potto75011

merci pour votre aide et encoe merci

voila le rapport merci Saturday, December 01, 2007 12:36:33 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 1/12/2007 Kaspersky Anti-Virus database records: 469725 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 64976 Number of viruses found 1 Number of infected objects 6 Number of suspicious objects 0 Duration of the scan process 00:36:57 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\daniel\Bureau\nmsl.exe Infected: Backdoor.Win32.Agent.cnn skipped C:\Documents and Settings\daniel\Cookies\index.dat Object is locked skipped C:\Documents and Settings\daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\daniel\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\daniel\ntuser.dat Object is locked skipped C:\Documents and Settings\daniel\NtUser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\sss2s.exe Infected: Backdoor.Win32.Agent.cnn skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{3ACDE207-D4B7-4497-9158-2F8C4C7A2AA7}\RP130\A0020393.exe Infected: Backdoor.Win32.Agent.cnn skipped C:\System Volume Information\_restore{3ACDE207-D4B7-4497-9158-2F8C4C7A2AA7}\RP131\A0020416.exe Infected: Backdoor.Win32.Agent.cnn skipped C:\System Volume Information\_restore{3ACDE207-D4B7-4497-9158-2F8C4C7A2AA7}\RP131\A0020432.exe Infected: Backdoor.Win32.Agent.cnn skipped C:\System Volume Information\_restore{3ACDE207-D4B7-4497-9158-2F8C4C7A2AA7}\RP132\A0021503.exe Infected: Backdoor.Win32.Agent.cnn skipped C:\System Volume Information\_restore{3ACDE207-D4B7-4497-9158-2F8C4C7A2AA7}\RP134\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{8A1F19D3-4990-4C34-9952-16914465D6EA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

oui

bonjour charles et bruce lee je vous répéte qu'il n'est pas dans mon bureau et en + j'ai fouillé tous les dossiers de mon bureau un par un merci

