djimzak

Bon j'ai fais une mauvaise manipulation et j'ai efface tout ce qu'il y avait en quarantaine.... Donc plus de trace de rien je supose, j'ai bien trouve a rapport mais il date d'hier soir le dernier scan que j'ai fait je ne sais pas si cela sera utile ? le voila AntiVir PersonalEdition Classic Report file date: Monday, August 20, 2007 16:55 Scanning for 1029439 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Djimira Computer name: COMPY Version information: BUILD.DAT : 247 14437 Bytes 5/10/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 4/20/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 3/27/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 3/27/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 3/19/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 5/31/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 7/10/2007 14:48:49 ANTIVIR2.VDF : 6.39.1.15 1451008 Bytes 8/17/2007 14:48:49 ANTIVIR3.VDF : 6.39.1.24 37376 Bytes 8/20/2007 14:48:49 AVEWIN32.DLL : 7.4.1.62 2724352 Bytes 8/20/2007 14:48:51 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 3/27/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/20/2007 14:48:51 AVREG.DLL : 7.0.1.2 31784 Bytes 3/15/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 3/27/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 5/2/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 3/13/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 3/19/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Monday, August 20, 2007 16:55 Starting search for hidden objects. '51170' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'AnyDVD.exe' - '1' Module(s) have been scanned Scan process 'DkIcon.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'DkService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '7' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Djimira.COMPY\Desktop\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> nircmd.exe [DETECTION] Contains signature of the application APPL/NirCmd.1 [iNFO] The file was deleted! C:\Documents and Settings\Djimira.COMPY\My Documents\Djim\Portable software !!\Tools\RockXP4.zip [0] Archive type: ZIP --> RockXP4.exe [DETECTION] Contains signature of the dropper DR/PSW.PWDump.2.13 [1] Archive type: RAR SFX (self extracting) --> pwdump2\pwdump2.exe [DETECTION] Contains signature of the SPR/Hcktl.Samdump.1 program --> pwdump2\samdump.dll [DETECTION] Contains signature of the SPR/PSW.PWDump.2.17 program [WARNING] The file was ignored! C:\WINDOWS\nircmd.exe [DETECTION] Contains signature of the application APPL/NirCmd.1 [iNFO] The file was deleted! Begin scan in 'D:\' Search path D:\ could not be opened! The device is not ready. End of the scan: Monday, August 20, 2007 17:27 Used time: 31:48 min The scan has been done completely. 7076 Scanning directories 195540 Files were scanned 5 viruses and/or unwanted programs were found 0 classified as suspicious: 2 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 195535 Files not concerned 1213 Archives were scanned 3 Warnings 0 Notes 0 Hidden objects were found

Salut J'ai supprime C:\WINDOWS\system32\drivers\etc\ hosts.20070813-113040.backup[/b Desole je ne suis vraiment pas tres bon en ordi, mais je n'arrive pas a trouve le rapport complet d'antivir, juste le rapport du derniere scan, et ce rapport ne tient pas compte de tout ce qu'antivir a trouve depuis !!! peux tu me dire comment je peux te poste ca, encore desole d'etre aussi nul Merci

Bonjour, et encore merci de t'occupe de "mon cas" il semble que ce virus soit parti, je ne le vois plus dans le system et il est en quarantaine dans mon anti virus. Es vraiment fini ? Merci

