kiff128

cool merci. p.s. je ne voit pas le bouton éditer en bas a droite. Mais le tout semble résolu bye

Salut j'ai fait le test avec trendmicro, mais a chaque fois à la fin il me demande de recoomencer le scan et ca fait 3 fois que je le fait. je suis incapable d'avoir le log. Dois-je refaire un scan... bye

désolé, lorsque j'essaie avec panda de faire un scan à l'invite: sélectionner un péréfériques, je clique sur disque local et il me marque (erreur sur la page)... Que faire. bye

ok le voici <HTML> <HEAD> <TITLE>BitDefender Online Scanner -Scan Report</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <meta name="generator" content="Namo WebEditor v5.0(Trial)"> </HEAD> <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" > <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%"> <tr> <td width="458"> <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td colspan="3" width="912"> <p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated at: Fri, Aug 10, 2007 - 12:19:44</b></span></font></p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B>Scan path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;</span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Statistics</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Time</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">00:28:33</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">128171</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Folders</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">4496</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Boot Sectors</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">2</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Archives</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">1390</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Packed Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">4216</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Results</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Identified Viruses </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">2</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Infected Files </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">3</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Suspect Files </font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Warnings</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Disinfected</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">0</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Deleted Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">3</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Engines Info</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Virus Definitions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">690664</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Engine build</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">14</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Archive plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">37</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Unpack plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">6</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">E-mail plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">6</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">System plugins</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">1</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="451" colspan="2" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scan Settings</b></font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">First Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Disinfect</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Second Action</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Delete</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Heuristics</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Enable Warnings</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scanned Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">*;</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Exclude Extensions</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2"> </font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Emails</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Archives</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Packed</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Files</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">Scan Boot</font></p> </td> <td width="43%" align="right"> <p><font face="Arial" size="2">Yes</font></p> </td> </tr> </table> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td colspan=2> <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%"> <tr> <td width="252" bgcolor="#CCCCCC"> <p><font face="Arial" size="2"><B>Scanned File</b></font></p> </td> <td width="195" bgcolor="#CCCCCC" align="right"> <p align="left"><b><font size="2" face="Arial"> Status</font></b></p> </td> </tr> <tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>BnnnnBaa.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Java.Trojan.Exploit.Bytverify</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>BnnnnBaa.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>BnnnnBaa.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>VaannnaaBaa.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Trojan.Java.Classloader.E</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>VaannnaaBaa.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>VaannnaaBaa.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>Dnnny.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Infected with: Java.Trojan.Exploit.Bytverify</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>Dnnny.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Disinfection failed</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip=>Dnnny.class</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Deleted</font></p> </td> </tr><tr> <td width="57%"> <p><font face="Arial" size="2">C:\Documents and Settings\louisp\.jpi_cache\jar\1.0\cnte-dhncgts.jar-3aaad337-3cc46343.zip</font></p> </td> <td width="43%" align="left"> <p><font face="Arial" size="2">Updated</font></p> </td> </tr> </table> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> <tr> <td width="458"> <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p> </td> <td width="40%"> <p> </p> </td> <td width="10%"> <p> </p> </td> </tr> </table> <p> </p> </body> </html>

ok j'ai fait tout les étapes demandé, mais lorsque j'arrive pour finir le scan de panda (select a device to scan), lorsque je clique sur my computer ou c:, c'est inscrit erreur sur la page, et je n'arrive pas à continuer... Alors voici pour l'instant le log hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 10:35, on 2007-08-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ULi5287\ULi5287.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\louisp\Bureau\kiff128.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [uLiRaid] "C:\Program Files\ULi5287\ULi5287.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ToshibaGLDocMon] "C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O17 - HKLM\Software\..\Telephony: DomainName = domaine.tadoussac.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) bye