re malheureusement je ne trouve pas le fichier en question

MSNFix 1.593 C:\Documents and Settings\daniel\Mes documents\MSNFix\MSNFix Fix exécuté le 28/11/2007 - 13:50:20,95 By daniel mode normal ************************ Recherche les fichiers présents ... C:\WINDOWS\system32\dllcache\jucheck.exe ... C:\WINDOWS\picts-0173.zip ... C:\WINDOWS\picts-0734.zip ... C:\WINDOWS\picts-1862.zip ... C:\WINDOWS\picts-2426.zip ... C:\WINDOWS\picts-3102.zip ... C:\WINDOWS\picts-4804.zip ... C:\WINDOWS\picts-5372.zip ... C:\WINDOWS\picts-5387.zip ... C:\WINDOWS\picts-5842.zip ... C:\WINDOWS\picts-6659.zip ... C:\WINDOWS\picts-6741.zip ... C:\WINDOWS\picts-7251.zip ... C:\WINDOWS\picts-7412.zip ... C:\WINDOWS\picts-7723.zip ... C:\WINDOWS\picts-7724.zip ... C:\WINDOWS\picts-8496.zip ... C:\WINDOWS\picts-8649.zip ... C:\WINDOWS\picts-8814.zip ... C:\WINDOWS\picts-9502.zip ... C:\WINDOWS\picts-9628.zip ... C:\WINDOWS\picts-0173.zip ... C:\WINDOWS\picts-0734.zip ... C:\WINDOWS\picts-1862.zip ... C:\WINDOWS\picts-2426.zip ... C:\WINDOWS\picts-3102.zip ... C:\WINDOWS\picts-4804.zip ... C:\WINDOWS\picts-5372.zip ... C:\WINDOWS\picts-5387.zip ... C:\WINDOWS\picts-5842.zip ... C:\WINDOWS\picts-6659.zip ... C:\WINDOWS\picts-6741.zip ... C:\WINDOWS\picts-7251.zip ... C:\WINDOWS\picts-7412.zip ... C:\WINDOWS\picts-7723.zip ... C:\WINDOWS\picts-7724.zip ... C:\WINDOWS\picts-8496.zip ... C:\WINDOWS\picts-8649.zip ... C:\WINDOWS\picts-8814.zip ... C:\WINDOWS\picts-9502.zip ... C:\WINDOWS\picts-9628.zip ... C:\WINDOWS\picts-0173.zip ... C:\WINDOWS\picts-0734.zip ... C:\WINDOWS\picts-1862.zip ... C:\WINDOWS\picts-2426.zip ... C:\WINDOWS\picts-3102.zip ... C:\WINDOWS\picts-4804.zip ... C:\WINDOWS\picts-5372.zip ... C:\WINDOWS\picts-5387.zip ... C:\WINDOWS\picts-5842.zip ... C:\WINDOWS\picts-6659.zip ... C:\WINDOWS\picts-6741.zip ... C:\WINDOWS\picts-7251.zip ... C:\WINDOWS\picts-7412.zip ... C:\WINDOWS\picts-7723.zip ... C:\WINDOWS\picts-7724.zip ... C:\WINDOWS\picts-8496.zip ... C:\WINDOWS\picts-8649.zip ... C:\WINDOWS\picts-8814.zip ... C:\WINDOWS\picts-9502.zip ... C:\WINDOWS\picts-9628.zip ************************ MSNCHK ***** /!\ beta test /!\ [!] C:\WINDOWS\picts-0173.zip is INFECTED [!] C:\WINDOWS\picts-0734.zip is INFECTED [!] C:\WINDOWS\picts-1862.zip is INFECTED [!] C:\WINDOWS\picts-2426.zip is INFECTED [!] C:\WINDOWS\picts-3102.zip is INFECTED [!] C:\WINDOWS\picts-4804.zip is INFECTED [!] C:\WINDOWS\picts-5372.zip is INFECTED [!] C:\WINDOWS\picts-5387.zip is INFECTED [!] C:\WINDOWS\picts-5842.zip is INFECTED [!] C:\WINDOWS\picts-6659.zip is INFECTED [!] C:\WINDOWS\picts-6741.zip is INFECTED [!] C:\WINDOWS\picts-7251.zip is INFECTED [!] C:\WINDOWS\picts-7412.zip is INFECTED [!] C:\WINDOWS\picts-7723.zip is INFECTED [!] C:\WINDOWS\picts-7724.zip is INFECTED [!] C:\WINDOWS\picts-8496.zip is INFECTED [!] C:\WINDOWS\picts-8649.zip is INFECTED [!] C:\WINDOWS\picts-8814.zip is INFECTED [!] C:\WINDOWS\picts-9502.zip is INFECTED [!] C:\WINDOWS\picts-9628.zip is INFECTED ************************ Recherche les dossiers présents ... C:\Temp\ ************************ Suppression des fichiers /!\ ... C:\WINDOWS\system32\dllcache\jucheck.exe .. OK ... C:\WINDOWS\picts-0173.zip .. OK ... C:\WINDOWS\picts-0734.zip .. OK ... C:\WINDOWS\picts-1862.zip .. OK ... C:\WINDOWS\picts-2426.zip .. OK ... C:\WINDOWS\picts-3102.zip .. OK ... C:\WINDOWS\picts-4804.zip .. OK ... C:\WINDOWS\picts-5372.zip .. OK ... C:\WINDOWS\picts-5387.zip .. OK ... C:\WINDOWS\picts-5842.zip .. OK ... C:\WINDOWS\picts-6659.zip .. OK ... C:\WINDOWS\picts-6741.zip .. OK ... C:\WINDOWS\picts-7251.zip .. OK ... C:\WINDOWS\picts-7412.zip .. OK ... C:\WINDOWS\picts-7723.zip .. OK ... C:\WINDOWS\picts-7724.zip .. OK ... C:\WINDOWS\picts-8496.zip .. OK ... C:\WINDOWS\picts-8649.zip .. OK ... C:\WINDOWS\picts-8814.zip .. OK ... C:\WINDOWS\picts-9502.zip .. OK ... C:\WINDOWS\picts-9628.zip .. OK ... C:\WINDOWS\picts-0173.zip .. OK ... C:\WINDOWS\picts-0734.zip .. OK ... C:\WINDOWS\picts-1862.zip .. OK ... C:\WINDOWS\picts-2426.zip .. OK ... C:\WINDOWS\picts-3102.zip .. OK ... C:\WINDOWS\picts-4804.zip .. OK ... C:\WINDOWS\picts-5372.zip .. OK ... C:\WINDOWS\picts-5387.zip .. OK ... C:\WINDOWS\picts-5842.zip .. OK ... C:\WINDOWS\picts-6659.zip .. OK ... C:\WINDOWS\picts-6741.zip .. OK ... C:\WINDOWS\picts-7251.zip .. OK ... C:\WINDOWS\picts-7412.zip .. OK ... C:\WINDOWS\picts-7723.zip .. OK ... C:\WINDOWS\picts-7724.zip .. OK ... C:\WINDOWS\picts-8496.zip .. OK ... C:\WINDOWS\picts-8649.zip .. OK ... C:\WINDOWS\picts-8814.zip .. OK ... C:\WINDOWS\picts-9502.zip .. OK ... C:\WINDOWS\picts-9628.zip .. OK ... C:\WINDOWS\picts-0173.zip .. OK ... C:\WINDOWS\picts-0734.zip .. OK ... C:\WINDOWS\picts-1862.zip .. OK ... C:\WINDOWS\picts-2426.zip .. OK ... C:\WINDOWS\picts-3102.zip .. OK ... C:\WINDOWS\picts-4804.zip .. OK ... C:\WINDOWS\picts-5372.zip .. OK ... C:\WINDOWS\picts-5387.zip .. OK ... C:\WINDOWS\picts-5842.zip .. OK ... C:\WINDOWS\picts-6659.zip .. OK ... C:\WINDOWS\picts-6741.zip .. OK ... C:\WINDOWS\picts-7251.zip .. OK ... C:\WINDOWS\picts-7412.zip .. OK ... C:\WINDOWS\picts-7723.zip .. OK ... C:\WINDOWS\picts-7724.zip .. OK ... C:\WINDOWS\picts-8496.zip .. OK ... C:\WINDOWS\picts-8649.zip .. OK ... C:\WINDOWS\picts-8814.zip .. OK ... C:\WINDOWS\picts-9502.zip .. OK ... C:\WINDOWS\picts-9628.zip ************************ Suppression des dossiers .. OK ... C:\Temp\ ************************ Nettoyage du registre Les fichiers encore présents seront supprimés au prochain redémarrage ************************ Suppression des fichiers .. OK ... C:\WINDOWS\system32\dllcache\jucheck.exe Les fichiers encore présents seront supprimés au prochain redémarrage Aucun Fichier trouvé ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\sss2s.exe] 1115ACFC99C30152EC3B0DACA16194CB [C:\WINDOWS\system32\nmsl.exe] 1115ACFC99C30152EC3B0DACA16194CB ==> SVP merci d'envoyer le fichier C:\DOCUME~1\daniel\Bureau\Upload_Me.zip sur http://upload.changelog.fr Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28112007_17072954.zip ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- voici mon rapport msn fix avant la procedure