J'ai fait l'analyse sur Kaspersky Voici le rapport Antivir m'a trouve beaucoup de virus pendant kaspersky 47 en tout, veux tu voir cette liste ? Merci d'avance ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, August 21, 2007 10:57:12 PM Systטme d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Derniטre mise א jour de la base antivirus Kaspersky : 21/08/2007 Enregistrements dans la base antivirus Kaspersky : 362886 ------------------------------------------------------------------------------- Paramטtres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ Statistiques de l'analyse: Total d'objets analysיs: 74833 Nombre de virus trouvיs: 1 Nombre d'objets infectיs: 1 / 0 Nombre d'objets suspects: 0 Durיe de l'analyse: 01:04:11 Nom de l'objet infectי / Nom du virus / Derniטre action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX1a 2001 JPN.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX1a 2003 JPN.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX1a 2003.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX3 2002 JPN.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX3 2003 JPN.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\PDFX3 2003.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\Rich Content PDF.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\High Quality Print.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\PDFX1a 2001.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\PDFX3 2002.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Press Quality.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Smallest File Size.joboptions L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\desktop.ini L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini L'objet est verrouillי ignorי C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Cookies\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Local Settings\History\History.IE5\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Local Settings\History\History.IE5\MSHist012007082120070822\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\ntuser.dat L'objet est verrouillי ignorי C:\Documents and Settings\Djimira.COMPY\ntuser.dat.LOG L'objet est verrouillי ignorי C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillי ignorי C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillי ignorי C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillי ignorי C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillי ignorי C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillי ignorי C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillי ignorי C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillי ignorי C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillי ignorי C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillי ignorי C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillי ignorי C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\change.log L'objet est verrouillי ignorי C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillי ignorי C:\WINDOWS\SchedLgU.Txt L'objet est verrouillי ignorי C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillי ignorי C:\WINDOWS\Sti_Trace.log L'objet est verrouillי ignorי C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillי ignorי C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillי ignorי C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillי ignorי C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillי ignorי C:\WINDOWS\system32\config\default.LOG L'objet est verrouillי ignorי C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SAM L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SECURITY L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillי ignorי C:\WINDOWS\system32\config\software.LOG L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillי ignorי C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillי ignorי C:\WINDOWS\system32\config\system.LOG L'objet est verrouillי ignorי C:\WINDOWS\system32\drivers\etc\hosts.20070813-113040.backup Infectי : Trojan.Win32.Qhost.mg ignorי C:\WINDOWS\system32\h323log.txt L'objet est verrouillי ignorי C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillי ignorי C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillי ignorי C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillי ignorי C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillי ignorי C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillי ignorי C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillי ignorי C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillי ignorי C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillי ignorי C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat L'objet est verrouillי ignorי C:\WINDOWS\wiadebug.log L'objet est verrouillי ignorי C:\WINDOWS\wiaservc.log L'objet est verrouillי ignorי C:\WINDOWS\WindowsUpdate.log L'objet est verrouillי ignorי Analyse terminיe.

Salut, alors voila le rapport de smitfraudfix merci d'avance SmitFraudFix v2.214 Scan done at 20:51:09.65, Tue 08/21/2007 Run from C:\Documents and Settings\Djimira.COMPY\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 62.146.66.181 dl1.avgate.net 62.146.66.182 dl2.avgate.net 62.146.66.183 dl3.avgate.net 62.146.66.184 dl4.avgate.net 80.190.143.235 dl5.avgate.net 62.146.66.178 dl7.avgate.net »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF2D90E3-2A8C-4030-9863-A30E79CB6423}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning not selected. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Reboot C:\WINDOWS\system32\hanonvt.ini Please, Reboot and Run SmitfraudFix option 2 once again. »»»»»»»»»»»»»»»»»»»»»»»» End et voila le rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 8:56:05 PM, on 8/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\NOTEPAD.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Djimira.COMPY\Desktop\HijackThis.exe O1 - Hosts: 62.146.66.181 dl1.avgate.net O1 - Hosts: 62.146.66.182 dl2.avgate.net O1 - Hosts: 62.146.66.183 dl3.avgate.net O1 - Hosts: 62.146.66.184 dl4.avgate.net O1 - Hosts: 80.190.143.235 dl5.avgate.net O1 - Hosts: 62.146.66.178 dl7.avgate.net O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8 Professional\Net Burner Service\NetBurnerService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarOpen - SigmaTel, Inc. - (no file) O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