Ok j'ai réussi à les effacer. voici le log ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, August 09, 2007 4:37:23 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 9/08/2007 Kaspersky Anti-Virus database records: 377697 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 40399 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 00:41:20 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys22555b5ee4ee6fefce45953e8031d0a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa6aa5bba276fb6f46667844d165ca3c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15320e40830a76b8a76b0bb8b6dc9293_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194957e52c5f5115016e353900deeb88_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29deed8c58339faf84d2c6e64b416026_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f02f8dec1475280f8584d96055faeff_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d95e529b7a8ea8ff35af102a437e5d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e2644b79d705a5deaf4a21817a0a29f_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\401554e8330b1b8dd5d48fc53d8f1e5a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db2eb9941d5e41219be7e1cad31de76_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52dd60456183257caeca9c0679dc2d14_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\551054fbb6938e9bb6f419bd1d18a02e_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f0628246e9a200ba7b6f1bbef4f38d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6965668353421d3551a19b1fc78c2f9d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7433baae6e8ccfbb3a36506a4017f44c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77dbbafb870eab5cd0f568de95e30672_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f72466f1a8829fb94948acb2351c89b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b073b4b53910dec0d082dfa1677df2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9874c95bc271a39981c71f409f745ce3_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f5194fe7b5155fbec171767e7e24c47_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a10d32d489846ec4cf695756a0298e62_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e06f2895adbc64ac9bba23998d2f3a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531bdf43aa56343302ee5528bce7cb1_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bba8a4cf4bc3956b2f33d64d34f70c86_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3f9de47b9c385ab14d5397482250a77_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c60373117870c1c0aef245ce1e2b8530_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c664193e4a7a6593c3156b45ea0a1ccd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c93bcbc3b69610322049f97e58591447_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9f5f0c3d6bc31dcbceacb6d0d7b11a8_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd29bdd6116bbf04a95973b73b0e5770_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8994ae359ed4000f52ecc64a9769754_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc6179248a37757d7414c9838c886b2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e76912a40d64ccf97618fb7da3ec7af5_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea5696826cfe5045ef098381796c04cd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f303317fe0ff938633b46369cc31845b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b9ed064103b54338d1052e46cebb6d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8dfbddb05de71965d1a52cd9b045723_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb02cbe86ec3c59940079d753687b236_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped C:\Documents and Settings\louisp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Outlook\Dossiers personnels.pst Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\MSHist012007080920070810\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DFE3E2.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\NTUSER.DAT Object is locked skipped C:\Documents and Settings\louisp\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP4\A0002287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP5\change.log Object is locked skipped C:\WINDOWS\CSC000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. bye

Oui, mais c'est fichiers je les vois pas, en fait, je crois qu'ils sont pas là... alors que faire...

Désolé j'ai eu un probleme de mot de passe, voici le log kaspersky: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, August 08, 2007 11:58:07 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 8/08/2007 Kaspersky Anti-Virus database records: 377164 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ F:\ Scan Statistics: Total number of scanned objects: 39837 Number of viruses found: 3 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 00:43:20 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys22555b5ee4ee6fefce45953e8031d0a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa6aa5bba276fb6f46667844d165ca3c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15320e40830a76b8a76b0bb8b6dc9293_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194957e52c5f5115016e353900deeb88_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29deed8c58339faf84d2c6e64b416026_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f02f8dec1475280f8584d96055faeff_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d95e529b7a8ea8ff35af102a437e5d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e2644b79d705a5deaf4a21817a0a29f_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\401554e8330b1b8dd5d48fc53d8f1e5a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db2eb9941d5e41219be7e1cad31de76_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52dd60456183257caeca9c0679dc2d14_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\551054fbb6938e9bb6f419bd1d18a02e_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f0628246e9a200ba7b6f1bbef4f38d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6965668353421d3551a19b1fc78c2f9d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7433baae6e8ccfbb3a36506a4017f44c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77dbbafb870eab5cd0f568de95e30672_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f72466f1a8829fb94948acb2351c89b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b073b4b53910dec0d082dfa1677df2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9874c95bc271a39981c71f409f745ce3_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f5194fe7b5155fbec171767e7e24c47_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a10d32d489846ec4cf695756a0298e62_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e06f2895adbc64ac9bba23998d2f3a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531bdf43aa56343302ee5528bce7cb1_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bba8a4cf4bc3956b2f33d64d34f70c86_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3f9de47b9c385ab14d5397482250a77_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c60373117870c1c0aef245ce1e2b8530_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c664193e4a7a6593c3156b45ea0a1ccd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c93bcbc3b69610322049f97e58591447_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9f5f0c3d6bc31dcbceacb6d0d7b11a8_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd29bdd6116bbf04a95973b73b0e5770_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8994ae359ed4000f52ecc64a9769754_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc6179248a37757d7414c9838c886b2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e76912a40d64ccf97618fb7da3ec7af5_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea5696826cfe5045ef098381796c04cd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f303317fe0ff938633b46369cc31845b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b9ed064103b54338d1052e46cebb6d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8dfbddb05de71965d1a52cd9b045723_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb02cbe86ec3c59940079d753687b236_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped C:\Documents and Settings\louisp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Outlook\Dossiers personnels.pst Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\MSHist012007080820070809\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\jagfbbqb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\louisp\Local Settings\Temp\tljygfbd.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DF3371.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\NTUSER.DAT Object is locked skipped C:\Documents and Settings\louisp\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP4\A0002287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP4\change.log Object is locked skipped C:\WINDOWS\CSC000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{82D6EBFF-5A3B-4AF4-B47D-EB1D05A6C66A}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_1e4.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. voici le log hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11:58, on 2007-08-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ULi5287\ULi5287.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\louisp\Bureau\kiff128.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2771DBF5-604E-46A5-A03B-C9935307CE5C} - C:\WINDOWS\system32\ssqpp.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [uLiRaid] "C:\Program Files\ULi5287\ULi5287.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ToshibaGLDocMon] "C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O17 - HKLM\Software\..\Telephony: DomainName = domaine.tadoussac.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) merci et bye