bonjour voici mon rapport hijack après procédure je vous enverrai le reste par la suite Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:39:27, on 29/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trust\MI-3500X WIRELESS MOUSE\Mouse32a.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\jojo\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-3500X WIRELESS MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- merci d'avance

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:35, on 28/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nmsl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trust\MI-3500X WIRELESS MOUSE\Mouse32a.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\jojo\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-3500X WIRELESS MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Windows Network Management and Security Layer (NMSL) - Unknown owner - C:\WINDOWS\system32\nmsl.exe -- End of file - 5577 bytes voila mon rapport après scan msn fix et nettoyage merci beaucoup

bonjour hier je tchatais sur msn et qq'un m'a di regarde mes photos j'ai accepté et depuis antivir me signale un virus HEUR DBLEXT on m'a di de vous donner le rapport d'hijackthis: le voila merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:27:54, on 28/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Logi_MwX.Exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trust\MI-3500X WIRELESS MOUSE\Mouse32a.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\dllcache\jucheck.exe C:\WINDOWS\system32\dllcache\jucheck.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nmsl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\daniel\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-3500X WIRELESS MOUSE\Mouse32a.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Windows Network Management and Security Layer (NMSL) - Unknown owner - C:\WINDOWS\system32\nmsl.exe -- End of file - 5922 bytes repondez moi svp