Salut et merci a toi d'etre patient, alors j'ai suivi ta notice mais je n'ai pas reussi a tout faire. Et maintenant que je suis de retour en mode normal j'ai les meme problemes. Etapes trois - quand je clic sur "fix check" dans hijackthis, un message apparait: an unexpected error has occurred at procedure : modBackup(sItem=AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini) Please email me......... Etape cinq - impossible d'efface C:\WINDOWS\system32\hanonvt.ini il revient automatiquement pas trouver de dossier C:\WINDOWS\system32\vtr167.dll et pas trouver egalement C:\Documents and settings\djimir.........\funkru merci de m'aider Ici le rapport du scan --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:16:06 PM 8/21/2007 + Scan result: C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned. C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned. C:\QooBox\Quarantine\C\WINDOWS\system32\hanonvt.ini.vir -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP124\A0011713.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP125\A0011893.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\A0012997.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\A0015008.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\A0017041.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0017068.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0017138.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0017150.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\A0017151.ini -> Downloader.Agent.bxx : Cleaned. C:\WINDOWS\system32\hanonvt.ini -> Downloader.Agent.bxx : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\A0013003.exe -> Heuristic.Win32.AVKiller : Cleaned. C:\Documents and Settings\Djimira.COMPY\Cookies\djimira@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Djimira.COMPY\Cookies\djimira@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned. ::Report end rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 7:30:57 PM, on 8/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CodeStuff\Starter\Starter.exe C:\Documents and Settings\Djimira.COMPY\Desktop\HijackThis.exe O1 - Hosts: 62.146.66.181 dl1.avgate.net O1 - Hosts: 62.146.66.182 dl2.avgate.net O1 - Hosts: 62.146.66.183 dl3.avgate.net O1 - Hosts: 62.146.66.184 dl4.avgate.net O1 - Hosts: 80.190.143.235 dl5.avgate.net O1 - Hosts: 62.146.66.178 dl7.avgate.net O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8 Professional\Net Burner Service\NetBurnerService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarOpen - SigmaTel, Inc. - (no file) O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

Bonjour, encore, encore moi, desole mais la je suis un peu dans la merde avec ce nouvelle antivirus, antivir, il me bloque, presque, a l'ouverture de windows il envoye des messages, par dixiene pour m'avertir qu'il y a le virus "hanonvt". Apres je ne peux plus rien faire, j'ai un mal fou a arreter leur processus. Je suis donc sans anti virus, j'espere que c'est ok tant que je reste sur votre cite et uniquement sur votre cite ??? merci de m'eclaire bye

Encore moi desole, j'ai change d'anti virus comme preconise dans le forum mais maintenant je ne peux pas le mettre en route autrement cela ralenti enorment l'ordi, et plein de fenetres d'alerte au virus arrive. "hanonvt.ini , le fameux. C'est normal ou mon antivir n'est pas bien configure? Merci, car je suis sans antivirus pour le moment !!