voici le log de combofix: "louisp" - 2007-08-02 11:47:43 - ComboFix 07-07-23.6 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\louisp\Bureau\cfscript.txt ((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 ))))))))))))))))))))))))))))))) 2007-08-01 13:56 <REP> d-------- C:\Program Files\7-Zip 2007-07-31 14:02 <REP> d-------- C:\Program Files\LimeWire 2007-07-27 15:34 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-07-27 15:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-07-24 11:21 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-24 09:37 <REP> d-------- C:\Program Files\Lavasoft 2007-07-24 08:49 853 --a------ C:\reboot.cmd 2007-07-24 08:49 68,096 --a------ C:\diff.exe 2007-07-24 08:49 103,424 --a------ C:\grep.exe 2007-07-24 08:30 <REP> d-------- C:\VundoFix Backups 2007-07-23 09:16 126,016 --a------ C:\WINDOWS\system32\qwqhului.dll 2007-07-20 11:25 <REP> d-------- C:\DOCUME~1\louisp\APPLIC~1\Help 2007-07-19 19:56 <REP> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help 2007-07-17 10:54 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2007-07-11 20:16 <REP> d-------- C:\DOCUME~1\louisp\APPLIC~1\U3 2007-07-11 10:18 167,936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2007-07-10 16:57 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll 2007-07-10 16:57 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2007-07-10 16:57 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll 2007-07-10 16:57 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2007-07-10 16:57 <REP> d-------- C:\Program Files\Cucusoft 2007-07-10 16:16 <REP> d-------- C:\Program Files\Avi2Dvd 2007-07-10 15:59 <REP> d-------- C:\WINDOWS\system32\embedded (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-31 18:03:44 -------- d-----w C:\DOCUME~1\louisp\APPLIC~1\LimeWire 2007-07-27 18:05:50 -------- d-----w C:\DOCUME~1\louisp\APPLIC~1\Azureus 2007-07-24 15:05:47 -------- d-----w C:\DOCUME~1\louisp\APPLIC~1\AdobeUM 2007-07-20 20:30:25 -------- d-----w C:\Program Files\Windows Live Toolbar 2007-07-20 20:08:35 -------- d-----w C:\Program Files\MalwareAlarm 2007-07-17 14:49:15 87,130 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-17 14:49:15 492,460 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-10 21:19:06 -------- d-----w C:\Program Files\WinAVI - Video - Converter 2007-07-10 20:44:33 -------- d-----w C:\DOCUME~1\louisp\APPLIC~1\Vso 2007-07-10 20:44:31 87,608 ----a-w C:\DOCUME~1\louisp\APPLIC~1\inst.exe 2007-07-10 20:44:31 47,360 -c--a-w C:\DOCUME~1\louisp\APPLIC~1\pcouffin.sys 2007-07-10 20:43:04 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-07-10 19:59:06 -------- d-----w C:\Program Files\WinAVI Video Converter 2007-06-29 22:31:43 -------- d-----w C:\Program Files\MSN Messenger 2007-06-28 12:50:12 -------- d-----w C:\Program Files\DVD Shrink 2007-06-26 18:36:25 -------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared 2007-06-26 18:36:06 -------- d-----w C:\Program Files\Boonty 2007-06-14 14:59:07 -------- d-----w C:\Program Files\KaraFun 2007-06-14 14:40:00 -------- d-----w C:\Program Files\Winamp 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-05 20:29:28 87,608 -c--a-w C:\DOCUME~1\louisp\APPLIC~1\ezpinst.exe 2004-10-01 19:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2771DBF5-604E-46A5-A03B-C9935307CE5C}] C:\WINDOWS\system32\ssqpp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05] "ULiRaid"="C:\Program Files\ULi5287\ULi5287.exe" [2005-08-23 20:59] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 21:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 18:12] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 11:35] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 11:20] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 11:39] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 11:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00] "ToshibaGLDocMon"="C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 08:04] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-04-25 17:43:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp] C:\WINDOWS\system32\ssqpp.dll R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ;"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys R3 NAVAP;NAVAP;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\HdAudio.sys S3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ;"C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ Contents of the 'Scheduled Tasks' folder 2007-07-14 19:14:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-08-02 15:09:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job 2007-08-02 06:18:01 C:\WINDOWS\tasks\MP Scheduled Scan.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-02 11:50:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... voici le log de vundofix: VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.3 Old versions of java are exploitable and should be removed. Scan started at 11:56:14 2007-08-02 Listing files found while scanning.... C:\WINDOWS\system32\ssqpp.dll Beginning removal... Performing Repairs to the registry. Done! voici le log de kaspersky ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, August 02, 2007 1:22:45 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 2/08/2007 Kaspersky Anti-Virus database records: 371240 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 39575 Number of viruses found: 4 Number of infected objects: 4 Number of suspicious objects: 0 Duration of the scan process: 00:41:46 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys22555b5ee4ee6fefce45953e8031d0a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa6aa5bba276fb6f46667844d165ca3c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15320e40830a76b8a76b0bb8b6dc9293_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194957e52c5f5115016e353900deeb88_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29deed8c58339faf84d2c6e64b416026_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f02f8dec1475280f8584d96055faeff_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d95e529b7a8ea8ff35af102a437e5d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e2644b79d705a5deaf4a21817a0a29f_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\401554e8330b1b8dd5d48fc53d8f1e5a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db2eb9941d5e41219be7e1cad31de76_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52dd60456183257caeca9c0679dc2d14_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\551054fbb6938e9bb6f419bd1d18a02e_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f0628246e9a200ba7b6f1bbef4f38d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6965668353421d3551a19b1fc78c2f9d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7433baae6e8ccfbb3a36506a4017f44c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77dbbafb870eab5cd0f568de95e30672_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f72466f1a8829fb94948acb2351c89b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b073b4b53910dec0d082dfa1677df2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9874c95bc271a39981c71f409f745ce3_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f5194fe7b5155fbec171767e7e24c47_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a10d32d489846ec4cf695756a0298e62_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e06f2895adbc64ac9bba23998d2f3a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531bdf43aa56343302ee5528bce7cb1_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bba8a4cf4bc3956b2f33d64d34f70c86_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3f9de47b9c385ab14d5397482250a77_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c60373117870c1c0aef245ce1e2b8530_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c664193e4a7a6593c3156b45ea0a1ccd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c93bcbc3b69610322049f97e58591447_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9f5f0c3d6bc31dcbceacb6d0d7b11a8_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd29bdd6116bbf04a95973b73b0e5770_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8994ae359ed4000f52ecc64a9769754_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc6179248a37757d7414c9838c886b2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e76912a40d64ccf97618fb7da3ec7af5_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea5696826cfe5045ef098381796c04cd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f303317fe0ff938633b46369cc31845b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b9ed064103b54338d1052e46cebb6d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8dfbddb05de71965d1a52cd9b045723_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb02cbe86ec3c59940079d753687b236_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineDD00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped C:\Documents and Settings\louisp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Outlook\Dossiers personnels.pst Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\MSHist012007080220070803\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\jagfbbqb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\louisp\Local Settings\Temp\tljygfbd.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DF7C3D.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DFE06E.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~WRS0000.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\NTUSER.DAT Object is locked skipped C:\Documents and Settings\louisp\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\loisirs\camp de jour\2007\HORAIRE.doc Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP2\change.log Object is locked skipped C:\WINDOWS\CSC000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\qwqhului.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_190.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. bye

