bauert1

Bonjour, j'ai fait un scan avec spybot en mode sans échec pour me rassurer et il trouve encore Premium Search (pourtant supprimé plusieurs fois!). Est-ce normal? Est-ce dangereux? Comment s'en débarrasser. Voici le rapport Spybot: Merci pour votre aide --- Report generated: 2008-04-03 13:11 --- PremiumSearch: [sBI $DB786E08] Réglages (Valeur du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\^^^^^.exe PremiumSearch: [sBI $33759B22] Réglages (Valeur du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\^^^^^.exe Common Dialogs: History (144 files) (Clé du registre, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU MS Office 9.0: Recently used files (158 files) (Répertoire, nothing done) C:\Documents and Settings\Justine\Application Data\Microsoft\Office\Récents\ Log: Activity: COM+.log (Sauver le fichier, nothing done) C:\WINDOWS\COM+.log Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done) C:\WINDOWS\SchedLgU.Txt Log: Activity: imsins.log (Sauver le fichier, nothing done) C:\WINDOWS\imsins.log Log: Activity: OEWABLog.txt (Sauver le fichier, nothing done) C:\WINDOWS\OEWABLog.txt Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done) C:\WINDOWS\ntbtlog.txt Log: Install: comsetup.log (Sauver le fichier, nothing done) C:\WINDOWS\comsetup.log Log: Install: Directx.log (Sauver le fichier, nothing done) C:\WINDOWS\Directx.log Log: Install: ocgen.log (Sauver le fichier, nothing done) C:\WINDOWS\ocgen.log Log: Install: setupact.log (Sauver le fichier, nothing done) C:\WINDOWS\setupact.log Log: Install: setupapi.log (Sauver le fichier, nothing done) C:\WINDOWS\setupapi.log Log: Install: wmsetup.log (Sauver le fichier, nothing done) C:\WINDOWS\wmsetup.log Log: Install: DtcInstall.log (Sauver le fichier, nothing done) C:\WINDOWS\DtcInstall.log Log: Shutdown: System32\wbem\logs\mofcomp.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\mofcomp.log Log: Shutdown: System32\wbem\logs\setup.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\setup.log Log: Shutdown: System32\wbem\logs\wbemcore.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemcore.log Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.lo_ Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemprox.log Log: Shutdown: System32\wbem\logs\wmiadap.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiadap.log Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Internet Explorer: [sBI $FF589D0C] Download directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Internet Explorer\Download Directory Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [sBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [sBI $D5C3373A] AutoComplete data (21 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Internet Explorer\IntelliForms\SPW MS Management Console: [sBI $ECD50EAD] Recent command list (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Microsoft Management Console\Recent File List MS Media Player: [sBI $E48560B4] Recent file list (9 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\MediaPlayer\Player\RecentFileList MS Media Player: [sBI $E48560B4] Recent file list (9 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\Player\RecentFileList MS Media Player: [sBI $735D57D7] Recent open directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir MS Media Player: [sBI $656F1808] Search terms history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch MS Media Player: [sBI $8E65C0EE] Last opened playlist (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist MS Media Player: [sBI $1BDA487B] Last selected track index (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex MS Media Player: [sBI $6D2E50D8] Last selected node (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode MS Media Player: [sBI $3B9B7B9A] Last CD record path (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath MS Media Player: [sBI $3B46EBCE] Manually modified tags history (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit MS Media Player: [sBI $3B46EBCE] Manually modified tags history (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit MS ClipArt Gallery 9.0: [sBI $6804DCA8] Used cliparts (12 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\ClipArt Gallery\2.0\MRUDescription MS Direct3D: [sBI $7FB7B83F] Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [sBI $C2A44980] Most recent application (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [sBI $EB49D5AF] Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name MS DirectInput: [sBI $9A063C91] Most recent application (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\DirectInput\MostRecentApplication\Name MS DirectInput: [sBI $7B184199] Most recent application ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\DirectInput\MostRecentApplication\Id MS Office 9.0: [sBI $4F7FBCC4] Internet history (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\Common\Internet\LocationOfComponents MS Office 9.0: [sBI $DE9A4E33] Access recent file (5 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Office\9.0\Access\Settings MS Office 9.0: [sBI $DE9A4E33] Access recent file (5 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\Access\Settings MS Office 9.0 (Start Assistant): [sBI $15C49593] Last opened file directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\Osa\FindFile\Place MS Office 9.0 (Publisher): [sBI $5745AD9E] Recent file list #1 (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\Publisher\Recent File List MS Office 9.0 (Word): [sBI $EC31BB71] Recently used file list (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\Word\Data\Settings MS Office 9.0 (Excel): [sBI $E49B52E1] Recent files (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\Excel\Recent Files MS Office 9.0 (PowerPoint): [sBI $43C6507A] Recent file list (6 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Office\9.0\PowerPoint\Recent File List MS Office 9.0 (PowerPoint): [sBI $43C6507A] Recent file list (9 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\PowerPoint\Recent File List MS Office 9.0 (PowerPoint): [sBI $D94CCD1A] Recent folder list (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Office\9.0\PowerPoint\RecentFolderList MS Fax: [sBI $F2D1A0E8] Last country ID (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Fax\UserInfo\LastCountryID MS Fax: [sBI $8F651DE1] Last recipient name (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Fax\UserInfo\LastRecipientName MS Fax: [sBI $17E7FB0C] Last recipient number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Fax\UserInfo\LastRecipientNumber MS Paint: [sBI $07867C39] Recent file list (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List MS Paint: [sBI $07867C39] Recent file list (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List MS Regedit: [sBI $C3B62FC1] Recent open key (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey MS Search Assistant: [sBI $AE0C4647] Typed search terms history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Search Assistant\ACMru Windows: [sBI $1E4E2003] Drivers installation paths (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows.OpenWith: [sBI $16E309E0] Open with list - .ASF extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList Windows.OpenWith: [sBI $6CBE8CD7] Open with list - .ASP extension (5 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASP\OpenWithList Windows.OpenWith: [sBI $F7204896] Open with list - .AVI extension (6 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: [sBI $F7204896] Open with list - .AVI extension (7 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: [sBI $9130BCC8] Open with list - .AVS extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVS\OpenWithList Windows.OpenWith: [sBI $A1C94E79] Open with list - .BMP extension (6 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList Windows.OpenWith: [sBI $A1C94E79] Open with list - .BMP extension (6 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList Windows.OpenWith: [sBI $C92C6763] Open with list - .BUP extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList Windows.OpenWith: [sBI $63036C95] Open with list - .CAB extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList Windows.OpenWith: [sBI $9E8D5C8A] Open with list - .CDA extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList Windows.OpenWith: [sBI $9E8D5C8A] Open with list - .CDA extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList Windows Explorer: [sBI $A2C7B3CD] Recent wallpaper list (233 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU Windows Explorer: [sBI $A2C7B3CD] Recent wallpaper list (492 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU Windows Explorer: [sBI $7308A845] Run history (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: [sBI $7308A845] Run history (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: [sBI $AA0766B5] Stream history (32 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [sBI $AA0766B5] Stream history (191 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [sBI $2026AFB6] User Assistant history IE (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_ADMINISTRATEUR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [sBI $2026AFB6] User Assistant history IE (20 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [sBI $2026AFB6] User Assistant history IE (30 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [sBI $6107D172] User