salut et encore merci, alors voila j'ai fait tout ce que tu m'a dis et voila le rapport de combfix et j'ai eu ca aussi avent - combofix-quarantined-files.txt 2007-08-20 21:16 6144 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hanonvt.ini.vir Folder PATH listing Volume serial number is 84F7-3EDC C:\QOOBOX \---Quarantine +---C | \---WINDOWS | \---system32 | hanonvt.ini.vir | \---Registry_backups et donc voila re rapport ComboFix 07-08-17.2 - "Djimira" 2007-08-20 21:43:21.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.259 [GMT 2:00] Command switches used :: C:\Documents and Settings\Djimira.COMPY\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\hanonvt.ini c:\docume~1\djimir~1.com\applic~1\funkru~1 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\hanonvt.ini ((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 ))))))))))))))))))))))))))))))) 2007-08-20 21:34 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-20 16:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic 2007-08-19 13:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft 2007-08-19 13:51 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-19 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc 2007-08-16 14:06 1,750 --a------ C:\WINDOWS\system32\tmp.reg (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-20 14:01 --------- d-------- C:\Program Files\eMule 2007-08-18 21:09 --------- d-------- C:\DOCUME~1\DJIMIR~1.COM\APPLIC~1\Skype 2007-08-16 14:09 --------- d-------- C:\Program Files\Captura 2007-08-13 12:01 77312 --a------ C:\WINDOWS\ua2.dll 2007-08-13 11:34 --------- d-------- C:\Program Files\Ad-Aware SE 2007-08-12 01:16 --------- d-------- C:\DOCUME~1\DJIMIR~1.COM\APPLIC~1\Babylon 2007-07-30 17:39 --------- d-------- C:\Program Files\DeepBurner Pro 2007-07-19 08:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 16:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 16:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 12:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll 2006-11-19 12:55:31 104 -csh--r C:\WINDOWS\system32\3B836925C6.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 18:38] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-11-18 02:23] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "Logoff"=0 (0x0) "StartMenuLogOff"=0 (0x0) "NoClose"=0 (0x0) "NoRun"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "Logoff"=0 (0x0) "StartMenuLogOff"=0 (0x0) "NoClose"=0 (0x0) "NoRun"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsNetHood"=0 (0x0) "NoSMHelp"=1 (0x1) "NoInstrumentation"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsNetHood"=0 (0x0) "NoSMHelp"=1 (0x1) "NoUserNameInStartMenu"=1 (0x1) "NoInstrumentation"=1 (0x1) "NoSharedDocuments"=1 (0x1) "StartMenuLogOff"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R1 NetBurn;Paragon NetBurning Driver;C:\WINDOWS\system32\DRIVERS\NetBurn.sys R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys S3 Brndis;External USB Cable Modem;C:\WINDOWS\system32\DRIVERS\Brndis.sys S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS S3 NetBurnerService;Net Burner iSCSI Service;C:\Program Files\Paragon Software\Drive Backup 8 Professional\Net Burner Service\NetBurnerService.exe S3 pcwe;pcwe;\??\G:\usb software\Systeme\Info Win\pcwizard\pcwizard.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86ec6e32-fd6b-11db-ba41-0014a50bb748}] AutoRun\command- .\Recycled\Driveinfo.exe Open\Command- .\Recycled\Driveinfo.exe Contents of the 'Scheduled Tasks' folder 2007-08-20 16:00:00 C:\WINDOWS\Tasks\A918C0CA97CF737E.job - c:\docume~1\djimir~1.com\applic~1\funkru~1\User ping jugs.exe 2007-08-10 16:55:40 C:\WINDOWS\Tasks\Maintenance en 1 clic.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-20 21:46:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-20 21:48:24 C:\ComboFix-quarantined-files.txt ... 2007-08-20 21:48 --- E O F ---

Salut j'ai telecharge ELIBAGLA puis je l'ai ouvert en mode sans echecinfo Voila donc le Sat.txt Mon Aug 20 15:23:57 2007 EliBagle v10.47 ©2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Mon Aug 20 15:24:28 2007 EliBagle v10.47 ©2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Merci d'avance