cool, alors voici ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, August 01, 2007 9:37:11 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 1/08/2007 Kaspersky Anti-Virus database records: 370429 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 39117 Number of viruses found: 6 Number of infected objects: 29 Number of suspicious objects: 0 Duration of the scan process: 00:42:46 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys22555b5ee4ee6fefce45953e8031d0a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa6aa5bba276fb6f46667844d165ca3c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15320e40830a76b8a76b0bb8b6dc9293_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194957e52c5f5115016e353900deeb88_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29deed8c58339faf84d2c6e64b416026_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f02f8dec1475280f8584d96055faeff_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d95e529b7a8ea8ff35af102a437e5d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e2644b79d705a5deaf4a21817a0a29f_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\401554e8330b1b8dd5d48fc53d8f1e5a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db2eb9941d5e41219be7e1cad31de76_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52dd60456183257caeca9c0679dc2d14_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\551054fbb6938e9bb6f419bd1d18a02e_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f0628246e9a200ba7b6f1bbef4f38d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6965668353421d3551a19b1fc78c2f9d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7433baae6e8ccfbb3a36506a4017f44c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77dbbafb870eab5cd0f568de95e30672_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f72466f1a8829fb94948acb2351c89b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b073b4b53910dec0d082dfa1677df2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9874c95bc271a39981c71f409f745ce3_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f5194fe7b5155fbec171767e7e24c47_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a10d32d489846ec4cf695756a0298e62_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e06f2895adbc64ac9bba23998d2f3a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531bdf43aa56343302ee5528bce7cb1_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bba8a4cf4bc3956b2f33d64d34f70c86_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3f9de47b9c385ab14d5397482250a77_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c60373117870c1c0aef245ce1e2b8530_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c664193e4a7a6593c3156b45ea0a1ccd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c93bcbc3b69610322049f97e58591447_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9f5f0c3d6bc31dcbceacb6d0d7b11a8_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd29bdd6116bbf04a95973b73b0e5770_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8994ae359ed4000f52ecc64a9769754_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc6179248a37757d7414c9838c886b2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e76912a40d64ccf97618fb7da3ec7af5_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea5696826cfe5045ef098381796c04cd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f303317fe0ff938633b46369cc31845b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b9ed064103b54338d1052e46cebb6d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8dfbddb05de71965d1a52cd9b045723_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb02cbe86ec3c59940079d753687b236_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineDD00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped C:\Documents and Settings\louisp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Outlook\Dossiers personnels.pst Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\MSHist012007080120070802\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\Acr18FF.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\jagfbbqb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\louisp\Local Settings\Temp\tljygfbd.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DF2EF3.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DFB68D.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~WRF0001.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~WRS0000.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\5U67X6T4\PLFG4IVK\Offlinex00000001_R Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\5U67X6T4\PLFG4IVK\Offlinex00000003_R Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\5U67X6T4\PLFG4IVK\Offline\HashFile.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\NTUSER.DAT Object is locked skipped C:\Documents and Settings\louisp\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\loisirs\camp de jour\2007\HORAIRE.doc Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc1.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc10.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc11.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc12.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc13.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc14.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc15.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc16.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc17.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc18.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc19.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc2.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc3.VBN Infected: Trojan.Win32.BHO.bd skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc38.bad Infected: Trojan.Win32.BHO.bd skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc39.bad Infected: Trojan.Win32.BHO.bd skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc4.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc41.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc42.bad Infected: Trojan.Win32.BHO.bd skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc44.bad Infected: Trojan.Win32.BHO.bd skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc5.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc50.bad Infected: Trojan.Win32.BHO.bd skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc6.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc7.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc8.VBN Infected: Trojan.Win32.BHO.bd skipped C:\RECYCLER\S-1-5-21-1078081533-448539723-839522115-1129\Dc9.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP1\change.log Object is locked skipped C:\WINDOWS\CSC000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{FE4C262F-F6D0-46A1-927A-3372995B0160}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\qwqhului.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. a plus