Assistant history files (5 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_ADMINISTRATEUR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [sBI $6107D172] User Assistant history files (190 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [sBI $6107D172] User Assistant history files (225 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [sBI $B7EBA926] Last visited history (13 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_C_COMPAQ_PROPRIéTAIRE\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: [sBI $B7EBA926] Last visited history (24 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: [sBI $D20DA0AD] Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: [sBI $D20DA0AD] Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [sBI $37AAEDE6] Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [sBI $CAA58B6E] Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [sBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: [sBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-591516869-615884283-4180725258-1008\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: [sBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Cookie: Cookie (1) (Cookie, nothing done) Cache: Cache (3) (Cache, nothing done) History: Historique (1) (Historique, nothing done) --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8. 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2006-01-27 unins000.exe (51.41.0.0) 2008-04-01 unins001.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2008-04-02 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-04-02 Includes\DialerC.sbi (*) 2008-04-02 Includes\HeavyDuty.sbi (*) 2008-03-19 Includes\Hijackers.sbi (*) 2008-04-02 Includes\HijackersC.sbi (*) 2008-02-27 Includes\Keyloggers.sbi (*) 2008-04-02 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-03-26 Includes\Malware.sbi (*) 2008-04-02 Includes\MalwareC.sbi (*) 2008-03-26 Includes\PUPS.sbi (*) 2008-04-02 Includes\PUPSC.sbi (*) 2008-04-02 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-04-02 Includes\SecurityC.sbi (*) 2008-04-02 Includes\Spybots.sbi (*) 2008-04-02 Includes\SpybotsC.sbi (*) 2007-11-06 Includes\Tracks.uti (*) 2008-04-02 Includes\Trojans.sbi (*) 2008-04-02 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll

voici les rapports: 1/ ewido (1 infection) 2/ Antivir (3 infections provenant d'un dossier zip "catchme" du bureau ) merci pour votre aide __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Adware.ClickMedia Path: C:\WINDOWS\Downloaded Program Files\installer2.dll Risk: Medium AntiVir PersonalEdition Classic Report file date: mercredi 2 avril 2008 17:24 Scanning for 1174697 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Justine Computer name: JUSTINE-JM Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 08:55:33 ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 08:55:33 ANTIVIR3.VDF : 7.0.3.107 90624 Bytes 02/04/2008 10:20:52 AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 01/04/2008 08:55:33 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/04/2008 08:55:35 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 2 avril 2008 17:24 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '24' files ). Starting the file scan: Begin scan in 'C:\' <PRESARIO> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Justine\Bureau\catchme.zip [0] Archive type: ZIP --> ^^^^^.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> ^^^^^.exe.1 [DETECTION] Is the Trojan horse TR/Trash.Gen --> ^^^^^.exe.3 [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! Begin scan in 'D:\' <PRESARIO_RP> End of the scan: mercredi 2 avril 2008 20:17 Used time: 2:53:36 min The scan has been done completely. 4817 Scanning directories 332532 Files were scanned 3 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 332529 Files not concerned 13294 Archives were scanned 1 Warnings 0 Notes

voici les raports: 1/MSNFix 2/ SDFix 3/ nouveau rapport HJT Merci pour votre aide MSNFix 1.696 C:\Documents and Settings\Justine\Bureau\MSNFix Fix exécuté le 02/04/2008 - 14:58:51,32 By Justine mode normal ************************ Recherche les fichiers présents ... C:\WINDOWS\system32\^^^^^.exe ... C:\WINDOWS\system32\^^^^^.exe ... C:\log.txt ... C:\WINDOWS\system32\real.txt ************************ Recherche les dossiers présents Aucun dossier trouvé ************************ Suppression des fichiers .. OK ... C:\WINDOWS\system32\^^.exe /!\ ... C:\WINDOWS\system32\^^^^^.exe /!\ ... C:\WINDOWS\system32\^^^^^.exe /!\ ... C:\WINDOWS\system32\^^^^^.exe /!