ok merci, donc voila le rapport de "combofix" Merci d'avance ComboFix 07-08-17.2 - "Djimira" 2007-08-20 11:02:32.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.231 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 ))))))))))))))))))))))))))))))) 2007-08-20 10:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-19 20:06 <DIR> d-------- C:\hijackthis 2007-08-19 13:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft 2007-08-19 13:51 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-19 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc 2007-08-16 14:06 1,502 --a------ C:\WINDOWS\system32\tmp.reg (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-20 00:52 --------- d-------- C:\Program Files\eMule 2007-08-18 21:09 --------- d-------- C:\DOCUME~1\DJIMIR~1.COM\APPLIC~1\Skype 2007-08-16 14:09 --------- d-------- C:\Program Files\Captura 2007-08-13 12:01 77312 --a------ C:\WINDOWS\ua2.dll 2007-08-13 11:34 --------- d-------- C:\Program Files\Ad-Aware SE 2007-08-12 01:16 --------- d-------- C:\DOCUME~1\DJIMIR~1.COM\APPLIC~1\Babylon 2007-07-30 17:39 --------- d-------- C:\Program Files\DeepBurner Pro 2007-07-28 00:07 783224 --a--c--- C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a--c--- C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-19 08:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 16:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 16:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 16:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 16:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 16:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 16:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 16:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 16:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 16:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 16:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 16:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 16:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 16:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 16:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 16:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 16:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 16:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 16:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 16:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 16:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 12:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll 2006-11-19 12:55:31 104 -csh--r C:\WINDOWS\system32\3B836925C6.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 18:38] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-11-18 02:23] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "Logoff"=0 (0x0) "StartMenuLogOff"=0 (0x0) "NoClose"=0 (0x0) "NoRun"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "Logoff"=0 (0x0) "StartMenuLogOff"=0 (0x0) "NoClose"=0 (0x0) "NoRun"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsNetHood"=0 (0x0) "NoSMHelp"=1 (0x1) "NoInstrumentation"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsNetHood"=0 (0x0) "NoSMHelp"=1 (0x1) "NoUserNameInStartMenu"=1 (0x1) "NoInstrumentation"=1 (0x1) "NoSharedDocuments"=1 (0x1) "StartMenuLogOff"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys R1 NetBurn;Paragon NetBurning Driver;C:\WINDOWS\system32\DRIVERS\NetBurn.sys R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 Brndis;External USB Cable Modem;C:\WINDOWS\system32\DRIVERS\Brndis.sys S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS S3 NetBurnerService;Net Burner iSCSI Service;C:\Program Files\Paragon Software\Drive Backup 8 Professional\Net Burner Service\NetBurnerService.exe S3 pcwe;pcwe;\??\G:\usb software\Systeme\Info Win\pcwizard\pcwizard.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86ec6e32-fd6b-11db-ba41-0014a50bb748}] AutoRun\command- .\Recycled\Driveinfo.exe Open\Command- .\Recycled\Driveinfo.exe Contents of the 'Scheduled Tasks' folder 2007-08-20 09:00:00 C:\WINDOWS\Tasks\A918C0CA97CF737E.job - c:\docume~1\djimir~1.com\applic~1\funkru~1\User ping jugs.exe 2007-08-10 16:55:40 C:\WINDOWS\Tasks\Maintenance en 1 clic.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-20 11:08:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-20 11:12:03 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-20 11:11 --- E O F ---

Bonjour apres de multiple scan, ad-aware, spybote, et autre en ligne j'ai toujours des traces de printer.exe, je n'ai pas axces aux panneau de configuration. Voici mon rapport, Svp pour analyse merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 8:09:40 PM, on 8/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8 Professional\Net Burner Service\NetBurnerService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarOpen - SigmaTel, Inc. - (no file)

Bonjour, voila j'ai un petit probleme je ne peux plus ouvrir mon "control panel" mon ordi est en anglais! J'ai bien trouve il y a deux trois jours "printer.exe" en fonctionement, je l'ai arreter. Mais le problem persiste. Voici mon rapport hijack, je l'ai fait en suivant toute les instruction, j'ai telecharge antivir, puis installe en safe mode puis...... comme il est ecris dans un des posts. merci de votre aide Logfile of HijackThis v1.99.1 Scan saved at 8:09:40 PM, on 8/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe C:\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8 Professional\Net Burner Service\NetBurnerService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarOpen - SigmaTel, Inc. - (no file)

bonjour j'ai un petit probleme, j'ai trouve "printer.exe" que j'ai suprime avec "starter" ou du moin j'ai cru arreter le programme! mais je n'ai toujours pas axces a tout mon ordi. Ici le rapport hijackthis merci de m'aide Logfile of HijackThis v1.99.1 Scan saved at 2:21:28 PM, on 8/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8 Professional\Net Burner Service\NetBurnerService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarOpen - SigmaTel, Inc. - (no file)