re: j'ai fait toute les étapes, alors voici le log ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, July 31, 2007 9:02:57 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 31/07/2007 Kaspersky Anti-Virus database records: 370086 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 35575 Number of viruses found: 5 Number of infected objects: 28 Number of suspicious objects: 0 Duration of the scan process: 00:34:35 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys22555b5ee4ee6fefce45953e8031d0a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa6aa5bba276fb6f46667844d165ca3c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15320e40830a76b8a76b0bb8b6dc9293_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194957e52c5f5115016e353900deeb88_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29deed8c58339faf84d2c6e64b416026_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f02f8dec1475280f8584d96055faeff_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d95e529b7a8ea8ff35af102a437e5d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e2644b79d705a5deaf4a21817a0a29f_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\401554e8330b1b8dd5d48fc53d8f1e5a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db2eb9941d5e41219be7e1cad31de76_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52dd60456183257caeca9c0679dc2d14_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\551054fbb6938e9bb6f419bd1d18a02e_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f0628246e9a200ba7b6f1bbef4f38d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6965668353421d3551a19b1fc78c2f9d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7433baae6e8ccfbb3a36506a4017f44c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77dbbafb870eab5cd0f568de95e30672_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f72466f1a8829fb94948acb2351c89b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b073b4b53910dec0d082dfa1677df2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9874c95bc271a39981c71f409f745ce3_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f5194fe7b5155fbec171767e7e24c47_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a10d32d489846ec4cf695756a0298e62_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e06f2895adbc64ac9bba23998d2f3a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531bdf43aa56343302ee5528bce7cb1_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bba8a4cf4bc3956b2f33d64d34f70c86_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3f9de47b9c385ab14d5397482250a77_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c60373117870c1c0aef245ce1e2b8530_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c664193e4a7a6593c3156b45ea0a1ccd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c93bcbc3b69610322049f97e58591447_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9f5f0c3d6bc31dcbceacb6d0d7b11a8_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd29bdd6116bbf04a95973b73b0e5770_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8994ae359ed4000f52ecc64a9769754_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc6179248a37757d7414c9838c886b2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e76912a40d64ccf97618fb7da3ec7af5_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea5696826cfe5045ef098381796c04cd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f303317fe0ff938633b46369cc31845b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b9ed064103b54338d1052e46cebb6d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8dfbddb05de71965d1a52cd9b045723_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb02cbe86ec3c59940079d753687b236_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineA1C0000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineA1C0002.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800000.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800004.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800006.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800008.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000A.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000C.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000E.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800010.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800012.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800014.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800016.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800018.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001A.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001C.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001E.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800020.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.NK2 Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped C:\Documents and Settings\louisp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Outlook\Dossiers personnels.pst Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\MSHist012007073120070801\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\jagfbbqb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\louisp\Local Settings\Temp\tljygfbd.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DF9DB2.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~WRS0001.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\NTUSER.DAT Object is locked skipped C:\Documents and Settings\louisp\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\loisirs\camp de jour\2007\HORAIRE.doc Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP1\change.log Object is locked skipped C:\VundoFix Backups\gbemlygb.dll.bad Infected: Trojan.Win32.BHO.bd skipped C:\VundoFix Backups\gtynsjpg.dll.bad Infected: Trojan.Win32.BHO.bd skipped C:\VundoFix Backups\ksneocfe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\VundoFix Backups\mnnevytn.dll.bad Infected: Trojan.Win32.BHO.bd skipped C:\VundoFix Backups\phwgjeep.dll.bad Infected: Trojan.Win32.BHO.bd skipped C:\VundoFix Backups\qklugkqk.dll.bad Infected: Trojan.Win32.BHO.bd skipped C:\VundoFix Backups\vturqqq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\WINDOWS\CSC000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{9863FCBB-4BD7-425A-9BD4-4B27754C777F}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped Scan was interrupted by user!