\ ... C:\WINDOWS\system32\^^^^^.exe .. OK ... C:\log.txt .. OK ... C:\WINDOWS\system32\real.txt ************************ Nettoyage du registre Les fichiers encore présents seront supprimés au prochain redémarrage Aucun Fichier trouvé .. OK ... C:\WINDOWS\system32\^^.exe ************************ Fichiers suspects Aucun Fichier trouvé Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02042008_15022562.zip ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- SDFix: Version 1.165 Run by Justine on 02/04/2008 at 15:15 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-02 15:43:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 32 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France" "C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Disabled:backWeb-7288971" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\^^^^^.exe"="C:\\WINDOWS\\system32\\^^^^^.exe:*:Enabled:Flash Media" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 11 Nov 2004 196 A.SHR --- "C:\BOOT.BAK" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Sun 5 Dec 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 29 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283db0233c4a98f2fd08a0\BIT82.tmp" Fri 16 Mar 2007 30,720 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL0211.tmp" Wed 28 Nov 2007 33,576,448 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL0753.tmp" Sun 12 Aug 2007 23,380,992 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL0775.tmp" Wed 13 Jun 2007 22,665,216 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL0867.tmp" Fri 15 Jun 2007 22,689,280 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL0910.tmp" Wed 22 Aug 2007 35,948,032 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL0955.tmp" Tue 6 Feb 2007 56,832 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL0978.tmp" Sun 4 Nov 2007 58,368 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL1138.tmp" Mon 10 Sep 2007 33,847,808 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL1392.tmp" Wed 22 Aug 2007 35,946,496 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL1980.tmp" Wed 18 Oct 2006 228,352 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL2106.tmp" Wed 18 Oct 2006 182,272 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL2240.tmp" Fri 16 Mar 2007 27,136 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL2332.tmp" Wed 22 Aug 2007 35,942,912 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL2552.tmp" Fri 15 Jun 2007 22,687,744 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL2638.tmp" Sat 21 Jul 2007 23,347,200 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL2715.tmp" Wed 22 Aug 2007 35,942,400 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL2991.tmp" Sun 12 Aug 2007 23,383,552 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3080.tmp" Wed 28 Nov 2007 33,576,960 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3180.tmp" Sun 12 Aug 2007 23,383,040 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3327.tmp" Sun 4 Nov 2007 14,290,432 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3388.tmp" Sun 4 Nov 2007 56,320 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3401.tmp" Sun 4 Nov 2007 44,544 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3674.tmp" Fri 15 Jun 2007 22,689,280 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3711.tmp" Wed 26 Apr 2006 582,144 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL3922.tmp" Sat 16 Apr 2005 71,168 ...H. --- "C:\Documents and Settings\Justine\Application Data\Microsoft\Word\~WRL4041.tmp" Fri 14 Jan 2005 45,056 A..H. --- "C:\Documents and Settings\Justine\Mes documents\Cours D3\Chirurgie Limbour\~WRL0040.tmp" Fri 14 Jan 2005 45,568 A..H. --- "C:\Documents and Settings\Justine\Mes documents\Cours D3\Chirurgie Limbour\~WRL1249.tmp" Fri 14 Jan 2005 44,544 A..H. --- "C:\Documents and Settings\Justine\Mes documents\Cours D3\Chirurgie Limbour\~WRL1527.tmp" Fri 14 Jan 2005 45,056 A..H. --- "C:\Documents and Settings\Justine\Mes documents\Cours D3\Chirurgie Limbour\~WRL2023.tmp" Fri 14 Jan 2005 45,056 A..H. --- "C:\Documents and Settings\Justine\Mes documents\Cours D3\Chirurgie Limbour\~WRL2727.tmp" Wed 27 Oct 2004 54,272 A..H. --- "C:\Documents and Settings\Justine\Mes documents\Cours D3\Chirurgie Limbour\~WRL3345.tmp" Tue 11 Jan 2005 43,008 A..H. --- "C:\Documents and Settings\Justine\Mes documents\Cours D3\Chirurgie Limbour\~WRL3522.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:56:46, on 02/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Justine\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing) O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192460243812 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C10100AA-859E-4322-84AB-530970F23309}: NameServer = 86.64.145.140,84.103.237.141 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6993 bytes

