckpac*.pf supprimé ! *** Suppression dossiers dans H:\WINDOWS *** *** Suppression dossiers dans H:\Program Files *** H:\Program Files\MessengerSkinner ...suppression... H:\Program Files\MessengerSkinner supprimé ! *** Suppression dossiers dans H:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans H:\Documents and Settings\PROPRIETAIRE\Application Data *** ...\Application Data\MessengerSkinner ...suppression... ...\Application Data\MessengerSkinner supprimé ! *** Suppression fichiers ***

rebonjour alors voila aussito dit ,tu connais le reste Search Navipromo version 2.0.2 commencé le 28/05/2007 à 14:45:25,18 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis H:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** MessengerSkinner *** Recherche dossiers dans H:\WINDOWS *** *** Recherche dossiers dans H:\Program Files *** H:\Program Files\MessengerSkinner trouvé ! *** Recherche dossiers dans H:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans H:\Documents and Settings\PROPRIETAIRE\Application Data *** ...\Application Data\MessengerSkinner trouvé ! *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans H:\WINDOWS\system32 : h:\WINDOWS\system32\rckpac.dat H:\windows\system32\rckpac.exe h:\WINDOWS\system32\rckpac_nav.dat h:\WINDOWS\system32\rckpac_navps.dat Processus caché(s) dans H:\WINDOWS\system32 : H:\windows\system32\rckpac.exe *** Recherche fichiers *** H:\WINDOWS\pack.epk trouvé ! H:\WINDOWS\system32\nvs2.inf trouvé ! H:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! HKEY_USERS\S-1-5-21-2052111302-299502267-725345543-1003\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: H:\WINDOWS\system32\rrutv.ini2 trouvé ! infection Vundo possible non traité par cet outil ! 2)Recherche Heuristique : * H:\WINDOWS\system32\hnkliswlnc.dat trouvé ! H:\WINDOWS\system32\rckpac.dat trouvé ! ** H:\WINDOWS\system32\hnkliswlnc.dat trouvé ! H:\WINDOWS\system32\rckpac.dat trouvé ! *** **** H:\WINDOWS\system32\hnkliswlnc_navps.dat trouvé ! H:\WINDOWS\system32\rckpac_navps.dat trouvé ! ***** H:\WINDOWS\system32\hnkliswlnc_nav.dat trouvé ! H:\WINDOWS\system32\rckpac_nav.dat trouvé ! ****** ******* ******** H:\WINDOWS\system32\ghlomkcvn.exe trouvé ! H:\WINDOWS\system32\rckpac.exe trouvé ! H:\WINDOWS\system32\uqhjsq.exe trouvé ! *** Analyse Terminé le 28/05/2007 à 14:48:54,07 ***

bah oui je crois

[voila je tourne sous xp media center carte mère Property Value Model 939NF6G-VSTA Chipset Vendor Nvidia Corp Chipset Model MCP61 PCI Express bridge South Bridge MCP61 LPC Bridge CPU AMD Athlon 64 3500+ Cpu Socket Socket 939 [CPUSocket] Processor Upgrade Max CPU Speed 2200 MHz System Slots 4 PCI Memory Summary Location System board or motherboard Maximum Capacity 8192 MBytes Memory Slots 4 Error Correction None Use System memory Maximum Memory Module Size 2048 MBytes Warning! Accuracy of DMI data cannot be guaranteed pilotes sons Property Value Device ID HDAUDIO\FUNC_01VEN_10ECDEV_0888SUBSYS_18491E01REV_1000\42A024EE800001 Status 0x0180200a Started Problem 0x00000000 (0) Service IntcAzAudAddService Capabilities 0x00000000 Config Flags 0x00000000 Class MEDIA Manufacturer Realtek Hardware IDs HDAUDIO\FUNC_01VEN_10ECDEV_0888SUBSYS_18491E01REV_1000 HDAUDIO\FUNC_01VEN_10ECDEV_0888SUBSYS_18491E01 Compatible IDs HDAUDIO\FUNC_01VEN_10ECDEV_0888REV_1000 HDAUDIO\FUNC_01VEN_10ECDEV_0888 HDAUDIO\FUNC_01VEN_10EC HDAUDIO\FUNC_01 Class GUID {4D36E96C-E325-11CE-BFC1-08002BE10318} Location Internal High Definition Audio Bus Bus number 0x00000000 Enumerator name HDAUDIO Description Realtek High Definition Audio Driver {4D36E96C-E325-11CE-BFC1-08002BE10318}30 Physical Object Name \Device000088 UI number 0x0000ffff Bustype GUID {41203534-2037-3144-2042-422044362041} Legacy bus type 0x00000005 Device Type 0x0000001d Install State 0x00000000 Device Address 0x00000001 Device Configuration File h:\windows\inf\oem4.inf Used Files H:\WINDOWS\system32\ksuser.dll H:\WINDOWS\system32\ksproxy.ax H:\WINDOWS\system32\drivers\ks.sys H:\WINDOWS\system32\drivers\drmk.sys H:\WINDOWS\system32\drivers\portcls.sys H:\WINDOWS\system32\drivers\stream.sys H:\WINDOWS\system32\wdmaud.drv H:\WINDOWS\system32\drivers\RtkHDAud.sys H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\MicCal.exe H:\WINDOWS\SkyTel.exe H:\WINDOWS\system32\RTSndMgr.CPL H:\WINDOWS\SOUNDMAN.EXE H:\WINDOWS\RTLCPL.EXE H:\WINDOWS\system32\ALSNDMGR.CPL H:\WINDOWS\ALCWZRD.EXE H:\WINDOWS\system32\RTCOM\RTLCPAPI.dll H:\WINDOWS\ALCMTR.EXE H:\WINDOWS\system32\RTCOM\RTCOMDLL.dll H:\WINDOWS\RtlUpd.exe InfPath oem4.inf InfSection IntcAzAudModel InfSectionExt .NTx86 ProviderName Realtek Semiconductor Corp. DriverDateData 00 40 7C 6E FD B4 C6 01 DriverDate 8-1-2006 DriverVersion 5.10.0.5283 MatchingDeviceId hdaudio\func_01ven_10ecdev_0888 DriverDesc Realtek High Definition Audio SetupPreferredAudioDevicesCount 3 AssociatedFilters wdmaud,swmidi,redbook Driver RtkHDAud.sys Class MEDIA Contrôleurs audio, vidéo et jeu Installer32 MmSys.Cpl,MediaClassInstaller EnumPropPages32 MmSys.Cpl,MediaPropPageProvider TroubleShooter-0 hcp://help/tshoot/tssound.htm Icon 3004 LowerFilters LVUSBSta heu oui enfin je crois lol oui je croi lool

Bonjour, J ai un problème de prises jack en facade, j ai beau les avoirs activés dans le bios rien a faire qunad je branche un casque ou un micro rien ne se passe, Quelqu un pour m aider? Merci