bon voici le log de kaspersky je l'ai arrêté à 99 % car lorsque je le laissait aller je n'avais pas accès au log ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, July 30, 2007 10:45:20 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 30/07/2007 Kaspersky Anti-Virus database records: 369650 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 33845 Number of viruses found: 11 Number of infected objects: 122 Number of suspicious objects: 0 Duration of the scan process: 00:32:24 Infected Object Name / Virus Name / Last Action C:\avenger\backup.zip/avenger/ssqpp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped C:\avenger\backup.zip ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys22555b5ee4ee6fefce45953e8031d0a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeysa6aa5bba276fb6f46667844d165ca3c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15320e40830a76b8a76b0bb8b6dc9293_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194957e52c5f5115016e353900deeb88_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29deed8c58339faf84d2c6e64b416026_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f02f8dec1475280f8584d96055faeff_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d95e529b7a8ea8ff35af102a437e5d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e2644b79d705a5deaf4a21817a0a29f_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\401554e8330b1b8dd5d48fc53d8f1e5a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db2eb9941d5e41219be7e1cad31de76_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52dd60456183257caeca9c0679dc2d14_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\551054fbb6938e9bb6f419bd1d18a02e_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f0628246e9a200ba7b6f1bbef4f38d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6965668353421d3551a19b1fc78c2f9d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7433baae6e8ccfbb3a36506a4017f44c_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77dbbafb870eab5cd0f568de95e30672_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f72466f1a8829fb94948acb2351c89b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b073b4b53910dec0d082dfa1677df2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9874c95bc271a39981c71f409f745ce3_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f5194fe7b5155fbec171767e7e24c47_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a10d32d489846ec4cf695756a0298e62_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e06f2895adbc64ac9bba23998d2f3a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b531bdf43aa56343302ee5528bce7cb1_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bba8a4cf4bc3956b2f33d64d34f70c86_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3f9de47b9c385ab14d5397482250a77_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c60373117870c1c0aef245ce1e2b8530_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c664193e4a7a6593c3156b45ea0a1ccd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c93bcbc3b69610322049f97e58591447_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9f5f0c3d6bc31dcbceacb6d0d7b11a8_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd29bdd6116bbf04a95973b73b0e5770_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8994ae359ed4000f52ecc64a9769754_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc6179248a37757d7414c9838c886b2a_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e76912a40d64ccf97618fb7da3ec7af5_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea5696826cfe5045ef098381796c04cd_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f303317fe0ff938633b46369cc31845b_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b9ed064103b54338d1052e46cebb6d_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8dfbddb05de71965d1a52cd9b045723_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb02cbe86ec3c59940079d753687b236_99371218-b110-4b13-aa79-4a3a38107756 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine1400000.VBN Infected: Trojan.Win32.Agent.anr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine19C0000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine1C00000.VBN Infected: Trojan.Win32.Agent.aoy skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4200000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4800002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine5380000.VBN Infected: Trojan.Win32.Agent.aoy skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine57C0000.VBN Infected: Trojan.Win32.Agent.aoy skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine5800000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine5840000.VBN Infected: Trojan.Win32.Agent.anr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine5840002.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine5EC0001.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine6040000.VBN Infected: Trojan.Win32.Agent.aoy skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine6040001.VBN Infected: Trojan.Win32.Agent.aoy skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine6100000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine6100001.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine7700000.VBN Infected: Trojan.Win32.Agent.aoy skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine78C0000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine78C0001.VBN Infected: Trojan.Win32.Agent.anr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8780000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8A80000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8A80001.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8A80002.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8A80003.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8A80004.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8A80005.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B00001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B00002.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B00003.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B00004.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B00005.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B00006.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8B80000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8BC0000.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00001.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00004.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00005.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00006.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8C00007.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8CC0000.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8DC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8DC0001.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8EC0000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine8F40000.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine9080000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine9240000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine9240001.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine9D40000.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine9E40000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine9F00000.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine9F40000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineA1C0000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineA1C0002.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineB140000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineB300000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineB3C0000.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineB700000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineCF80000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineCFC0000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineD040000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineD340000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineD340000.VBN ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineD340000.VBN CryptZ: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE700000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE780000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800000.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800001.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800004.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800005.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800006.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800007.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800008.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800009.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000A.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000B.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000C.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000D.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000E.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80000F.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800010.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800011.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800012.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800013.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800014.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800015.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800016.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800017.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800018.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800019.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001A.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001B.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001C.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001D.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001E.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE80001F.VBN Infected: Trojan.Win32.BHO.bd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800020.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\QuarantineE800021.VBN Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped C:\Documents and Settings\louisp\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped C:\Documents and Settings\louisp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Outlook\Dossiers personnels.pst Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Historique\History.IE5\MSHist012007073020070731\index.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\jagfbbqb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped C:\Documents and Settings\louisp\Local Settings\Temp\tljygfbd.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped C:\Documents and Settings\louisp\Local Settings\Temp\uyvcwcdm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DF97D.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~DFF12.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~WRD0001.doc Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temp\~WRS0000.tmp Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\louisp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\louisp\NTUSER.DAT Object is locked skipped C:\Documents and Settings\louisp\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\loisirs\volley-ball\pub journal.doc Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vturqqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP414\A0055222.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP414\A0055223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP415\A0057270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP419\A0060682.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP419\A0060683.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP420\A0062740.exe Infected: IM-Worm.Win32.VB.be skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP423\A0064848.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP428\A0070452.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP428\A0070453.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP428\A0070455.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP428\A0070456.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP428\A0070458.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP428\A0070459.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{049A845D-D47C-4F0F-A41E-A2A87FDFD18F}\RP429\A0070821.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped Scan was interrupted by user!