voila le rapport hijackthis. Antivir a détecté le trojan TR/Crypt.ULPM.Gen au démarrage en mode normal Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:00, on 02/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\LVComsX.exe C:\Documents and Settings\Justine\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^^^^^.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing) O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_0\Ghost (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192460243812 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C10100AA-859E-4322-84AB-530970F23309}: NameServer = 86.64.145.140,84.103.237.141 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6803 bytes

Bonjour à tous, Depuis quelques jours ma copine a attrapé ces 2 saletés probablement sur Windows live messenger en cliquant sur une adresse bidon... J'ai suivi la procédure de désinfection windows de votre site mais malgré cela, spybot détecte à nouveau ce deux trojan à chaque scan en mode sans échec. En plus, l'ordi ne veut pas s'éteindre (la seule option qui fonctionne est de couper l'alimentation car il est bloqué sur l'écran de fermeture). Que faut-il faire? dois-je poster un rapport HijackThis? Merci

Bonsoir J'avais bien suivi la procédure précédente à la lettre La nouvelle procédure a bien tout enlevé! Le nouveau scan avec Kapersky indique qu'il n'y a pas de malware! Merci beaucoup! Que dois-je faire maintenent de: - TeaTimer de Spybot - AVG anti-spyware - HijackThis - ATF Cleaner - F-secure blacklight remarque: j'ai Avast, ZoneAlarm et Spamilator Avez-vous des astuces pour améliorer la réactivité de Firefox? Merci encore

Bonsoir wong, J'ai bien réalisé votre procédure pour la restauration de système. Le scan avec Kapersky semble détecter un problème avec la restauration système. J'ai effectué une défragmentation de disque avec Diskeeper (freeware) quelques jours avant que le système et la navigation soit ralentie, après votre dernier post j'ai fais un nettoyage de disque. Le système et la navigation sont toujours aussi lents (ex: plusieurs secondes avant d'avoir une réaction du navigateur lorsque je clique sur un autre onglet). Voila le rapport Kapersky: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, December 06, 2007 9:06:28 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/12/2007 Kaspersky Anti-Virus database records: 474036 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 70476 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 02:22:10 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Fabien\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Historique\History.IE5\MSHist012007120620071207\index.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Temp\AcrFFA7.tmp Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Fabien\ntuser.dat Object is locked skipped C:\Documents and Settings\Fabien\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{0BFC8808-09B3-44AF-A951-5AA053C5E033}\RP3\A0000934.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\System Volume Information\_restore{0BFC8808-09B3-44AF-A951-5AA053C5E033}\RP3\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MAISON-V997I128.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_608.dat Object is locked skipped C:\WINDOWS\Temp\ZLT013a5.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT06b7b.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Bonsoir Wong, Ce qui tourne au ralenti, c'est mon ordinateur et firefox, IE fonctionne aussi de manière un peu ralentie mais c'est moins net. Il semblerait que cette saleté soit toujours présente! Merci pour votre aide voici le rapport HijackThis: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, December 01, 2007 11:01:42 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 1/12/2007 Kaspersky Anti-Virus database records: 469906 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 70307 Number of viruses found: 2 Number of infected objects: 5 Number of suspicious objects: 0 Duration of the scan process: 01:33:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Fabien\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Historique\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Fabien\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Fabien\ntuser.dat Object is locked skipped C:\Documents and Settings\Fabien\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Navilog1\Backupnavi\kieaaukheb.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{0BFC8808-09B3-44AF-A951-5AA053C5E033}\RP10\change.log Object is locked skipped C:\System Volume Information\_restore{0BFC8808-09B3-44AF-A951-5AA053C5E033}\RP9\A0001153.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\System Volume Information\_restore{0BFC8808-09B3-44AF-A951-5AA053C5E033}\RP9\A0001164.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{0BFC8808-09B3-44AF-A951-5AA053C5E033}\RP9\A0001317.exe/file7 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{0BFC8808-09B3-44AF-A951-5AA053C5E033}\RP9\A0001317.exe Inno: infected - 1 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_660.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Bonjour wong, L'analyse AVG AS n'a détecté aucun fichier infecté (donc pas de rapport) C'est un véritable plaisir de naviguer sur Firefox sans aucun plantage!! Merci encore pour votre aide! Par contre, la navigation est assez ralentie ces derniers temps, pourriez-vous m'indiquer un (ou plusieurs) lien pour améliorer la réactivité de firefox (et de mon ordinateur...)? Merci Je vous donne le rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:37:10, on 01/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic] C:\Documents and Settings\Fabien\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ajouter au tueur de pub - C:\Documents and Settings\Fabien\Mes documents\bazar\Config\myie20927\config/blacklist.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155985234693 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6150 bytes

voila le rapport hijackthis j'ai eu 2 fenètres d'erreur pdt le scan, j'ai cliqué 2 fois sur ok et le scan s'est poursuivi (je n'ai rien compris et je ne sais pas faire de capture d'écran pour vous montrer le fenètres qui sont apparues!) Par contre je n'ai pas correctement suivi votre procédure lors de ce premier scan (j'ai oublié d'aller dans format, etc), je vous présente donc le rapport du 2è scan (pour lequel j'ai suivi vote procédure à la lettre) Merci de ce que vous ferez Cordialement Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:47:25, on 30/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic] C:\Documents and Settings\Fabien\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ajouter au tueur de pub - C:\Documents and Settings\Fabien\Mes documents\bazar\Config\myie20927\config/blacklist.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155985234693 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6138 bytes

voila le rapport navilog ça semble en bonne voie merci pour votre rapidité! Clean Navipromo version 3.3.6 commencé le 30/11/2007 à 15:15:13,55 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Mode suppression automatique *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" Copie C:\WINDOWS\system32\kieaaukheb.dat réalisé avec succès ! Copie C:\WINDOWS\system32\kieaaukheb.exe réalisé avec succès ! Copie C:\WINDOWS\system32\kieaaukheb_nav.dat réalisé avec succès ! Copie C:\WINDOWS\system32\kieaaukheb_navps.dat réalisé avec succès ! Copie C:\WINDOWS\system32\kieaaukheb_navup.dat réalisé avec succès ! *** Suppression des fichiers trouvés avec Catchme *** C:\WINDOWS\system32\kieaaukheb.dat supprimé ! C:\WINDOWS\system32\kieaaukheb.exe supprimé ! C:\WINDOWS\system32\kieaaukheb_nav.dat supprimé ! C:\WINDOWS\system32\kieaaukheb_navps.dat supprimé ! C:\WINDOWS\system32\kieaaukheb_navup.dat supprimé ! ** 2ème passage avec résultats Catchme ** C:\WINDOWS\prefetch\kieaaukheb*.pf trouvé ! Copie C:\WINDOWS\prefetch\kieaaukheb*.pf réalisé avec succès ! C:\WINDOWS\prefetch\kieaaukheb*.pf supprimé ! *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans C:\DOCUME~1\FABIEN\LOCALS~1\APPLIC~1 * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\Fabien\Application Data *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Fabien\Local Settings\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche, création sauvegardes et suppression Heuristique : *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisé avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! *** Nettoyage terminé le 30/11/2007 à 15:21:23,03 ***

Pouvez-vous analyser le rapport suivant et me donner la marche a suivre. Attention, je ne suis peu expérimenté en informatique! Merci beaucoup pour votre aide Search Navipromo version 3.3.6 commencé le 30/11/2007 à 11:57:38,84 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Fabien\Application Data *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\WINDOWS\system32\kieaaukheb.dat C:\WINDOWS\system32\kieaaukheb.exe C:\WINDOWS\system32\kieaaukheb_nav.dat C:\WINDOWS\system32\kieaaukheb_navps.dat C:\WINDOWS\system32\kieaaukheb_navup.dat Processus caché(s) : C:\WINDOWS\system32\kieaaukheb.exe *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans C:\DOCUME~1\FABIEN\LOCALS~1\APPLIC~1 * *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : 3)Recherche Certificats : Certificat Egroup trouvé ! *** Analyse terminée le 30/11/2007 à 11:59:13,12 ***