Ah encore des problème, avec kaspersky, il détecte 11 virus, pour 208 fichiers infectés. Mais malheureusement je n'arrive pas a avoir le log, il me marque (erreur sur la page), donc impossible de te donner le log. Que faire maintenant.

log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 15:32, on 2007-07-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ULi5287\ULi5287.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\DOCUME~1\louisp\LOCALS~1\Temp\Rar$EX00.875\kiff128.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2771DBF5-604E-46A5-A03B-C9935307CE5C} - C:\WINDOWS\system32\ssqpp.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [uLiRaid] "C:\Program Files\ULi5287\ULi5287.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ToshibaGLDocMon] "C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe" O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O17 - HKLM\Software\..\Telephony: DomainName = domaine.tadoussac.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domaine.tadoussac.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe je t'envoi dans quelques minutes le log de kaspersky, c'est assez long

15:19: Removal process completed. Elapsed time 00:00:10 15:19: Quarantining All Traces: zedo cookie 15:19: Quarantining All Traces: xiti cookie 15:19: Quarantining All Traces: burstbeacon cookie 15:19: Quarantining All Traces: weborama cookie 15:19: Quarantining All Traces: tribalfusion cookie 15:19: Quarantining All Traces: statcounter cookie 15:19: Quarantining All Traces: serving-sys cookie 15:19: Quarantining All Traces: partypoker cookie 15:19: Quarantining All Traces: overture cookie 15:19: Quarantining All Traces: mediaplex cookie 15:19: Quarantining All Traces: imrworldwide.com cookie 15:19: Quarantining All Traces: fastclick cookie 15:19: Quarantining All Traces: burstnet cookie 15:19: Quarantining All Traces: bs.serving-sys cookie 15:19: Quarantining All Traces: bluestreak cookie 15:19: Quarantining All Traces: atlas dmt cookie 15:19: Quarantining All Traces: advertising cookie 15:19: Quarantining All Traces: addynamix cookie 15:19: Quarantining All Traces: adecn cookie 15:19: Quarantining All Traces: yieldmanager cookie 15:19: Quarantining All Traces: 2o7.net cookie 15:19: Quarantining All Traces: 247realmedia cookie 15:19: Quarantining All Traces: syswebtelecom 15:19: Quarantining All Traces: trojan-phisher-metafisher 15:18: Removal process initiated 15:16: Traces Found: 28 15:16: Full Sweep has completed. Elapsed time 00:15:05 15:16: File Sweep Complete, Elapsed Time: 00:12:19 15:14: Warning: Failed to access drive E: 15:14: Warning: Failed to access drive D: 15:04: Starting File Sweep 15:04: Warning: Failed to access drive A: 15:03: Cookie Sweep Complete, Elapsed Time: 00:00:02 15:03: c:\documents and settings\louisp\cookies\louisp@zedo[1].txt (ID = 3762) 15:03: Found Spy Cookie: zedo cookie 15:03: c:\documents and settings\louisp\cookies\louisp@xiti[1].txt (ID = 3717) 15:03: Found Spy Cookie: xiti cookie 15:03: c:\documents and settings\louisp\cookies\louisp@www.burstnet[1].txt (ID = 2337) 15:03: c:\documents and settings\louisp\cookies\louisp@www.burstbeacon[1].txt (ID = 2335) 15:03: Found Spy Cookie: burstbeacon cookie 15:03: c:\documents and settings\louisp\cookies\louisp@weborama[2].txt (ID = 3658) 15:03: Found Spy Cookie: weborama cookie 15:03: c:\documents and settings\louisp\cookies\louisp@tribalfusion[1].txt (ID = 3589) 15:03: Found Spy Cookie: tribalfusion cookie 15:03: c:\documents and settings\louisp\cookies\louisp@statcounter[1].txt (ID = 3447) 15:03: Found Spy Cookie: statcounter cookie 15:03: c:\documents and settings\louisp\cookies\louisp@serving-sys[2].txt (ID = 3343) 15:03: Found Spy Cookie: serving-sys cookie 15:03: c:\documents and settings\louisp\cookies\louisp@partypoker[2].txt (ID = 3111) 15:03: Found Spy Cookie: partypoker cookie 15:03: c:\documents and settings\louisp\cookies\louisp@partygaming.122.2o7[1].txt (ID = 1958) 15:03: c:\documents and settings\louisp\cookies\louisp@overture[1].txt (ID = 3105) 15:03: Found Spy Cookie: overture cookie 15:03: c:\documents and settings\louisp\cookies\louisp@network-ca.247realmedia[1].txt (ID = 1954) 15:03: c:\documents and settings\louisp\cookies\louisp@msnportal.112.2o7[1].txt (ID = 1958) 15:03: c:\documents and settings\louisp\cookies\louisp@mediaplex[1].txt (ID = 6442) 15:03: Found Spy Cookie: mediaplex cookie 15:03: c:\documents and settings\louisp\cookies\louisp@imrworldwide[2].txt (ID = 2845) 15:03: Found Spy Cookie: imrworldwide.com cookie 15:03: c:\documents and settings\louisp\cookies\louisp@fastclick[1].txt (ID = 2651) 15:03: Found Spy Cookie: fastclick cookie 15:03: c:\documents and settings\louisp\cookies\louisp@burstnet[2].txt (ID = 2336) 15:03: Found Spy Cookie: burstnet cookie 15:03: c:\documents and settings\louisp\cookies\louisp@bs.serving-sys[1].txt (ID = 2330) 15:03: Found Spy Cookie: bs.serving-sys cookie 15:03: c:\documents and settings\louisp\cookies\louisp@bluestreak[2].txt (ID = 2314) 15:03: Found Spy Cookie: bluestreak cookie 15:03: c:\documents and settings\louisp\cookies\louisp@atdmt[2].txt (ID = 2253) 15:03: Found Spy Cookie: atlas dmt cookie 15:03: c:\documents and settings\louisp\cookies\louisp@advertising[2].txt (ID = 2175) 15:03: Found Spy Cookie: advertising cookie 15:03: c:\documents and settings\louisp\cookies\louisp@ads.addynamix[1].txt (ID = 2062) 15:03: Found Spy Cookie: addynamix cookie 15:03: c:\documents and settings\louisp\cookies\louisp@adecn[1].txt (ID = 2063) 15:03: Found Spy Cookie: adecn cookie 15:03: c:\documents and settings\louisp\cookies\louisp@ad.yieldmanager[2].txt (ID = 3751) 15:03: Found Spy Cookie: yieldmanager cookie 15:03: c:\documents and settings\louisp\cookies\louisp@2o7[1].txt (ID = 1957) 15:03: Found Spy Cookie: 2o7.net cookie 15:03: c:\documents and settings\louisp\cookies\louisp@247realmedia[1].txt (ID = 1953) 15:03: Found Spy Cookie: 247realmedia cookie 15:03: Starting Cookie Sweep 15:03: Registry Sweep Complete, Elapsed Time:00:00:30 15:03: HKU\S-1-5-21-1078081533-448539723-839522115-1129\software\sponsoradulto2\ (ID = 143576) 15:03: Found Adware: syswebtelecom 15:03: HKLM\software\microsoft\windows\currentversion\control panel\load\ (ID = 1150937) 15:03: Found Trojan Horse: trojan-phisher-metafisher 15:03: Starting Registry Sweep 15:03: Memory Sweep Complete, Elapsed Time: 00:02:03 15:01: Starting Memory Sweep 15:01: Sweep initiated using definitions version 734 15:01: Spy Sweeper 5.0.7.1608 started 15:01: | Start of Session, 2007-07-27 | ******** 15:01: | End of Session, 2007-07-27 | Keylogger Shield: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites Shield: Off Hosts File Shield: On Spy Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 14:56: Shield States 14:56: Spyware Definitions: 734 14:55: Spy Sweeper 5.0.7.1608 started 14:55: Spy Sweeper 5.0.7.1608 started 14:55: | Start of Session, 2007-07-27 | ********